Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili.com virus


  • This topic is locked This topic is locked
33 replies to this topic

#1 chris744

chris744

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 04:23 PM

Hi, recently I click some links in Google, it brings me to either happili.com or http://63.209.69.107. I deleted some virus found by AVAST and the problem still the same. Here is my hijackthis log. Can someone help me please? Thank you very much!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:17:29 PM, on 4/13/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chris\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06433BFE-4946-4E89-823D-CD359C81CD06} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KeyKeyServer] "K:\KeyKeyServer.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: DOWNLOADWITH - file://C:\Users\Chris\Desktop\MiPony.V1.10\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12632 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 04:36 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 06:43 PM

Hi Gringo, thank you for helping me. Here is the log of DDS. Also, there was a blue screen saying that hard disk crash after installing ad-aware and clicking some links from Google. I just search something from Google, it directed me to http://click.get-answers-fast.com.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Chris at 18:01:21 on 2012-04-13
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {06433BFE-4946-4E89-823D-CD359C81CD06} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {92B255FE-94E2-4BCA-958D-3926CE38913F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Octoshape Streaming Services] "C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [KeyKeyServer] "K:\KeyKeyServer.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: DOWNLOADWITH - file://C:\Users\Chris\Desktop\MiPony.V1.10\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{61EECA39-4590-40C2-8052-079E758AD727} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {06433BFE-4946-4E89-823D-CD359C81CD06} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {92B255FE-94E2-4BCA-958D-3926CE38913F} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No File
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [KeyKeyServer] "K:\KeyKeyServer.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iyka7phi.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-8-26 44768]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-31 133104]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-31 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-4-11 155320]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-1 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-13 21:13:04 -------- d-----w- C:\Users\Chris\AppData\Local\{12A2889D-9633-49D9-A660-A796413B53FB}
2012-04-13 21:12:34 -------- d-----w- C:\Users\Chris\AppData\Local\{9BB5FDBA-BD06-4A6C-BF60-309B9658B806}
2012-04-13 02:44:58 -------- d-----w- C:\Program Files\iPod
2012-04-13 02:44:56 -------- d-----w- C:\Program Files\iTunes
2012-04-13 02:44:56 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-13 02:01:56 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AE1A070-56D6-4D10-8AE8-5EB38FBB2F53}\mpengine.dll
2012-04-13 01:42:57 -------- d-----w- C:\Users\Chris\AppData\Local\{8DA46549-B186-4A59-9003-A084DDCCE5E5}
2012-04-13 01:42:26 -------- d-----w- C:\Users\Chris\AppData\Local\{50E1443F-1CB3-4C4C-A1E8-19AF1C7E3908}
2012-04-12 01:04:14 -------- d-----w- C:\Program Files (x86)\Sony
2012-04-12 00:42:51 -------- d-----w- C:\Users\Chris\AppData\Local\{6064C569-7FD8-4E61-A500-19EA193DDABD}
2012-04-12 00:42:32 -------- d-----w- C:\Users\Chris\AppData\Local\{2D8BA189-8DC1-4DB5-B25E-4F22ADBB2E08}
2012-04-11 03:22:12 -------- d-----w- C:\Users\Chris\AppData\Local\{B801D90D-70DC-49D6-AE3B-66F92668F284}
2012-04-11 03:21:42 -------- d-----w- C:\Users\Chris\AppData\Local\{E33D9764-6EA3-4F26-82FB-014F27666A5C}
2012-04-10 15:20:44 -------- d-----w- C:\Users\Chris\AppData\Local\{C9224D5C-7023-4A67-94C1-DCF0EEBE7431}
2012-04-10 15:20:12 -------- d-----w- C:\Users\Chris\AppData\Local\{CEF543E1-3CDA-486D-99A3-A93DD03F1C7E}
2012-04-09 20:20:10 -------- d-----w- C:\Users\Chris\AppData\Local\{9DBD01DC-99C1-4C34-B585-F10D523A4B6F}
2012-04-09 20:19:36 -------- d-----w- C:\Users\Chris\AppData\Local\{F0427DF0-D4B1-4E5D-94B5-43ACF501C338}
2012-04-09 04:25:17 -------- d-----w- C:\Users\Chris\AppData\Local\{C3491223-ED8C-4097-BBF5-21A1FB1C7247}
2012-04-09 04:24:46 -------- d-----w- C:\Users\Chris\AppData\Local\{22AFED90-E754-468A-BC53-8914AE4DF5B6}
2012-04-09 01:09:16 -------- d-----w- C:\Users\Chris\{66f3e3b3-c488-4b8a-8076-546dde12d99d}
2012-04-09 01:09:12 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-09 01:09:11 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-09 01:09:04 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-09 01:07:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus
2012-04-08 16:23:59 -------- d-----w- C:\Users\Chris\AppData\Local\{2B5DDF47-B985-4D3D-8471-34F801DED158}
2012-04-08 16:23:26 -------- d-----w- C:\Users\Chris\AppData\Local\{E41C37D5-450E-468D-A618-EF53C8419FFD}
2012-04-06 22:40:16 -------- d-----w- C:\Users\Chris\AppData\Local\{D73AAF8F-98F3-49EF-BE89-5CFB35D70212}
2012-04-06 22:39:56 -------- d-----w- C:\Users\Chris\AppData\Local\{E162E227-7C41-4B11-B680-444C4A1C0E24}
2012-04-06 01:21:08 -------- d-----w- C:\Users\Chris\AppData\Local\{42DF15AB-311D-4CBC-8B70-96F6861A6CC7}
2012-04-06 01:20:38 -------- d-----w- C:\Users\Chris\AppData\Local\{4981596C-E523-4BCE-A974-2796F28E22A6}
2012-04-01 06:09:38 -------- d-----w- C:\Users\Chris\AppData\Local\{D4E1EF7C-B134-4625-91A7-536B57413365}
2012-04-01 06:09:05 -------- d-----w- C:\Users\Chris\AppData\Local\{259E3532-DAAA-4951-814C-6C30A50F8462}
2012-03-30 23:28:28 -------- d-----w- C:\Users\Chris\AppData\Local\{DA005AE9-3569-4F62-B3B0-29EE083DC7DA}
2012-03-30 23:27:48 -------- d-----w- C:\Users\Chris\AppData\Local\{0E3834EF-FC86-4F5E-975D-BA509ED6A001}
2012-03-26 22:57:58 -------- d-----w- C:\Users\Chris\AppData\Local\{F0065C3D-E56C-45B4-90AC-109A657847BB}
2012-03-26 22:57:28 -------- d-----w- C:\Users\Chris\AppData\Local\{3D4F8656-7E3A-42F0-8F73-1FE421D525C6}
2012-03-26 02:17:15 -------- d-----w- C:\Users\Chris\AppData\Local\{AFAF05DF-9D63-4A01-888E-F4DBE555D30E}
2012-03-26 02:16:42 -------- d-----w- C:\Users\Chris\AppData\Local\{CB074436-FF5F-4B73-959D-7620DCBA1DC4}
2012-03-24 03:04:32 -------- d-----w- C:\Users\Chris\AppData\Local\{7DACB9F5-A8A5-4408-A412-305C1DC7A82A}
2012-03-24 03:04:01 -------- d-----w- C:\Users\Chris\AppData\Local\{C9077C82-FF1F-4D78-97CD-C9290D30BD51}
2012-03-23 05:13:35 -------- d-----w- C:\Users\Chris\AppData\Local\{3EC2BB4A-563F-49B0-AA04-56769023C61E}
2012-03-23 05:13:05 -------- d-----w- C:\Users\Chris\AppData\Local\{ECC53CE2-FFC5-4DAA-A4F5-A21E3633EF3E}
2012-03-21 03:10:11 -------- d-----w- C:\Users\Chris\AppData\Local\{BAEF2111-8D04-4777-88FA-17908BD95D9B}
2012-03-21 03:09:41 -------- d-----w- C:\Users\Chris\AppData\Local\{B6257CBA-4A67-4046-8B78-30665E0E9838}
2012-03-19 00:43:14 -------- d-----w- C:\Users\Chris\AppData\Local\{36C99FA6-DFD2-4353-9778-57C662218B1C}
2012-03-19 00:42:34 -------- d-----w- C:\Users\Chris\AppData\Local\{469E296E-F08A-4F5B-B119-E63BAAB831EF}
2012-03-17 21:48:56 -------- d-----w- C:\Users\Chris\AppData\Local\{9614D049-E3B9-42A5-85BA-CF2DDD8C819E}
2012-03-17 21:48:37 -------- d-----w- C:\Users\Chris\AppData\Local\{E280A307-79E2-4445-B20A-CB20FE74BCF6}
2012-03-16 23:19:19 -------- d-----w- C:\Users\Chris\AppData\Local\{F0535218-7916-4A46-9EFD-95E3D8D54CAE}
2012-03-16 23:18:47 -------- d-----w- C:\Users\Chris\AppData\Local\{97FC8584-6CF5-43A8-8002-ABDE4506B6A5}
.
==================== Find3M ====================
.
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-12 16:45:59 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
.
============= FINISH: 18:03:14.01 ===============

Edited by chris744, 13 April 2012 - 07:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 08:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 09:10 PM

Here is the log from ComboFix, sorry about the Chinese language and I have translated to English so that you can read it.


