Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Dropper PE4 & Rootkit


  • This topic is locked This topic is locked
12 replies to this topic

#1 fantasygirl007

fantasygirl007

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 01 June 2012 - 01:21 AM

I have a Windows Vista. My computer started becoming very slow a few days ago, and any programs I opened (e.g. Mozilla Firefox, Google Chrome, any of my folders) would freeze until I restarted the computer. I went into Safe Mode (the only mode in which my computer can function) and ran Malwarebytes Scan, where it picked up several Rootkit viruses and some Trojan Dropper PE.4 viruses. However, the problem didn't go away after the virus scan and when I ran the virus scan again, the scan was clean.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_21
Run by Alice at 18:48:38 on 2012-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.2410 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Alice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Alice\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v13\ATLIECP.DLL
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v13\ATLIECP.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IPEVO Control Center] c:\program files\ipevo\control center\IPEVO Control Center.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [Facebook Update] "c:\users\alice\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HControlUser] "c:\program files\asus\atk hotkey\HControlUser.exe"
mRun: [ATKOSD2] "c:\program files\asus\atkosd2\ATKOSD2.exe"
mRun: [ATKMEDIA] "c:\program files\asus\atk media\DMedia.exe"
mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe"
mRun: [ETDWare] "c:\program files\elantech\ETDCtrl.exe"
mRun: [AmIcoSinglun] "c:\program files\amicosinglun\AmIcoSinglun.exe"
mRun: [ASUS Screen Saver Protector] "c:\windows\AsScrPro.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray
StartupFolder: c:\users\alice\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\alice\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{60d6618b-153f-4353-8185-908e676e5888}\_DCE9A4DB2A5F2786140FA3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\srspre~1.lnk - c:\windows\installer\{d42f84b6-3709-4a50-8502-6719d16ae6c8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v13\Atlscript.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: vizzed.com\www
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} - hxxps://trade.tsc.com.tw/ebroker/axekey.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BAA4A5E7-F0FB-48E3-9EA3-9FFAD951D906} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alice\appdata\roaming\mozilla\firefox\profiles\1g497r6r.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\alice\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\alice\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\alice\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\alice\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\alice\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-25 233024]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-8-15 101128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-8-15 1205760]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-6-11 90624]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-6-21 50176]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-3 4232704]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-9 28552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 257696]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-26 29736]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-3-7 6656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-3 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-4 112640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 SNXUAAAF;Sonix USB Audio Lower Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [2009-9-7 14269]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-31 23:34:58 607260 ------r- c:\users\alice\dds.scr
2012-05-31 23:34:09 50477 ----a-w- c:\users\alice\Defogger.exe
2012-05-31 23:10:12 -------- d-s---w- C:\ComboFix
2012-05-31 22:59:28 -------- d-----w- c:\users\alice\appdata\local\temp
2012-05-31 22:58:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-31 04:02:08 98816 ----a-w- c:\windows\sed.exe
2012-05-31 04:02:08 518144 ----a-w- c:\windows\SWREG.exe
2012-05-31 04:02:08 256000 ----a-w- c:\windows\PEV.exe
2012-05-31 04:02:08 208896 ----a-w- c:\windows\MBR.exe
2012-05-28 21:54:33 -------- d-----w- C:\found.000
2012-05-19 19:28:20 -------- d-----w- c:\program files\iPod
2012-05-19 19:28:15 -------- d-----w- c:\program files\iTunes
2012-05-19 17:28:31 -------- d-----w- c:\program files\Bonjour
2012-05-19 16:55:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-19 16:52:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-18 06:32:58 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{56603db8-5ee9-47c0-8658-eb9495c4d7a1}\mpengine.dll
2012-05-15 19:50:17 -------- d-----w- c:\users\alice\appdata\roaming\Smartsims
2012-05-03 17:18:14 -------- d-----w- c:\program files\Smartsims
.
==================== Find3M ====================
.