ComboFix 12-04-13.01 - Chris 3/2012 Fri 21:35:38.1.4 - x64
執行位置 (LOCATION): c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 (DELETED FILES) )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StormII
c:\users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\32bD3Cq.jpg
c:\users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\ddmy4.jpg
c:\users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\V184Ki.jpg
c:\users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\VbV067frX.jpg
c:\users\Chris\AppData\Roaming\FFSJ
c:\users\Chris\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( 2012-03-14 至 2012-04-14 的新的檔案 NEW INSTALLED FILES )))))))))))))))))))))))))))))))
.
.
2012-04-14 01:49 . 2012-04-14 01:53 -------- d-----w- c:\users\Chris\AppData\Local\temp
2012-04-14 01:49 . 2012-04-14 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 01:49 . 2012-04-14 01:49 -------- d-----w- c:\users\Nam Tau\AppData\Local\temp
2012-04-14 01:49 . 2012-04-14 01:49 -------- d-----w- c:\users\CHRI$\AppData\Local\temp
2012-04-13 02:44 . 2012-04-13 02:44 -------- d-----w- c:\program files\iPod
2012-04-13 02:44 . 2012-04-13 02:45 -------- d-----w- c:\program files\iTunes
2012-04-13 02:44 . 2012-04-13 02:45 -------- d-----w- c:\program files (x86)\iTunes
2012-04-13 02:01 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AE1A070-56D6-4D10-8AE8-5EB38FBB2F53}\mpengine.dll
2012-04-12 01:27 . 2012-04-12 01:27 -------- d-----w- c:\windows\system32\config\systemprofile\{bc24e23e-a99a-4e62-9c9f-3a093e77144c}
2012-04-12 01:04 . 2012-04-12 01:04 -------- d-----w- c:\programdata\Sony
2012-04-12 01:04 . 2012-04-12 01:04 -------- d-----w- c:\program files (x86)\Sony
2012-04-09 01:09 . 2012-04-09 06:58 -------- d-----w- c:\users\Chris\{66f3e3b3-c488-4b8a-8076-546dde12d99d}
2012-04-09 01:09 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-09 01:09 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-09 01:09 . 2012-04-09 06:58 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-04-09 01:07 . 2012-04-09 02:46 -------- d-----w- c:\users\Chris\AppData\Roaming\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 FILES WHICH HAVE BEEN EDITED IN THE PAST 3 MONTHS ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-23 13:18 . 2009-10-31 13:34 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-12 16:47 . 2012-02-12 16:47 61440 ----a-r- c:\users\CHRI$\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-02-12 16:47 . 2012-02-12 16:47 61440 ----a-r- c:\users\CHRI$\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-02-12 16:47 . 2012-02-12 16:47 106496 ----a-r- c:\users\CHRI$\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-02-12 16:47 . 2012-02-12 16:47 106496 ----a-r- c:\users\CHRI$\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-02-12 16:47 . 2012-02-12 16:47 106496 ----a-r- c:\users\CHRI$\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-02-12 16:45 . 2012-02-12 16:45 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 IMPORTANT LOGIN POINT ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Octoshape Streaming Services"="c:\users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-03-14 446136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-06-12 273544]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
計劃任務 文件夾 裡的內容
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-31 19:18]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-31 19:18]
.
2009-11-30 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-05 18:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的掃描 -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: DOWNLOADWITH - file://c:\users\Chris\Desktop\MiPony.V1.10\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iyka7phi.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-KeyKeyServer - K:\KeyKeyServer.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-{AC8F6AC8-3A54-421C-BFFB-EA974307BC2B}_is1 - c:\messagesoft gpws version 1\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{4942F9C0-0B403F17-06000000}_0]
"ImagePath"="\??\c:\pcdr5\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c o m 0- 4biO娩
0?b1\/f?7hsYu 0[ 3 2 0 M P 3 ] ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c o m 0- 4biO娩
0?b1\/f?7hsYu 0[ 3 2 0 M P 3 ] \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p*)*芐q\eyP[?鏞? wGP嶒??1u'`a]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p*)*芐q\eyP[?鏞? wGP嶒??1u'`a\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G??0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G??0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\. c o m 0- 4biO娩
0?b1\/f?7hsYu 0[ 3 2 0 M P 3 ] ]
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*p*)*芐q\eyP[?鏞? wGP嶒??1u'`a]
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*G??0]
"0"=hex:f3,6c,52,51,20,00,2d,00,20,00,10,98,8b,89,1f,ff,20,00,2e,00,2e,00,2e,
00,47,90,8b,89,02,30,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,f3,6c,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1700895505-1091916148-3203916389-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?慴"=hex:2f,bb,d1,2e,ae,09,76,ca,69,c6,c1,d5,ae,51,5a,2e,22,04,bf,57,f1,05,02,
ef,4b,33,85,f7,dd,3c,3f,5c,c5,c6,ba,5a,52,c2,fb,25,e9,e3,f7,74,3f,02,9d,e3,\
"歲祥"=hex:c2,7f,eb,29,9e,a5,8f,47,6c,06,4a,b5,7c,00,18,57
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ 其他運行進程 OTHER RUNNING PROGRAMS ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
完成時間 DONE: 2012-04-13 22:02:21 - 電腦已重新啟動 COMPUTER HAS BEEN RESTARTED
ComboFix-quarantined-files.txt 2012-04-14 02:02
.
Pre-Run: 151,529,324,544 bytes free
Post-Run: 157,025,955,840 bytes free
.
- - End Of File - - 5879A16A6E9C7F6B4843638FFF53D9DF

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 09:20 PM

Greetings Chris

Don't worry about it being in Chinese I have seen so me of these reports I know the sections by now - If there is something I need then I will let you know

How are things doing now?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 09:32 PM

Gringo, Google still directs me to fake links. TDS didn't find anything infected. Here is the TDS log.

22:23:40.0374 4392 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:23:41.0004 4392 ============================================================
22:23:41.0004 4392 Current date / time: 2012/04/13 22:23:41.0004
22:23:41.0004 4392 SystemInfo:
22:23:41.0004 4392
22:23:41.0004 4392 OS Version: 6.0.6002 ServicePack: 2.0
22:23:41.0004 4392 Product type: Workstation
22:23:41.0004 4392 ComputerName: NAMTAU-PC
22:23:41.0005 4392 UserName: Chris
22:23:41.0005 4392 Windows directory: C:\Windows
22:23:41.0005 4392 System windows directory: C:\Windows
22:23:41.0005 4392 Running under WOW64
22:23:41.0005 4392 Processor architecture: Intel x64
22:23:41.0005 4392 Number of processors: 4
22:23:41.0005 4392 Page size: 0x1000
22:23:41.0005 4392 Boot type: Normal boot
22:23:41.0005 4392 ============================================================
22:23:41.0479 4392 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:23:41.0498 4392 \Device\Harddisk0\DR0:
22:23:41.0499 4392 MBR used
22:23:41.0499 4392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48E08A0D
22:23:41.0499 4392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48E08A4C, BlocksNum 0x1A4E475
22:23:41.0591 4392 Initialize success
22:23:41.0591 4392 ============================================================
22:23:43.0361 1792 ============================================================
22:23:43.0361 1792 Scan started
22:23:43.0361 1792 Mode: Manual;
22:23:43.0361 1792 ============================================================
22:23:44.0238 1792 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:23:44.0244 1792 ACPI - ok
22:23:44.0329 1792 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:23:44.0331 1792 AdobeARMservice - ok
22:23:44.0408 1792 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:23:44.0425 1792 adp94xx - ok
22:23:44.0506 1792 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:23:44.0512 1792 adpahci - ok
22:23:44.0536 1792 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:23:44.0565 1792 adpu160m - ok
22:23:44.0606 1792 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:23:44.0611 1792 adpu320 - ok
22:23:44.0680 1792 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:23:44.0682 1792 AeLookupSvc - ok
22:23:44.0756 1792 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:23:44.0773 1792 AFD - ok
22:23:44.0831 1792 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:23:44.0833 1792 agp440 - ok
22:23:44.0891 1792 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:23:44.0893 1792 aic78xx - ok
22:23:44.0922 1792 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:23:44.0925 1792 ALG - ok
22:23:44.0980 1792 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:23:44.0981 1792 aliide - ok
22:23:44.0997 1792 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:23:44.0998 1792 amdide - ok
22:23:45.0018 1792 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:23:45.0019 1792 AmdK8 - ok
22:23:45.0088 1792 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:23:45.0090 1792 Appinfo - ok
22:23:45.0239 1792 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:23:45.0242 1792 Apple Mobile Device - ok
22:23:45.0310 1792 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:23:45.0312 1792 arc - ok
22:23:45.0368 1792 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:23:45.0370 1792 arcsas - ok
22:23:45.0421 1792 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
22:23:45.0422 1792 aswFsBlk - ok
22:23:45.0487 1792 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
22:23:45.0489 1792 aswMonFlt - ok
22:23:45.0501 1792 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
22:23:45.0502 1792 aswRdr - ok
22:23:45.0573 1792 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
22:23:45.0581 1792 aswSnx - ok
22:23:45.0600 1792 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
22:23:45.0605 1792 aswSP - ok
22:23:45.0622 1792 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
22:23:45.0623 1792 aswTdi - ok
22:23:45.0656 1792 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:45.0657 1792 AsyncMac - ok
22:23:45.0673 1792 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
22:23:45.0674 1792 atapi - ok
22:23:45.0735 1792 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:23:45.0752 1792 AudioEndpointBuilder - ok
22:23:45.0764 1792 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:23:45.0770 1792 AudioSrv - ok
22:23:45.0888 1792 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:23:45.0889 1792 avast! Antivirus - ok
22:23:45.0904 1792 Beep - ok
22:23:45.0987 1792 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
22:23:46.0004 1792 BFE - ok
22:23:46.0095 1792 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
22:23:46.0113 1792 BITS - ok
22:23:46.0197 1792 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:23:46.0199 1792 blbdrive - ok
22:23:46.0317 1792 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:23:46.0334 1792 Bonjour Service - ok
22:23:46.0380 1792 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:23:46.0383 1792 bowser - ok
22:23:47.0065 1792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:23:47.0066 1792 BrFiltLo - ok
22:23:47.0106 1792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:23:47.0107 1792 BrFiltUp - ok
22:23:47.0174 1792 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:23:47.0176 1792 Browser - ok
22:23:47.0248 1792 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:23:47.0250 1792 Brserid - ok
22:23:47.0272 1792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:23:47.0274 1792 BrSerWdm - ok
22:23:47.0290 1792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:23:47.0291 1792 BrUsbMdm - ok
22:23:47.0308 1792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:23:47.0309 1792 BrUsbSer - ok
22:23:47.0364 1792 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:23:47.0366 1792 BTHMODEM - ok
22:23:47.0435 1792 catchme - ok
22:23:47.0548 1792 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:23:47.0551 1792 cdfs - ok
22:23:47.0660 1792 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:23:47.0663 1792 cdrom - ok
22:23:47.0781 1792 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:23:47.0783 1792 CertPropSvc - ok
22:23:47.0839 1792 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:23:47.0841 1792 circlass - ok
22:23:47.0906 1792 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:23:47.0923 1792 CLFS - ok
22:23:48.0001 1792 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:48.0005 1792 clr_optimization_v2.0.50727_32 - ok
22:23:48.0069 1792 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:23:48.0073 1792 clr_optimization_v2.0.50727_64 - ok
22:23:48.0159 1792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:48.0163 1792 clr_optimization_v4.0.30319_32 - ok
22:23:48.0215 1792 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:23:48.0219 1792 clr_optimization_v4.0.30319_64 - ok
22:23:48.0270 1792 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:23:48.0271 1792 cmdide - ok
22:23:48.0302 1792 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
22:23:48.0303 1792 Compbatt - ok
22:23:48.0311 1792 COMSysApp - ok
22:23:48.0361 1792 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
22:23:48.0362 1792 cpuz135 - ok
22:23:48.0408 1792 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:23:48.0409 1792 crcdisk - ok
22:23:48.0551 1792 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
22:23:48.0554 1792 CryptSvc - ok
22:23:48.0638 1792 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:23:48.0652 1792 DcomLaunch - ok
22:23:48.0744 1792 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:23:48.0747 1792 DfsC - ok
22:23:48.0864 1792 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
22:23:48.0964 1792 DFSR - ok
22:23:49.0034 1792 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
22:23:49.0039 1792 Dhcp - ok
22:23:49.0075 1792 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:23:49.0077 1792 disk - ok
22:23:49.0147 1792 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
22:23:49.0151 1792 Dnscache - ok
22:23:49.0210 1792 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
22:23:49.0216 1792 dot3svc - ok
22:23:49.0282 1792 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:23:49.0286 1792 DPS - ok
22:23:49.0365 1792 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:23:49.0366 1792 drmkaud - ok
22:23:49.0438 1792 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:23:49.0449 1792 DXGKrnl - ok
22:23:49.0526 1792 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:23:49.0529 1792 E1G60 - ok
22:23:49.0577 1792 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:23:49.0581 1792 EapHost - ok
22:23:49.0629 1792 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:23:49.0631 1792 Ecache - ok
22:23:49.0667 1792 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:23:49.0672 1792 ehRecvr - ok
22:23:49.0687 1792 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:23:49.0689 1792 ehSched - ok
22:23:49.0731 1792 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:23:49.0732 1792 ehstart - ok
22:23:49.0760 1792 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:23:49.0765 1792 elxstor - ok
22:23:49.0843 1792 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
22:23:49.0851 1792 EMDMgmt - ok
22:23:49.0915 1792 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:23:49.0915 1792 ErrDev - ok
22:23:49.0994 1792 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
22:23:50.0000 1792 EventSystem - ok
22:23:50.0056 1792 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:23:50.0060 1792 exfat - ok
22:23:50.0121 1792 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:23:50.0125 1792 fastfat - ok
22:23:50.0143 1792 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:23:50.0144 1792 fdc - ok
22:23:50.0165 1792 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:23:50.0168 1792 fdPHost - ok
22:23:50.0183 1792 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:23:50.0186 1792 FDResPub - ok
22:23:50.0205 1792 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:23:50.0207 1792 FileInfo - ok
22:23:50.0230 1792 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:23:50.0232 1792 Filetrace - ok
22:23:50.0254 1792 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:23:50.0255 1792 flpydisk - ok
22:23:50.0279 1792 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:23:50.0285 1792 FltMgr - ok
22:23:50.0404 1792 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
22:23:50.0480 1792 FontCache - ok
22:23:50.0586 1792 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:23:50.0589 1792 FontCache3.0.0.0 - ok
22:23:50.0608 1792 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:23:50.0609 1792 Fs_Rec - ok
22:23:50.0629 1792 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:23:50.0631 1792 gagp30kx - ok
22:23:50.0720 1792 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
22:23:50.0723 1792 GameConsoleService - ok
22:23:50.0766 1792 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:23:50.0767 1792 GEARAspiWDM - ok
22:23:50.0834 1792 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
22:23:50.0859 1792 gpsvc - ok
22:23:50.0973 1792 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:50.0977 1792 gupdate - ok
22:23:51.0032 1792 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:51.0034 1792 gupdatem - ok
22:23:51.0124 1792 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:23:51.0149 1792 HDAudBus - ok
22:23:51.0202 1792 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:23:51.0204 1792 HidBth - ok
22:23:51.0222 1792 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:23:51.0223 1792 HidIr - ok
22:23:51.0265 1792 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
22:23:51.0268 1792 hidserv - ok
22:23:51.0307 1792 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:23:51.0308 1792 HidUsb - ok
22:23:51.0339 1792 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:23:51.0344 1792 hkmsvc - ok
22:23:51.0425 1792 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:23:51.0427 1792 HP Health Check Service - ok
22:23:51.0477 1792 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:23:51.0483 1792 HpCISSs - ok
22:23:51.0630 1792 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:23:51.0646 1792 HTTP - ok
22:23:51.0663 1792 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:23:51.0664 1792 i2omp - ok
22:23:51.0723 1792 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:23:51.0724 1792 i8042prt - ok
22:23:51.0777 1792 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:23:51.0783 1792 iaStorV - ok
22:23:51.0903 1792 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:23:51.0906 1792 IDriverT - ok
22:23:51.0981 1792 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:23:52.0006 1792 idsvc - ok
22:23:52.0051 1792 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:23:52.0052 1792 iirsp - ok
22:23:52.0121 1792 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
22:23:52.0136 1792 IKEEXT - ok
22:23:52.0257 1792 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
22:23:52.0277 1792 IntcAzAudAddService - ok
22:23:52.0306 1792 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:23:52.0308 1792 intelide - ok
22:23:52.0366 1792 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:23:52.0368 1792 intelppm - ok
22:23:52.0399 1792 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:23:52.0404 1792 IPBusEnum - ok
22:23:52.0447 1792 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:23:52.0450 1792 IpFilterDriver - ok
22:23:52.0514 1792 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
22:23:52.0522 1792 iphlpsvc - ok
22:23:52.0532 1792 IpInIp - ok
22:23:52.0579 1792 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:23:52.0581 1792 IPMIDRV - ok
22:23:52.0596 1792 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:23:52.0599 1792 IPNAT - ok
22:23:52.0687 1792 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:23:52.0712 1792 iPod Service - ok
22:23:52.0766 1792 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:23:52.0767 1792 IRENUM - ok
22:23:52.0808 1792 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:23:52.0810 1792 isapnp - ok
22:23:52.0867 1792 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:23:52.0871 1792 iScsiPrt - ok
22:23:52.0931 1792 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:23:52.0933 1792 iteatapi - ok
22:23:53.0008 1792 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:23:53.0009 1792 iteraid - ok
22:23:53.0027 1792 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:53.0029 1792 kbdclass - ok
22:23:53.0098 1792 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:53.0100 1792 kbdhid - ok
22:23:53.0157 1792 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:23:53.0160 1792 KeyIso - ok
22:23:53.0213 1792 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:23:53.0230 1792 KSecDD - ok
22:23:53.0281 1792 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:23:53.0282 1792 ksthunk - ok
22:23:53.0355 1792 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:23:53.0372 1792 KtmRm - ok
22:23:53.0445 1792 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
22:23:53.0462 1792 LanmanServer - ok
22:23:53.0527 1792 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
22:23:53.0544 1792 LanmanWorkstation - ok
22:23:53.0613 1792 Lavasoft Kernexplorer - ok
22:23:53.0639 1792 Lbd - ok
22:23:53.0739 1792 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:23:53.0741 1792 LightScribeService - ok
22:23:53.0763 1792 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:23:53.0765 1792 lltdio - ok
22:23:53.0797 1792 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:23:53.0814 1792 lltdsvc - ok
22:23:53.0882 1792 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:23:53.0885 1792 lmhosts - ok