2012-05-19 17:43:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:52:41.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 05 June 2012 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 fantasygirl007

fantasygirl007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 05 June 2012 - 11:22 AM

Here is the tdsskiller log:

10:34:11.0533 1828 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:34:11.0907 1828 ============================================================
10:34:11.0907 1828 Current date / time: 2012/06/05 10:34:11.0907
10:34:11.0907 1828 SystemInfo:
10:34:11.0907 1828
10:34:11.0907 1828 OS Version: 6.0.6001 ServicePack: 1.0
10:34:11.0907 1828 Product type: Workstation
10:34:11.0907 1828 ComputerName: CUPCAKE
10:34:11.0907 1828 UserName: Alice
10:34:11.0907 1828 Windows directory: C:\Windows
10:34:11.0907 1828 System windows directory: C:\Windows
10:34:11.0907 1828 Processor architecture: Intel x86
10:34:11.0907 1828 Number of processors: 1
10:34:11.0907 1828 Page size: 0x1000
10:34:11.0907 1828 Boot type: Normal boot
10:34:11.0907 1828 ============================================================
10:34:12.0453 1828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:34:12.0453 1828 ============================================================
10:34:12.0453 1828 \Device\Harddisk0\DR0:
10:34:12.0453 1828 MBR partitions:
10:34:12.0453 1828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
10:34:12.0469 1828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
10:34:12.0469 1828 ============================================================
10:34:12.0531 1828 C: <-> \Device\Harddisk0\DR0\Partition0
10:34:12.0609 1828 D: <-> \Device\Harddisk0\DR0\Partition1
10:34:12.0609 1828 ============================================================
10:34:12.0609 1828 Initialize success
10:34:12.0609 1828 ============================================================
10:34:18.0709 2752 ============================================================
10:34:18.0709 2752 Scan started
10:34:18.0709 2752 Mode: Manual;
10:34:18.0709 2752 ============================================================
10:34:23.0732 2752 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
10:34:23.0779 2752 ACPI - ok
10:34:24.0215 2752 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:34:24.0215 2752 Adobe LM Service - ok
10:34:24.0574 2752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:34:24.0621 2752 AdobeFlashPlayerUpdateSvc - ok
10:34:24.0683 2752 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:34:24.0699 2752 adp94xx - ok
10:34:24.0777 2752 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:34:24.0824 2752 adpahci - ok
10:34:24.0839 2752 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:34:24.0839 2752 adpu160m - ok
10:34:24.0886 2752 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:34:24.0886 2752 adpu320 - ok
10:34:25.0011 2752 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:34:25.0011 2752 AeLookupSvc - ok
10:34:25.0807 2752 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
10:34:25.0822 2752 AFD - ok
10:34:25.0869 2752 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:34:25.0869 2752 agp440 - ok
10:34:25.0900 2752 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:34:25.0900 2752 aic78xx - ok
10:34:25.0931 2752 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:34:25.0931 2752 ALG - ok
10:34:25.0947 2752 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:34:25.0963 2752 aliide - ok
10:34:25.0978 2752 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:34:25.0978 2752 amdagp - ok
10:34:26.0009 2752 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:34:26.0025 2752 amdide - ok
10:34:26.0041 2752 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:34:26.0041 2752 AmdK7 - ok
10:34:26.0072 2752 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:34:26.0072 2752 AmdK8 - ok
10:34:26.0103 2752 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:34:26.0119 2752 Appinfo - ok
10:34:26.0353 2752 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:34:26.0399 2752 Apple Mobile Device - ok
10:34:26.0493 2752 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:34:26.0524 2752 arc - ok
10:34:26.0602 2752 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:34:26.0618 2752 arcsas - ok
10:34:26.0743 2752 ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
10:34:26.0743 2752 ASLDRService - ok
10:34:26.0774 2752 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
10:34:26.0774 2752 ASMMAP - ok
10:34:26.0805 2752 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:26.0821 2752 AsyncMac - ok
10:34:26.0836 2752 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:34:26.0836 2752 atapi - ok
10:34:26.0883 2752 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