22:23:53.0948 1792 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:23:53.0951 1792 LSI_FC - ok
22:23:54.0008 1792 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:23:54.0011 1792 LSI_SAS - ok
22:23:54.0067 1792 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:23:54.0071 1792 LSI_SCSI - ok
22:23:54.0092 1792 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:23:54.0094 1792 luafv - ok
22:23:54.0134 1792 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:23:54.0140 1792 Mcx2Svc - ok
22:23:54.0180 1792 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:23:54.0182 1792 megasas - ok
22:23:54.0239 1792 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:23:54.0255 1792 MegaSR - ok
22:23:54.0368 1792 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:23:54.0372 1792 Microsoft Office Groove Audit Service - ok
22:23:54.0389 1792 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:23:54.0393 1792 MMCSS - ok
22:23:54.0454 1792 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:23:54.0456 1792 Modem - ok
22:23:54.0521 1792 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:23:54.0523 1792 monitor - ok
22:23:54.0537 1792 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:23:54.0539 1792 mouclass - ok
22:23:54.0558 1792 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:23:54.0560 1792 mouhid - ok
22:23:54.0571 1792 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:23:54.0573 1792 MountMgr - ok
22:23:54.0628 1792 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:23:54.0632 1792 mpio - ok
22:23:54.0661 1792 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:23:54.0663 1792 mpsdrv - ok
22:23:54.0737 1792 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
22:23:54.0754 1792 MpsSvc - ok
22:23:54.0806 1792 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:23:54.0809 1792 Mraid35x - ok
22:23:54.0902 1792 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:23:54.0906 1792 MRxDAV - ok
22:23:54.0963 1792 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:54.0967 1792 mrxsmb - ok
22:23:55.0032 1792 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:55.0038 1792 mrxsmb10 - ok
22:23:55.0066 1792 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:55.0069 1792 mrxsmb20 - ok
22:23:55.0087 1792 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:23:55.0089 1792 msahci - ok
22:23:55.0115 1792 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:23:55.0118 1792 msdsm - ok
22:23:55.0161 1792 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:23:55.0165 1792 MSDTC - ok
22:23:55.0200 1792 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:23:55.0201 1792 Msfs - ok
22:23:55.0248 1792 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:23:55.0249 1792 msisadrv - ok
22:23:55.0281 1792 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:23:55.0284 1792 MSiSCSI - ok
22:23:55.0291 1792 msiserver - ok
22:23:55.0306 1792 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:23:55.0307 1792 MSKSSRV - ok
22:23:55.0357 1792 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:55.0358 1792 MSPCLOCK - ok
22:23:55.0414 1792 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:23:55.0415 1792 MSPQM - ok
22:23:55.0473 1792 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:23:55.0480 1792 MsRPC - ok
22:23:55.0498 1792 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:23:55.0500 1792 mssmbios - ok
22:23:55.0516 1792 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:23:55.0518 1792 MSTEE - ok
22:23:55.0541 1792 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:23:55.0543 1792 Mup - ok
22:23:55.0628 1792 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
22:23:55.0645 1792 napagent - ok
22:23:55.0716 1792 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:23:55.0721 1792 NativeWifiP - ok
22:23:55.0792 1792 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:23:55.0801 1792 NDIS - ok
22:23:55.0811 1792 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:55.0812 1792 NdisTapi - ok
22:23:55.0824 1792 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:55.0826 1792 Ndisuio - ok
22:23:55.0879 1792 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:55.0884 1792 NdisWan - ok
22:23:55.0895 1792 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:23:55.0897 1792 NDProxy - ok
22:23:55.0913 1792 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:23:55.0915 1792 NetBIOS - ok
22:23:55.0937 1792 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:23:55.0942 1792 netbt - ok
22:23:55.0999 1792 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:23:56.0003 1792 Netlogon - ok
22:23:56.0041 1792 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:23:56.0048 1792 Netman - ok
22:23:56.0070 1792 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:23:56.0086 1792 netprofm - ok
22:23:56.0164 1792 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
22:23:56.0181 1792 netr7364 - ok
22:23:56.0254 1792 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:56.0257 1792 NetTcpPortSharing - ok
22:23:56.0279 1792 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:23:56.0281 1792 nfrd960 - ok
22:23:56.0303 1792 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:23:56.0320 1792 NlaSvc - ok
22:23:56.0377 1792 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:23:56.0379 1792 Npfs - ok
22:23:56.0393 1792 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:23:56.0398 1792 nsi - ok
22:23:56.0416 1792 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:23:56.0417 1792 nsiproxy - ok
22:23:56.0510 1792 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:23:56.0528 1792 Ntfs - ok
22:23:56.0539 1792 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:23:56.0540 1792 Null - ok
22:23:56.0627 1792 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:23:56.0668 1792 NVENETFD - ok
22:23:57.0071 1792 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:23:57.0297 1792 nvlddmkm - ok
22:23:57.0321 1792 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:23:57.0324 1792 nvraid - ok
22:23:57.0347 1792 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys
22:23:57.0350 1792 nvrd64 - ok
22:23:57.0376 1792 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
22:23:57.0377 1792 nvsmu - ok
22:23:57.0400 1792 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:23:57.0401 1792 nvstor - ok
22:23:57.0411 1792 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys
22:23:57.0413 1792 nvstor64 - ok
22:23:57.0462 1792 nvsvc (9dfc3de793a130592a5a579d611d412e) C:\Windows\system32\nvvsvc.exe
22:23:57.0479 1792 nvsvc - ok
22:23:57.0506 1792 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:23:57.0509 1792 nv_agp - ok
22:23:57.0516 1792 NwlnkFlt - ok
22:23:57.0528 1792 NwlnkFwd - ok
22:23:57.0679 1792 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:57.0696 1792 odserv - ok
22:23:57.0773 1792 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:23:57.0775 1792 ohci1394 - ok
22:23:57.0842 1792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:57.0845 1792 ose - ok
22:23:57.0912 1792 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:23:57.0937 1792 p2pimsvc - ok
22:23:57.0959 1792 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:23:57.0973 1792 p2psvc - ok
22:23:57.0997 1792 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:23:58.0001 1792 Parport - ok
22:23:58.0044 1792 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:23:58.0046 1792 partmgr - ok
22:23:58.0075 1792 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:23:58.0082 1792 PcaSvc - ok
22:23:58.0143 1792 PcdrNdisuio - ok
22:23:58.0173 1792 PCDSRVC{4942F9C0-0B403F17-06000000}_0 - ok
22:23:58.0214 1792 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:23:58.0218 1792 pci - ok
22:23:58.0241 1792 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:23:58.0243 1792 pciide - ok
22:23:58.0280 1792 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:23:58.0285 1792 pcmcia - ok
22:23:58.0331 1792 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:23:58.0348 1792 PEAUTH - ok
22:23:58.0375 1792 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:23:58.0380 1792 PerfHost - ok
22:23:58.0478 1792 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:23:58.0520 1792 pla - ok
22:23:58.0636 1792 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
22:23:58.0652 1792 PlugPlay - ok
22:23:58.0729 1792 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:23:58.0743 1792 PNRPAutoReg - ok
22:23:58.0770 1792 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:23:58.0784 1792 PNRPsvc - ok
22:23:58.0845 1792 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
22:23:58.0862 1792 PolicyAgent - ok
22:23:58.0930 1792 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:23:58.0933 1792 PptpMiniport - ok
22:23:58.0955 1792 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
22:23:58.0956 1792 Processor - ok
22:23:59.0007 1792 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
22:23:59.0024 1792 ProfSvc - ok
22:23:59.0074 1792 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:23:59.0078 1792 ProtectedStorage - ok
22:23:59.0145 1792 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
22:23:59.0148 1792 Ps2 - ok
22:23:59.0203 1792 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:23:59.0206 1792 PSched - ok
22:23:59.0265 1792 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:23:59.0298 1792 ql2300 - ok
22:23:59.0336 1792 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:23:59.0340 1792 ql40xx - ok
22:23:59.0372 1792 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:23:59.0389 1792 QWAVE - ok
22:23:59.0409 1792 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:23:59.0411 1792 QWAVEdrv - ok
22:23:59.0425 1792 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:23:59.0427 1792 RasAcd - ok
22:23:59.0440 1792 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:23:59.0448 1792 RasAuto - ok
22:23:59.0467 1792 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:59.0470 1792 Rasl2tp - ok
22:23:59.0494 1792 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
22:23:59.0511 1792 RasMan - ok
22:23:59.0566 1792 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:59.0568 1792 RasPppoe - ok
22:23:59.0634 1792 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:23:59.0637 1792 RasSstp - ok
22:23:59.0706 1792 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:23:59.0712 1792 rdbss - ok
22:23:59.0778 1792 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:59.0780 1792 RDPCDD - ok
22:23:59.0812 1792 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:23:59.0820 1792 rdpdr - ok
22:23:59.0830 1792 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:23:59.0832 1792 RDPENCDD - ok
22:23:59.0863 1792 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:23:59.0869 1792 RDPWD - ok
22:23:59.0903 1792 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:23:59.0908 1792 RemoteAccess - ok
22:23:59.0957 1792 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
22:23:59.0965 1792 RemoteRegistry - ok
22:23:59.0997 1792 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:24:00.0001 1792 RpcLocator - ok
22:24:00.0071 1792 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:24:00.0084 1792 RpcSs - ok
22:24:00.0099 1792 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:24:00.0102 1792 rspndr - ok
22:24:00.0157 1792 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:24:00.0161 1792 SamSs - ok
22:24:00.0247 1792 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
22:24:00.0251 1792 SbFw - ok
22:24:00.0286 1792 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:24:00.0290 1792 sbp2port - ok
22:24:00.0339 1792 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
22:24:00.0356 1792 SCardSvr - ok
22:24:00.0423 1792 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
22:24:00.0438 1792 Schedule - ok
22:24:00.0480 1792 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:24:00.0482 1792 SCPolicySvc - ok
22:24:00.0512 1792 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:24:00.0529 1792 SDRSVC - ok
22:24:00.0591 1792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:24:00.0593 1792 secdrv - ok
22:24:00.0608 1792 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:24:00.0615 1792 seclogon - ok
22:24:00.0642 1792 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
22:24:00.0649 1792 SENS - ok
22:24:00.0674 1792 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:24:00.0676 1792 Serenum - ok
22:24:00.0707 1792 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:24:00.0710 1792 Serial - ok
22:24:00.0749 1792 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:24:00.0752 1792 sermouse - ok
22:24:00.0790 1792 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:24:00.0797 1792 SessionEnv - ok
22:24:00.0817 1792 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:24:00.0819 1792 sffdisk - ok
22:24:00.0839 1792 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:24:00.0841 1792 sffp_mmc - ok
22:24:00.0858 1792 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:24:00.0860 1792 sffp_sd - ok
22:24:00.0881 1792 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:24:00.0883 1792 sfloppy - ok
22:24:00.0923 1792 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
22:24:00.0929 1792 SharedAccess - ok
22:24:01.0014 1792 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
22:24:01.0024 1792 ShellHWDetection - ok
22:24:01.0049 1792 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:24:01.0052 1792 SiSRaid2 - ok
22:24:01.0083 1792 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:24:01.0086 1792 SiSRaid4 - ok
22:24:01.0185 1792 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
22:24:01.0244 1792 slsvc - ok
22:24:01.0303 1792 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
22:24:01.0311 1792 SLUINotify - ok
22:24:01.0358 1792 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:24:01.0361 1792 Smb - ok
22:24:01.0402 1792 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:24:01.0408 1792 SNMPTRAP - ok
22:24:01.0549 1792 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
22:24:01.0552 1792 Sony PC Companion - ok
22:24:01.0608 1792 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:24:01.0609 1792 spldr - ok
22:24:01.0661 1792 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
22:24:01.0669 1792 Spooler - ok
22:24:01.0795 1792 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
22:24:01.0820 1792 sptd - ok
22:24:01.0871 1792 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:24:01.0888 1792 srv - ok
22:24:01.0937 1792 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:24:01.0942 1792 srv2 - ok
22:24:01.0990 1792 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:24:01.0994 1792 srvnet - ok
22:24:02.0011 1792 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:24:02.0019 1792 SSDPSRV - ok
22:24:02.0075 1792 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:24:02.0092 1792 SstpSvc - ok
22:24:02.0155 1792 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
22:24:02.0256 1792 stisvc - ok
22:24:02.0281 1792 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:24:02.0283 1792 swenum - ok
22:24:02.0345 1792 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
22:24:02.0362 1792 swprv - ok
22:24:02.0386 1792 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:24:02.0388 1792 Symc8xx - ok
22:24:02.0409 1792 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:24:02.0411 1792 Sym_hi - ok
22:24:02.0431 1792 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:24:02.0434 1792 Sym_u3 - ok
22:24:02.0497 1792 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
22:24:02.0522 1792 SysMain - ok
22:24:02.0536 1792 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:24:02.0544 1792 TabletInputService - ok