10:34:26.0883 2752 ATKGFNEXSrv - ok
10:34:27.0398 2752 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:34:27.0413 2752 AudioEndpointBuilder - ok
10:34:27.0413 2752 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:34:27.0413 2752 Audiosrv - ok
10:34:27.0491 2752 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:34:27.0491 2752 Beep - ok
10:34:28.0006 2752 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
10:34:28.0037 2752 BITS - ok
10:34:28.0147 2752 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:34:28.0178 2752 blbdrive - ok
10:34:28.0583 2752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:34:28.0615 2752 Bonjour Service - ok
10:34:28.0739 2752 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
10:34:28.0786 2752 bowser - ok
10:34:28.0833 2752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:34:28.0849 2752 BrFiltLo - ok
10:34:28.0864 2752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:34:28.0864 2752 BrFiltUp - ok
10:34:28.0973 2752 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:34:28.0973 2752 Browser - ok
10:34:29.0020 2752 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:34:29.0020 2752 Brserid - ok
10:34:29.0036 2752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:34:29.0036 2752 BrSerWdm - ok
10:34:29.0051 2752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:34:29.0051 2752 BrUsbMdm - ok
10:34:29.0067 2752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:34:29.0067 2752 BrUsbSer - ok
10:34:29.0176 2752 BthEnum (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys
10:34:29.0176 2752 BthEnum - ok
10:34:29.0207 2752 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:34:29.0223 2752 BTHMODEM - ok
10:34:29.0270 2752 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:34:29.0270 2752 BthPan - ok
10:34:29.0363 2752 BTHPORT (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys
10:34:29.0379 2752 BTHPORT - ok
10:34:29.0426 2752 BthServ (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll
10:34:29.0426 2752 BthServ - ok
10:34:29.0473 2752 BTHUSB (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys
10:34:29.0473 2752 BTHUSB - ok
10:34:29.0519 2752 btwaudio (463483285b2d2d345443aaee7b9391e7) C:\Windows\system32\drivers\btwaudio.sys
10:34:29.0519 2752 btwaudio - ok
10:34:29.0551 2752 btwavdt (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
10:34:29.0551 2752 btwavdt - ok
10:34:30.0190 2752 btwdins (b78d1aca1bbd0077848d9f87c8207ab1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:34:30.0206 2752 btwdins - ok
10:34:30.0237 2752 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:34:30.0237 2752 btwl2cap - ok
10:34:30.0253 2752 btwrchid (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
10:34:30.0253 2752 btwrchid - ok
10:34:30.0487 2752 catchme - ok
10:34:30.0549 2752 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:34:30.0549 2752 cdfs - ok
10:34:30.0580 2752 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
10:34:30.0596 2752 cdrom - ok
10:34:30.0611 2752 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:34:30.0611 2752 CertPropSvc - ok
10:34:30.0643 2752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:34:30.0643 2752 circlass - ok
10:34:30.0674 2752 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
10:34:30.0674 2752 CLFS - ok
10:34:30.0767 2752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:34:30.0783 2752 clr_optimization_v2.0.50727_32 - ok
10:34:31.0048 2752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:34:31.0048 2752 clr_optimization_v4.0.30319_32 - ok
10:34:31.0126 2752 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:34:31.0126 2752 CmBatt - ok
10:34:31.0157 2752 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:34:31.0157 2752 cmdide - ok
10:34:31.0204 2752 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:34:31.0204 2752 Compbatt - ok
10:34:31.0204 2752 COMSysApp - ok
10:34:31.0235 2752 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:34:31.0235 2752 crcdisk - ok
10:34:31.0282 2752 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\Windows\system32\DRIVERS\CRFILTER.sys
10:34:31.0298 2752 CRFILTER - ok
10:34:31.0313 2752 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:34:31.0313 2752 Crusoe - ok
10:34:31.0360 2752 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
10:34:31.0360 2752 CryptSvc - ok
10:34:31.0469 2752 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
10:34:31.0516 2752 DcomLaunch - ok
10:34:31.0766 2752 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
10:34:31.0781 2752 DfsC - ok
10:34:32.0312 2752 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
10:34:32.0359 2752 DFSR - ok
10:34:32.0780 2752 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