22:24:02.0621 1792 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
22:24:02.0631 1792 TapiSrv - ok
22:24:02.0661 1792 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:24:02.0668 1792 TBS - ok
22:24:02.0753 1792 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
22:24:02.0770 1792 Tcpip - ok
22:24:02.0812 1792 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
22:24:02.0828 1792 Tcpip6 - ok
22:24:02.0883 1792 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:24:02.0884 1792 tcpipreg - ok
22:24:02.0902 1792 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:24:02.0904 1792 TDPIPE - ok
22:24:02.0925 1792 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:24:02.0926 1792 TDTCP - ok
22:24:02.0978 1792 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:24:02.0979 1792 tdx - ok
22:24:03.0019 1792 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:24:03.0020 1792 TermDD - ok
22:24:03.0072 1792 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
22:24:03.0079 1792 TermService - ok
22:24:03.0156 1792 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
22:24:03.0165 1792 Themes - ok
22:24:03.0190 1792 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:24:03.0194 1792 THREADORDER - ok
22:24:03.0213 1792 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:24:03.0221 1792 TrkWks - ok
22:24:03.0283 1792 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
22:24:03.0284 1792 TrustedInstaller - ok
22:24:03.0386 1792 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:24:03.0389 1792 tssecsrv - ok
22:24:03.0414 1792 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:24:03.0416 1792 tunmp - ok
22:24:03.0483 1792 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:24:03.0485 1792 tunnel - ok
22:24:03.0506 1792 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:24:03.0509 1792 uagp35 - ok
22:24:03.0568 1792 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:24:03.0574 1792 udfs - ok
22:24:03.0635 1792 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:24:03.0642 1792 UI0Detect - ok
22:24:03.0669 1792 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:24:03.0672 1792 uliagpkx - ok
22:24:03.0699 1792 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:24:03.0705 1792 uliahci - ok
22:24:03.0718 1792 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:24:03.0723 1792 UlSata - ok
22:24:03.0744 1792 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:24:03.0747 1792 ulsata2 - ok
22:24:03.0767 1792 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:24:03.0768 1792 umbus - ok
22:24:03.0790 1792 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:24:03.0807 1792 upnphost - ok
22:24:03.0868 1792 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:24:03.0870 1792 USBAAPL64 - ok
22:24:03.0930 1792 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:24:03.0933 1792 usbccgp - ok
22:24:03.0942 1792 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:24:03.0944 1792 usbcir - ok
22:24:03.0971 1792 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:24:03.0973 1792 usbehci - ok
22:24:04.0034 1792 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:24:04.0039 1792 usbhub - ok
22:24:04.0068 1792 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
22:24:04.0070 1792 usbohci - ok
22:24:04.0110 1792 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:24:04.0112 1792 usbprint - ok
22:24:04.0140 1792 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:24:04.0144 1792 USBSTOR - ok
22:24:04.0166 1792 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:24:04.0168 1792 usbuhci - ok
22:24:04.0210 1792 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
22:24:04.0217 1792 UxSms - ok
22:24:04.0269 1792 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
22:24:04.0287 1792 vds - ok
22:24:04.0309 1792 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:24:04.0312 1792 vga - ok
22:24:04.0332 1792 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:24:04.0334 1792 VgaSave - ok
22:24:04.0360 1792 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:24:04.0362 1792 viaide - ok
22:24:04.0383 1792 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:24:04.0385 1792 volmgr - ok
22:24:04.0438 1792 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:24:04.0538 1792 volmgrx - ok
22:24:04.0633 1792 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:24:04.0639 1792 volsnap - ok
22:24:04.0661 1792 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:24:04.0664 1792 vsmraid - ok
22:24:04.0763 1792 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
22:24:04.0797 1792 VSS - ok
22:24:04.0860 1792 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
22:24:04.0877 1792 W32Time - ok
22:24:04.0901 1792 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:24:04.0903 1792 WacomPen - ok
22:24:04.0969 1792 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:04.0972 1792 Wanarp - ok
22:24:04.0979 1792 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:04.0981 1792 Wanarpv6 - ok
22:24:05.0010 1792 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
22:24:05.0035 1792 wcncsvc - ok
22:24:05.0068 1792 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:24:05.0076 1792 WcsPlugInService - ok
22:24:05.0096 1792 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:24:05.0098 1792 Wd - ok
22:24:05.0143 1792 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:24:05.0166 1792 Wdf01000 - ok
22:24:05.0181 1792 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:24:05.0189 1792 WdiServiceHost - ok
22:24:05.0195 1792 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:24:05.0203 1792 WdiSystemHost - ok
22:24:05.0227 1792 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
22:24:05.0244 1792 WebClient - ok
22:24:05.0274 1792 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:24:05.0281 1792 Wecsvc - ok
22:24:05.0311 1792 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:24:05.0316 1792 wercplsupport - ok
22:24:05.0331 1792 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
22:24:05.0336 1792 WerSvc - ok
22:24:05.0355 1792 WinDefend - ok
22:24:05.0368 1792 WinHttpAutoProxySvc - ok
22:24:05.0456 1792 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
22:24:05.0460 1792 Winmgmt - ok
22:24:05.0542 1792 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:24:05.0631 1792 WinRM - ok
22:24:05.0759 1792 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
22:24:05.0801 1792 Wlansvc - ok
22:24:05.0898 1792 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:05.0949 1792 wlidsvc - ok
22:24:05.0996 1792 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:24:05.0998 1792 WmiAcpi - ok
22:24:06.0088 1792 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
22:24:06.0093 1792 wmiApSrv - ok
22:24:06.0119 1792 WMPNetworkSvc - ok
22:24:06.0153 1792 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:24:06.0170 1792 WPCSvc - ok
22:24:06.0228 1792 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
22:24:06.0238 1792 WPDBusEnum - ok
22:24:06.0286 1792 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:24:06.0289 1792 WpdUsb - ok
22:24:06.0460 1792 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:24:06.0485 1792 WPFFontCache_v0400 - ok
22:24:06.0511 1792 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:24:06.0513 1792 ws2ifsl - ok
22:24:06.0575 1792 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
22:24:06.0583 1792 wscsvc - ok
22:24:06.0593 1792 WSearch - ok
22:24:06.0708 1792 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
22:24:06.0875 1792 wuauserv - ok
22:24:06.0921 1792 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:24:06.0924 1792 WUDFRd - ok
22:24:06.0957 1792 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:24:06.0966 1792 wudfsvc - ok
22:24:07.0020 1792 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
22:24:07.0247 1792 \Device\Harddisk0\DR0 - ok
22:24:07.0253 1792 Boot (0x1200) (e664cbd17d6b6ff6a5ab1f65743dec42) \Device\Harddisk0\DR0\Partition0
22:24:07.0255 1792 \Device\Harddisk0\DR0\Partition0 - ok
22:24:07.0262 1792 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
22:24:07.0264 1792 \Device\Harddisk0\DR0\Partition1 - ok
22:24:07.0266 1792 ============================================================
22:24:07.0266 1792 Scan finished
22:24:07.0266 1792 ============================================================
22:24:07.0287 2960 Detected object count: 0
22:24:07.0287 2960 Actual detected object count: 0
22:24:31.0373 0768 ============================================================
22:24:31.0373 0768 Scan started
22:24:31.0373 0768 Mode: Manual;
22:24:31.0373 0768 ============================================================
22:24:31.0693 0768 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:24:31.0696 0768 ACPI - ok
22:24:31.0769 0768 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:24:31.0770 0768 AdobeARMservice - ok
22:24:31.0805 0768 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:24:31.0808 0768 adp94xx - ok
22:24:31.0838 0768 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:24:31.0842 0768 adpahci - ok
22:24:31.0868 0768 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:24:31.0870 0768 adpu160m - ok
22:24:31.0904 0768 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:24:31.0907 0768 adpu320 - ok
22:24:31.0945 0768 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:24:31.0947 0768 AeLookupSvc - ok
22:24:32.0013 0768 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:24:32.0019 0768 AFD - ok
22:24:32.0054 0768 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:24:32.0055 0768 agp440 - ok
22:24:32.0073 0768 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:24:32.0074 0768 aic78xx - ok
22:24:32.0120 0768 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:24:32.0122 0768 ALG - ok
22:24:32.0145 0768 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:24:32.0146 0768 aliide - ok
22:24:32.0162 0768 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:24:32.0163 0768 amdide - ok
22:24:32.0183 0768 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:24:32.0184 0768 AmdK8 - ok
22:24:32.0203 0768 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:24:32.0204 0768 Appinfo - ok
22:24:32.0304 0768 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:24:32.0306 0768 Apple Mobile Device - ok
22:24:32.0333 0768 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:24:32.0335 0768 arc - ok
22:24:32.0358 0768 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:24:32.0359 0768 arcsas - ok
22:24:32.0403 0768 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
22:24:32.0404 0768 aswFsBlk - ok
22:24:32.0419 0768 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
22:24:32.0421 0768 aswMonFlt - ok
22:24:32.0433 0768 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
22:24:32.0434 0768 aswRdr - ok
22:24:32.0463 0768 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
22:24:32.0471 0768 aswSnx - ok
22:24:32.0490 0768 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
22:24:32.0494 0768 aswSP - ok
22:24:32.0512 0768 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
22:24:32.0513 0768 aswTdi - ok
22:24:32.0529 0768 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:24:32.0530 0768 AsyncMac - ok
22:24:32.0605 0768 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
22:24:32.0606 0768 atapi - ok
22:24:32.0659 0768 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:24:32.0665 0768 AudioEndpointBuilder - ok
22:24:32.0700 0768 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:24:32.0706 0768 AudioSrv - ok
22:24:32.0769 0768 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:24:32.0771 0768 avast! Antivirus - ok
22:24:32.0783 0768 Beep - ok
22:24:32.0852 0768 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
22:24:32.0857 0768 BFE - ok
22:24:32.0894 0768 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
22:24:32.0912 0768 BITS - ok
22:24:32.0929 0768 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:24:32.0930 0768 blbdrive - ok
22:24:32.0981 0768 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:24:32.0987 0768 Bonjour Service - ok
22:24:33.0028 0768 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:24:33.0030 0768 bowser - ok
22:24:33.0046 0768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:24:33.0047 0768 BrFiltLo - ok
22:24:33.0063 0768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:24:33.0064 0768 BrFiltUp - ok
22:24:33.0089 0768 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:24:33.0090 0768 Browser - ok
22:24:33.0114 0768 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:24:33.0114 0768 Brserid - ok
22:24:33.0137 0768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:24:33.0138 0768 BrSerWdm - ok
22:24:33.0155 0768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:24:33.0156 0768 BrUsbMdm - ok
22:24:33.0173 0768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:24:33.0174 0768 BrUsbSer - ok
22:24:33.0196 0768 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:24:33.0197 0768 BTHMODEM - ok
22:24:33.0217 0768 catchme - ok
22:24:33.0238 0768 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:24:33.0239 0768 cdfs - ok
22:24:33.0283 0768 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:24:33.0285 0768 cdrom - ok
22:24:33.0329 0768 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:24:33.0330 0768 CertPropSvc - ok
22:24:33.0354 0768 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:24:33.0355 0768 circlass - ok
22:24:33.0405 0768 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:24:33.0410 0768 CLFS - ok
22:24:33.0458 0768 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:33.0460 0768 clr_optimization_v2.0.50727_32 - ok
22:24:33.0526 0768 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:33.0528 0768 clr_optimization_v2.0.50727_64 - ok
22:24:33.0600 0768 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:33.0602 0768 clr_optimization_v4.0.30319_32 - ok
22:24:33.0655 0768 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:33.0657 0768 clr_optimization_v4.0.30319_64 - ok
22:24:33.0686 0768 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:24:33.0687 0768 cmdide - ok
22:24:33.0717 0768 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
22:24:33.0718 0768 Compbatt - ok
22:24:33.0727 0768 COMSysApp - ok
22:24:33.0793 0768 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
22:24:33.0794 0768 cpuz135 - ok
22:24:33.0803 0768 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:24:33.0804 0768 crcdisk - ok
22:24:33.0824 0768 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
22:24:33.0827 0768 CryptSvc - ok
22:24:33.0903 0768 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:24:33.0916 0768 DcomLaunch - ok
22:24:33.0967 0768 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:24:33.0969 0768 DfsC - ok
22:24:34.0079 0768 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
22:24:34.0118 0768 DFSR - ok
22:24:34.0173 0768 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
22:24:34.0176 0768 Dhcp - ok
22:24:34.0207 0768 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:24:34.0207 0768 disk - ok
22:24:34.0253 0768 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
22:24:34.0255 0768 Dnscache - ok
22:24:34.0316 0768 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
22:24:34.0318 0768 dot3svc - ok
22:24:34.0354 0768 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:24:34.0356 0768 DPS - ok
22:24:34.0388 0768 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:24:34.0389 0768 drmkaud - ok
22:24:34.0458 0768 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:24:34.0464 0768 DXGKrnl - ok
22:24:34.0498 0768 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:24:34.0500 0768 E1G60 - ok
22:24:34.0517 0768 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:24:34.0519 0768 EapHost - ok
22:24:34.0570 0768 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:24:34.0572 0768 Ecache - ok
22:24:34.0617 0768 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:24:34.0622 0768 ehRecvr - ok
22:24:34.0636 0768 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:24:34.0639 0768 ehSched - ok
22:24:34.0646 0768 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:24:34.0647 0768 ehstart - ok
22:24:34.0685 0768 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:24:34.0690 0768 elxstor - ok
22:24:34.0768 0768 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
22:24:34.0774 0768 EMDMgmt - ok
22:24:34.0796 0768 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:24:34.0797 0768 ErrDev - ok
22:24:34.0867 0768 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
22:24:34.0873 0768 EventSystem - ok
22:24:34.0929 0768 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:24:34.0932 0768 exfat - ok
22:24:34.0986 0768 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:24:34.0989 0768 fastfat - ok
22:24:35.0016 0768 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:24:35.0017 0768 fdc - ok
22:24:35.0026 0768 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:24:35.0028 0768 fdPHost - ok
22:24:35.0048 0768 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:24:35.0051 0768 FDResPub - ok
22:24:35.0070 0768 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:24:35.0072 0768 FileInfo - ok
22:24:35.0095 0768 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:24:35.0097 0768 Filetrace - ok
22:24:35.0119 0768 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:24:35.0120 0768 flpydisk - ok
22:24:35.0169 0768 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:24:35.0173 0768 FltMgr - ok
22:24:35.0254 0768 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
22:24:35.0270 0768 FontCache - ok
22:24:35.0359 0768 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:35.0361 0768 FontCache3.0.0.0 - ok
22:24:35.0382 0768 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:24:35.0383 0768 Fs_Rec - ok
22:24:35.0402 0768 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:24:35.0404 0768 gagp30kx - ok
22:24:35.0444 0768 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
22:24:35.0446 0768 GameConsoleService - ok
22:24:35.0489 0768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:24:35.0490 0768 GEARAspiWDM - ok
22:24:35.0557 0768 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
22:24:35.0568 0768 gpsvc - ok
22:24:35.0639 0768 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:24:35.0641 0768 gupdate - ok
22:24:35.0655 0768 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:24:35.0657 0768 gupdatem - ok
22:24:35.0731 0768 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:24:35.0742 0768 HDAudBus - ok
22:24:35.0767 0768 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:24:35.0769 0768 HidBth - ok
22:24:35.0787 0768 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:24:35.0788 0768 HidIr - ok
22:24:35.0830 0768 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
22:24:35.0833 0768 hidserv - ok
22:24:35.0872 0768 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:24:35.0873 0768 HidUsb - ok
22:24:35.0904 0768 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:24:35.0908 0768 hkmsvc - ok
22:24:35.0940 0768 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:24:35.0941 0768 HP Health Check Service - ok
22:24:35.0959 0768 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:24:35.0960 0768 HpCISSs - ok
22:24:36.0028 0768 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:24:36.0036 0768 HTTP - ok
22:24:36.0053 0768 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:24:36.0054 0768 i2omp - ok
22:24:36.0071 0768 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:24:36.0073 0768 i8042prt - ok
22:24:36.0100 0768 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:24:36.0104 0768 iaStorV - ok
22:24:36.0185 0768 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:24:36.0186 0768 IDriverT - ok
22:24:36.0292 0768 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:36.0302 0768 idsvc - ok
22:24:36.0341 0768 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:24:36.0342 0768 iirsp - ok
22:24:36.0402 0768 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
22:24:36.0410 0768 IKEEXT - ok
22:24:36.0498 0768 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
22:24:36.0518 0768 IntcAzAudAddService - ok
22:24:36.0538 0768 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:24:36.0539 0768 intelide - ok
22:24:36.0564 0768 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:24:36.0566 0768 intelppm - ok
22:24:36.0597 0768 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:24:36.0601 0768 IPBusEnum - ok
22:24:36.0654 0768 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:24:36.0656 0768 IpFilterDriver - ok
22:24:36.0729 0768 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
22:24:36.0734 0768 iphlpsvc - ok
22:24:36.0744 0768 IpInIp - ok
22:24:36.0802 0768 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:24:36.0804 0768 IPMIDRV - ok
22:24:36.0819 0768 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:24:36.0822 0768 IPNAT - ok
22:24:36.0886 0768 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:24:36.0896 0768 iPod Service - ok
22:24:36.0914 0768 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:24:36.0915 0768 IRENUM - ok
22:24:36.0932 0768 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:24:36.0933 0768 isapnp - ok
22:24:36.0991 0768 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:24:36.0994 0768 iScsiPrt - ok
22:24:37.0013 0768 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:24:37.0014 0768 iteatapi - ok
22:24:37.0031 0768 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:24:37.0032 0768 iteraid - ok
22:24:37.0051 0768 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:24:37.0052 0768 kbdclass - ok
22:24:37.0097 0768 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:24:37.0098 0768 kbdhid - ok
22:24:37.0122 0768 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:24:37.0126 0768 KeyIso - ok
22:24:37.0161 0768 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:24:37.0168 0768 KSecDD - ok
22:24:37.0177 0768 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:24:37.0179 0768 ksthunk - ok
22:24:37.0212 0768 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:24:37.0220 0768 KtmRm - ok
22:24:37.0252 0768 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
22:24:37.0260 0768 LanmanServer - ok
22:24:37.0317 0768 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
22:24:37.0326 0768 LanmanWorkstation - ok
22:24:37.0370 0768 Lavasoft Kernexplorer - ok
22:24:37.0384 0768 Lbd - ok
22:24:37.0429 0768 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:24:37.0431 0768 LightScribeService - ok
22:24:37.0453 0768 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:24:37.0455 0768 lltdio - ok
22:24:37.0487 0768 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:24:37.0494 0768 lltdsvc - ok
22:24:37.0513 0768 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:24:37.0517 0768 lmhosts - ok
22:24:37.0588 0768 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:24:37.0591 0768 LSI_FC - ok
22:24:37.0615 0768 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:24:37.0617 0768 LSI_SAS - ok
22:24:37.0649 0768 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:24:37.0651 0768 LSI_SCSI - ok
22:24:37.0674 0768 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:24:37.0676 0768 luafv - ok
22:24:37.0708 0768 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:24:37.0712 0768 Mcx2Svc - ok
22:24:37.0753 0768 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:24:37.0754 0768 megasas - ok
22:24:37.0788 0768 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:24:37.0793 0768 MegaSR - ok
22:24:37.0867 0768 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:24:37.0869 0768 Microsoft Office Groove Audit Service - ok
22:24:37.0896 0768 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:24:37.0900 0768 MMCSS - ok
22:24:37.0919 0768 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:24:37.0921 0768 Modem - ok
22:24:37.0953 0768 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:24:37.0954 0768 monitor - ok
22:24:37.0969 0768 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:24:37.0970 0768 mouclass - ok
22:24:37.0981 0768 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:24:37.0983 0768 mouhid - ok
22:24:37.0993 0768 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:24:37.0995 0768 MountMgr - ok
22:24:38.0026 0768 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:24:38.0029 0768 mpio - ok
22:24:38.0059 0768 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:24:38.0061 0768 mpsdrv - ok
22:24:38.0127 0768 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
22:24:38.0137 0768 MpsSvc - ok
22:24:38.0163 0768 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:24:38.0164 0768 Mraid35x - ok
22:24:38.0218 0768 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:24:38.0220 0768 MRxDAV - ok
22:24:38.0278 0768 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:24:38.0281 0768 mrxsmb - ok
22:24:38.0339 0768 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:24:38.0342 0768 mrxsmb10 - ok
22:24:38.0372 0768 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:24:38.0375 0768 mrxsmb20 - ok
22:24:38.0410 0768 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:24:38.0412 0768 msahci - ok
22:24:38.0438 0768 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:24:38.0440 0768 msdsm - ok
22:24:38.0477 0768 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:24:38.0481 0768 MSDTC - ok
22:24:38.0523 0768 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:24:38.0525 0768 Msfs - ok
22:24:38.0538 0768 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:24:38.0539 0768 msisadrv - ok
22:24:38.0613 0768 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:24:38.0618 0768 MSiSCSI - ok
22:24:38.0630 0768 msiserver - ok
22:24:38.0654 0768 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:24:38.0655 0768 MSKSSRV - ok
22:24:38.0672 0768 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:24:38.0673 0768 MSPCLOCK - ok
22:24:38.0687 0768 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:24:38.0689 0768 MSPQM - ok
22:24:38.0747 0768 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:24:38.0751 0768 MsRPC - ok
22:24:38.0772 0768 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:24:38.0773 0768 mssmbios - ok
22:24:38.0789 0768 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:24:38.0791 0768 MSTEE - ok
22:24:38.0814 0768 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:24:38.0816 0768 Mup - ok
22:24:38.0868 0768 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
22:24:38.0878 0768 napagent - ok
22:24:38.0939 0768 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:24:38.0942 0768 NativeWifiP - ok
22:24:38.0999 0768 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:24:39.0008 0768 NDIS - ok
22:24:39.0017 0768 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:24:39.0019 0768 NdisTapi - ok
22:24:39.0031 0768 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:24:39.0032 0768 Ndisuio - ok
22:24:39.0086 0768 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:24:39.0089 0768 NdisWan - ok
22:24:39.0102 0768 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:24:39.0103 0768 NDProxy - ok
22:24:39.0120 0768 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:24:39.0122 0768 NetBIOS - ok
22:24:39.0144 0768 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:24:39.0147 0768 netbt - ok
22:24:39.0198 0768 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:24:39.0201 0768 Netlogon - ok
22:24:39.0239 0768 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:24:39.0247 0768 Netman - ok
22:24:39.0268 0768 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:24:39.0275 0768 netprofm - ok
22:24:39.0321 0768 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
22:24:39.0329 0768 netr7364 - ok
22:24:39.0411 0768 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:39.0413 0768 NetTcpPortSharing - ok
22:24:39.0435 0768 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:24:39.0437 0768 nfrd960 - ok
22:24:39.0460 0768 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:24:39.0466 0768 NlaSvc - ok
22:24:39.0525 0768 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:24:39.0527 0768 Npfs - ok
22:24:39.0591 0768 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:24:39.0596 0768 nsi - ok
22:24:39.0622 0768 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:24:39.0624 0768 nsiproxy - ok
22:24:39.0717 0768 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:24:39.0735 0768 Ntfs - ok
22:24:39.0745 0768 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:24:39.0746 0768 Null - ok
22:24:39.0808 0768 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:24:39.0825 0768 NVENETFD - ok
22:24:40.0111 0768 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:24:40.0241 0768 nvlddmkm - ok
22:24:40.0261 0768 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:24:40.0262 0768 nvraid - ok
22:24:40.0279 0768 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys
22:24:40.0280 0768 nvrd64 - ok
22:24:40.0308 0768 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
22:24:40.0309 0768 nvsmu - ok
22:24:40.0331 0768 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:24:40.0332 0768 nvstor - ok
22:24:40.0342 0768 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys
22:24:40.0344 0768 nvstor64 - ok
22:24:40.0402 0768 nvsvc (9dfc3de793a130592a5a579d611d412e) C:\Windows\system32\nvvsvc.exe
22:24:40.0407 0768 nvsvc - ok
22:24:40.0439 0768 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:24:40.0441 0768 nv_agp - ok
22:24:40.0450 0768 NwlnkFlt - ok
22:24:40.0463 0768 NwlnkFwd - ok
22:24:40.0586 0768 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:24:40.0592 0768 odserv - ok
22:24:40.0688 0768 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:24:40.0690 0768 ohci1394 - ok
22:24:40.0708 0768 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:40.0710 0768 ose - ok
22:24:40.0794 0768 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:24:40.0808 0768 p2pimsvc - ok
22:24:40.0835 0768 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:24:40.0849 0768 p2psvc - ok
22:24:40.0871 0768 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:24:40.0873 0768 Parport - ok
22:24:40.0917 0768 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:24:40.0919 0768 partmgr - ok
22:24:40.0948 0768 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:24:40.0955 0768 PcaSvc - ok
22:24:40.0991 0768 PcdrNdisuio - ok
22:24:40.0999 0768 PCDSRVC{4942F9C0-0B403F17-06000000}_0 - ok
22:24:41.0021 0768 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:24:41.0024 0768 pci - ok
22:24:41.0040 0768 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:24:41.0041 0768 pciide - ok
22:24:41.0078 0768 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:24:41.0081 0768 pcmcia - ok
22:24:41.0121 0768 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:24:41.0130 0768 PEAUTH - ok
22:24:41.0166 0768 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:24:41.0170 0768 PerfHost - ok
22:24:41.0227 0768 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:24:41.0247 0768 pla - ok
22:24:41.0309 0768 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
22:24:41.0319 0768 PlugPlay - ok
22:24:41.0348 0768 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:24:41.0362 0768 PNRPAutoReg - ok