10:34:32.0795 2752 Dhcp - ok
10:34:32.0920 2752 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
10:34:32.0920 2752 disk - ok
10:34:33.0061 2752 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
10:34:33.0061 2752 Dnscache - ok
10:34:33.0107 2752 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
10:34:33.0123 2752 dot3svc - ok
10:34:33.0170 2752 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:34:33.0185 2752 Dot4 - ok
10:34:33.0232 2752 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:34:33.0232 2752 Dot4Print - ok
10:34:33.0310 2752 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:34:33.0310 2752 dot4usb - ok
10:34:33.0544 2752 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:34:33.0591 2752 DPS - ok
10:34:33.0622 2752 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:34:33.0856 2752 drmkaud - ok
10:34:34.0683 2752 dtsoftbus01 (16c5891c6d1fa0b5d9014f85a482eb20) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:34:34.0683 2752 dtsoftbus01 - ok
10:34:35.0510 2752 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
10:34:35.0603 2752 DXGKrnl - ok
10:34:36.0087 2752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:34:36.0118 2752 E1G60 - ok
10:34:36.0243 2752 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:34:36.0243 2752 EapHost - ok
10:34:36.0477 2752 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
10:34:36.0539 2752 Ecache - ok
10:34:37.0522 2752 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:34:37.0694 2752 ehRecvr - ok
10:34:37.0928 2752 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:34:37.0975 2752 ehSched - ok
10:34:38.0177 2752 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:34:38.0193 2752 ehstart - ok
10:34:39.0956 2752 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:34:40.0096 2752 elxstor - ok
10:34:40.0814 2752 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
10:34:41.0126 2752 EMDMgmt - ok
10:34:41.0204 2752 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:34:41.0235 2752 ErrDev - ok
10:34:41.0360 2752 ETD (fa6fafd9455e69cfcd272e84db9bdc33) C:\Windows\system32\DRIVERS\ETD.sys
10:34:41.0375 2752 ETD - ok
10:34:41.0890 2752 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
10:34:41.0937 2752 EventSystem - ok
10:34:42.0218 2752 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
10:34:42.0358 2752 exfat - ok
10:34:42.0530 2752 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
10:34:42.0592 2752 fastfat - ok
10:34:42.0717 2752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:34:42.0733 2752 fdc - ok
10:34:42.0795 2752 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:34:42.0795 2752 fdPHost - ok
10:34:42.0904 2752 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:34:42.0920 2752 FDResPub - ok
10:34:43.0388 2752 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:34:43.0403 2752 FileInfo - ok
10:34:43.0684 2752 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:34:43.0762 2752 Filetrace - ok
10:34:43.0934 2752 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:34:43.0934 2752 flpydisk - ok
10:34:45.0431 2752 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
10:34:45.0509 2752 FltMgr - ok
10:34:45.0993 2752 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:34:46.0071 2752 FontCache3.0.0.0 - ok
10:34:46.0414 2752 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
10:34:46.0430 2752 fssfltr - ok
10:34:48.0458 2752 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:34:48.0973 2752 fsssvc - ok
10:34:49.0082 2752 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:49.0129 2752 Fs_Rec - ok
10:34:49.0331 2752 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:34:49.0331 2752 gagp30kx - ok
10:34:49.0768 2752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:34:49.0768 2752 GEARAspiWDM - ok
10:34:50.0767 2752 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
10:34:51.0297 2752 gpsvc - ok
10:34:53.0216 2752 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:34:53.0247 2752 gupdate - ok
10:34:53.0247 2752 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:34:53.0247 2752 gupdatem - ok
10:34:54.0433 2752 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:34:54.0464 2752 gusvc - ok
10:34:55.0852 2752 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:34:56.0195 2752 HdAudAddService - ok
10:34:56.0882 2752 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:34:56.0882 2752 HDAudBus - ok
10:34:57.0771 2752 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:34:57.0943 2752 HidBth - ok
10:34:58.0535 2752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:34:58.0629 2752 HidIr - ok
10:34:59.0191 2752 hidserv (53d5a2f9ce6ae47d7507727df1da79f8) C:\Windows\System32\hidserv.dll
10:34:59.0222 2752 hidserv - ok