22:24:41.0381 0768 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:24:41.0395 0768 PNRPsvc - ok
22:24:41.0452 0768 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
22:24:41.0461 0768 PolicyAgent - ok
22:24:41.0520 0768 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:24:41.0522 0768 PptpMiniport - ok
22:24:41.0586 0768 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
22:24:41.0588 0768 Processor - ok
22:24:41.0639 0768 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
22:24:41.0647 0768 ProfSvc - ok
22:24:41.0706 0768 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:24:41.0710 0768 ProtectedStorage - ok
22:24:41.0736 0768 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
22:24:41.0737 0768 Ps2 - ok
22:24:41.0793 0768 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:24:41.0795 0768 PSched - ok
22:24:41.0855 0768 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:24:41.0869 0768 ql2300 - ok
22:24:41.0910 0768 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:24:41.0912 0768 ql40xx - ok
22:24:41.0937 0768 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:24:41.0945 0768 QWAVE - ok
22:24:41.0966 0768 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:24:41.0967 0768 QWAVEdrv - ok
22:24:41.0982 0768 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:24:41.0983 0768 RasAcd - ok
22:24:41.0997 0768 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:24:42.0004 0768 RasAuto - ok
22:24:42.0023 0768 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:24:42.0026 0768 Rasl2tp - ok
22:24:42.0051 0768 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
22:24:42.0059 0768 RasMan - ok
22:24:42.0114 0768 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:24:42.0116 0768 RasPppoe - ok
22:24:42.0174 0768 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:24:42.0176 0768 RasSstp - ok
22:24:42.0238 0768 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:24:42.0242 0768 rdbss - ok
22:24:42.0260 0768 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:24:42.0262 0768 RDPCDD - ok
22:24:42.0294 0768 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:24:42.0298 0768 rdpdr - ok
22:24:42.0307 0768 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:24:42.0309 0768 RDPENCDD - ok
22:24:42.0337 0768 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:24:42.0340 0768 RDPWD - ok
22:24:42.0376 0768 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:24:42.0381 0768 RemoteAccess - ok
22:24:42.0431 0768 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
22:24:42.0439 0768 RemoteRegistry - ok
22:24:42.0471 0768 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:24:42.0474 0768 RpcLocator - ok
22:24:42.0544 0768 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:24:42.0558 0768 RpcSs - ok
22:24:42.0569 0768 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:24:42.0571 0768 rspndr - ok
22:24:42.0597 0768 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
22:24:42.0601 0768 SamSs - ok
22:24:42.0687 0768 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
22:24:42.0691 0768 SbFw - ok
22:24:42.0727 0768 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:24:42.0729 0768 sbp2port - ok
22:24:42.0779 0768 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
22:24:42.0787 0768 SCardSvr - ok
22:24:42.0855 0768 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
22:24:42.0870 0768 Schedule - ok
22:24:42.0912 0768 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:24:42.0914 0768 SCPolicySvc - ok
22:24:42.0944 0768 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:24:42.0951 0768 SDRSVC - ok
22:24:42.0964 0768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:24:42.0966 0768 secdrv - ok
22:24:42.0982 0768 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:24:42.0988 0768 seclogon - ok
22:24:43.0007 0768 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
22:24:43.0014 0768 SENS - ok
22:24:43.0039 0768 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:24:43.0040 0768 Serenum - ok
22:24:43.0072 0768 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:24:43.0074 0768 Serial - ok
22:24:43.0114 0768 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:24:43.0116 0768 sermouse - ok
22:24:43.0147 0768 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:24:43.0153 0768 SessionEnv - ok
22:24:43.0173 0768 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:24:43.0175 0768 sffdisk - ok
22:24:43.0196 0768 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:24:43.0197 0768 sffp_mmc - ok
22:24:43.0215 0768 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:24:43.0217 0768 sffp_sd - ok
22:24:43.0238 0768 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:24:43.0239 0768 sfloppy - ok
22:24:43.0271 0768 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
22:24:43.0278 0768 SharedAccess - ok
22:24:43.0354 0768 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
22:24:43.0363 0768 ShellHWDetection - ok
22:24:43.0381 0768 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:24:43.0383 0768 SiSRaid2 - ok
22:24:43.0414 0768 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:24:43.0416 0768 SiSRaid4 - ok
22:24:43.0509 0768 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
22:24:43.0542 0768 slsvc - ok
22:24:43.0610 0768 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
22:24:43.0617 0768 SLUINotify - ok
22:24:43.0673 0768 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:24:43.0674 0768 Smb - ok
22:24:43.0692 0768 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:24:43.0698 0768 SNMPTRAP - ok
22:24:43.0797 0768 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
22:24:43.0799 0768 Sony PC Companion - ok
22:24:43.0856 0768 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:24:43.0858 0768 spldr - ok
22:24:43.0892 0768 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
22:24:43.0901 0768 Spooler - ok
22:24:43.0977 0768 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
22:24:43.0987 0768 sptd - ok
22:24:44.0036 0768 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:24:44.0042 0768 srv - ok
22:24:44.0061 0768 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:24:44.0064 0768 srv2 - ok
22:24:44.0080 0768 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:24:44.0083 0768 srvnet - ok
22:24:44.0101 0768 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:24:44.0109 0768 SSDPSRV - ok
22:24:44.0124 0768 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:24:44.0131 0768 SstpSvc - ok
22:24:44.0196 0768 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
22:24:44.0209 0768 stisvc - ok
22:24:44.0231 0768 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:24:44.0233 0768 swenum - ok
22:24:44.0302 0768 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
22:24:44.0313 0768 swprv - ok
22:24:44.0334 0768 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:24:44.0336 0768 Symc8xx - ok
22:24:44.0357 0768 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:24:44.0359 0768 Sym_hi - ok
22:24:44.0380 0768 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:24:44.0381 0768 Sym_u3 - ok
22:24:44.0445 0768 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
22:24:44.0461 0768 SysMain - ok
22:24:44.0492 0768 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:24:44.0500 0768 TabletInputService - ok
22:24:44.0553 0768 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
22:24:44.0563 0768 TapiSrv - ok
22:24:44.0634 0768 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:24:44.0642 0768 TBS - ok
22:24:44.0736 0768 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
22:24:44.0753 0768 Tcpip - ok
22:24:44.0794 0768 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
22:24:44.0810 0768 Tcpip6 - ok
22:24:44.0865 0768 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:24:44.0867 0768 tcpipreg - ok
22:24:44.0884 0768 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:24:44.0886 0768 TDPIPE - ok
22:24:44.0907 0768 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:24:44.0909 0768 TDTCP - ok
22:24:44.0960 0768 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:24:44.0962 0768 tdx - ok
22:24:45.0009 0768 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:24:45.0011 0768 TermDD - ok
22:24:45.0073 0768 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
22:24:45.0085 0768 TermService - ok
22:24:45.0163 0768 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
22:24:45.0172 0768 Themes - ok
22:24:45.0196 0768 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:24:45.0201 0768 THREADORDER - ok
22:24:45.0220 0768 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:24:45.0227 0768 TrkWks - ok
22:24:45.0290 0768 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
22:24:45.0291 0768 TrustedInstaller - ok
22:24:45.0318 0768 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:24:45.0320 0768 tssecsrv - ok
22:24:45.0346 0768 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:24:45.0347 0768 tunmp - ok
22:24:45.0407 0768 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:24:45.0409 0768 tunnel - ok
22:24:45.0429 0768 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:24:45.0431 0768 uagp35 - ok
22:24:45.0483 0768 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:24:45.0487 0768 udfs - ok
22:24:45.0517 0768 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:24:45.0524 0768 UI0Detect - ok
22:24:45.0551 0768 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:24:45.0553 0768 uliagpkx - ok
22:24:45.0577 0768 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:24:45.0581 0768 uliahci - ok
22:24:45.0594 0768 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:24:45.0597 0768 UlSata - ok
22:24:45.0643 0768 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:24:45.0646 0768 ulsata2 - ok
22:24:45.0674 0768 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:24:45.0675 0768 umbus - ok
22:24:45.0715 0768 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:24:45.0726 0768 upnphost - ok
22:24:45.0784 0768 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:24:45.0785 0768 USBAAPL64 - ok
22:24:45.0813 0768 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:24:45.0815 0768 usbccgp - ok
22:24:45.0826 0768 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:24:45.0828 0768 usbcir - ok
22:24:45.0853 0768 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:24:45.0855 0768 usbehci - ok
22:24:45.0917 0768 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:24:45.0921 0768 usbhub - ok
22:24:45.0950 0768 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
22:24:45.0951 0768 usbohci - ok
22:24:45.0992 0768 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:24:45.0993 0768 usbprint - ok
22:24:46.0014 0768 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:24:46.0016 0768 USBSTOR - ok
22:24:46.0039 0768 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:24:46.0041 0768 usbuhci - ok
22:24:46.0083 0768 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
22:24:46.0090 0768 UxSms - ok
22:24:46.0142 0768 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
22:24:46.0154 0768 vds - ok
22:24:46.0174 0768 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:24:46.0176 0768 vga - ok
22:24:46.0197 0768 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:24:46.0199 0768 VgaSave - ok
22:24:46.0216 0768 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:24:46.0218 0768 viaide - ok
22:24:46.0240 0768 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:24:46.0241 0768 volmgr - ok
22:24:46.0294 0768 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:24:46.0300 0768 volmgrx - ok
22:24:46.0365 0768 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:24:46.0369 0768 volsnap - ok
22:24:46.0393 0768 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:24:46.0396 0768 vsmraid - ok
22:24:46.0467 0768 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
22:24:46.0489 0768 VSS - ok
22:24:46.0551 0768 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
22:24:46.0562 0768 W32Time - ok
22:24:46.0625 0768 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:24:46.0626 0768 WacomPen - ok
22:24:46.0657 0768 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:46.0659 0768 Wanarp - ok
22:24:46.0667 0768 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:24:46.0669 0768 Wanarpv6 - ok
22:24:46.0716 0768 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
22:24:46.0731 0768 wcncsvc - ok
22:24:46.0775 0768 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:24:46.0782 0768 WcsPlugInService - ok
22:24:46.0792 0768 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:24:46.0794 0768 Wd - ok
22:24:46.0833 0768 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:24:46.0844 0768 Wdf01000 - ok
22:24:46.0863 0768 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:24:46.0870 0768 WdiServiceHost - ok
22:24:46.0876 0768 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:24:46.0884 0768 WdiSystemHost - ok
22:24:46.0901 0768 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
22:24:46.0910 0768 WebClient - ok
22:24:46.0941 0768 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:24:46.0950 0768 Wecsvc - ok
22:24:46.0994 0768 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:24:47.0001 0768 wercplsupport - ok
22:24:47.0022 0768 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
22:24:47.0030 0768 WerSvc - ok
22:24:47.0054 0768 WinDefend - ok
22:24:47.0066 0768 WinHttpAutoProxySvc - ok
22:24:47.0155 0768 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
22:24:47.0159 0768 Winmgmt - ok
22:24:47.0245 0768 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:24:47.0274 0768 WinRM - ok
22:24:47.0349 0768 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
22:24:47.0363 0768 Wlansvc - ok
22:24:47.0463 0768 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:47.0489 0768 wlidsvc - ok
22:24:47.0545 0768 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:24:47.0546 0768 WmiAcpi - ok
22:24:47.0628 0768 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
22:24:47.0632 0768 wmiApSrv - ok
22:24:47.0645 0768 WMPNetworkSvc - ok
22:24:47.0676 0768 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:24:47.0685 0768 WPCSvc - ok
22:24:47.0735 0768 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
22:24:47.0744 0768 WPDBusEnum - ok
22:24:47.0793 0768 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:24:47.0795 0768 WpdUsb - ok
22:24:47.0966 0768 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:24:47.0978 0768 WPFFontCache_v0400 - ok
22:24:48.0002 0768 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:24:48.0003 0768 ws2ifsl - ok
22:24:48.0065 0768 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
22:24:48.0073 0768 wscsvc - ok
22:24:48.0082 0768 WSearch - ok
22:24:48.0173 0768 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
22:24:48.0206 0768 wuauserv - ok
22:24:48.0228 0768 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:24:48.0230 0768 WUDFRd - ok
22:24:48.0247 0768 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:24:48.0255 0768 wudfsvc - ok
22:24:48.0277 0768 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
22:24:48.0505 0768 \Device\Harddisk0\DR0 - ok
22:24:48.0511 0768 Boot (0x1200) (e664cbd17d6b6ff6a5ab1f65743dec42) \Device\Harddisk0\DR0\Partition0
22:24:48.0513 0768 \Device\Harddisk0\DR0\Partition0 - ok
22:24:48.0519 0768 Boot (0x1200) (a333881f031ab8ac8cbfc08cf6b530cf) \Device\Harddisk0\DR0\Partition1
22:24:48.0521 0768 \Device\Harddisk0\DR0\Partition1 - ok
22:24:48.0524 0768 ============================================================
22:24:48.0524 0768 Scan finished
22:24:48.0524 0768 ============================================================
22:24:48.0541 1936 Detected object count: 0
22:24:48.0542 1936 Actual detected object count: 0

Edited by chris744, 13 April 2012 - 09:33 PM.


#8 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 09:33 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 22:26:25
-----------------------------
22:26:25.968 OS Version: Windows x64 6.0.6002 Service Pack 2
22:26:25.968 Number of processors: 4 586 0x203
22:26:25.969 ComputerName: NAMTAU-PC UserName: Chris
22:26:27.939 Initialize success
22:26:30.745 AVAST engine defs: 12040801
22:26:50.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
22:26:50.712 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
22:26:50.732 Disk 0 MBR read successfully
22:26:50.736 Disk 0 MBR scan
22:26:50.740 Disk 0 unknown MBR code
22:26:50.744 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 597009 MB offset 63
22:26:50.786 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13468 MB offset 1222675020
22:26:50.840 Disk 0 scanning C:\Windows\system32\drivers
22:26:58.427 Service scanning
22:27:12.924 Modules scanning
22:27:12.934 Disk 0 trace - called modules:
22:27:12.947 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
22:27:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006360790]
22:27:12.960 3 CLASSPNP.SYS[fffffa600079bc33] -> nt!IofCallDriver -> [0xfffffa8005e13e40]
22:27:12.967 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8005e0d9e0]
22:27:14.429 AVAST engine scan C:\Windows
22:27:18.371 AVAST engine scan C:\Windows\system32
22:29:36.150 AVAST engine scan C:\Windows\system32\drivers
22:29:47.291 AVAST engine scan C:\Users\Chris
22:30:15.672 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
22:30:15.680 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 09:39 PM

Hello Chris


I would like you to tell which browsers are redirecting, please check all that are installed and let me know which ones are redirecting and which ones are not


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 09:45 PM

Gringo,
Firefox, Chrome and IE are redirecting. Safari doesn't redirecting.

Chris

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 09:54 PM

Hello Chris


Lets try something


I want you to uninstall FireFox and if asked about user Data or settings the remove them also - reinstall firefox and check if it is still redirecting



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 10:06 PM

Gringo,

After reinstalling the firefox, it seems not redirecting using it. But problem still the same with Chrome.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 10:09 PM

Hello


very good now lets do the same with chrome


for IE I want you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chris744

chris744
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2012 - 10:19 PM

Gringo,

All the browsers are no longer redirecting. YEAH!!!! Thank you very much!!!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:03 AM

Posted 13 April 2012 - 10:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users