10:34:59.0393 2752 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
10:34:59.0425 2752 HidUsb - ok
10:34:59.0986 2752 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:35:00.0080 2752 hkmsvc - ok
10:35:00.0376 2752 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:35:00.0501 2752 HpCISSs - ok
10:35:02.0888 2752 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:35:02.0981 2752 hpqcxs08 - ok
10:35:06.0133 2752 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:35:06.0351 2752 hpqddsvc - ok
10:35:19.0720 2752 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:35:20.0297 2752 HPSLPSVC - ok
10:35:25.0742 2752 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
10:35:26.0038 2752 HTTP - ok
10:35:26.0381 2752 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:35:26.0428 2752 i2omp - ok
10:35:27.0286 2752 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:35:27.0333 2752 i8042prt - ok
10:35:28.0612 2752 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
10:35:28.0628 2752 iaStor - ok
10:35:29.0205 2752 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:35:29.0377 2752 iaStorV - ok
10:35:35.0554 2752 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:35:35.0960 2752 idsvc - ok
10:35:56.0021 2752 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:35:56.0333 2752 igfx - ok
10:35:56.0599 2752 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:35:56.0614 2752 iirsp - ok
10:35:56.0817 2752 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
10:35:56.0833 2752 IKEEXT - ok
10:35:57.0301 2752 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
10:35:57.0379 2752 IntcAzAudAddService - ok
10:35:57.0722 2752 IntcHdmiAddService (362b19109f9b6f68c8e2a35efc9144a0) C:\Windows\system32\drivers\IntcHdmi.sys
10:35:57.0722 2752 IntcHdmiAddService - ok
10:35:58.0237 2752 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:35:58.0361 2752 intelide - ok
10:35:59.0095 2752 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:35:59.0095 2752 intelppm - ok
10:36:00.0499 2752 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:36:00.0686 2752 IPBusEnum - ok
10:36:01.0263 2752 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:01.0310 2752 IpFilterDriver - ok
10:36:05.0475 2752 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
10:36:05.0537 2752 iphlpsvc - ok
10:36:05.0553 2752 IpInIp - ok
10:36:06.0302 2752 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:36:06.0349 2752 IPMIDRV - ok
10:36:07.0097 2752 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:36:07.0191 2752 IPNAT - ok
10:36:19.0531 2752 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:36:19.0811 2752 iPod Service - ok
10:36:20.0045 2752 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:36:20.0045 2752 IRENUM - ok
10:36:21.0028 2752 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:36:21.0215 2752 isapnp - ok
10:36:24.0367 2752 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
10:36:24.0367 2752 iScsiPrt - ok
10:36:24.0788 2752 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:36:24.0850 2752 iteatapi - ok
10:36:25.0474 2752 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:36:25.0568 2752 iteraid - ok
10:36:26.0051 2752 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:36:26.0051 2752 kbdclass - ok
10:36:26.0270 2752 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
10:36:26.0317 2752 kbdhid - ok
10:36:26.0629 2752 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\Windows\system32\DRIVERS\kbfiltr.sys
10:36:26.0629 2752 kbfiltr - ok
10:36:26.0816 2752 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:36:26.0816 2752 KeyIso - ok
10:36:30.0435 2752 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
10:36:30.0529 2752 KSecDD - ok
10:36:33.0742 2752 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:36:34.0023 2752 KtmRm - ok
10:36:34.0725 2752 L1C (1c2af919fde8ed307135b6487af4d7f8) C:\Windows\system32\DRIVERS\L1C60x86.sys
10:36:34.0772 2752 L1C - ok
10:36:35.0115 2752 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
10:36:35.0146 2752 LanmanServer - ok
10:36:37.0065 2752 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
10:36:37.0205 2752 LanmanWorkstation - ok
10:36:38.0344 2752 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:36:38.0344 2752 LightScribeService - ok
10:36:39.0062 2752 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:39.0109 2752 lltdio - ok
10:36:40.0856 2752 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:36:41.0074 2752 lltdsvc - ok
10:36:41.0620 2752 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:36:41.0761 2752 lmhosts - ok
10:36:42.0665 2752 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:36:42.0697 2752 LSI_FC - ok
10:36:42.0962 2752 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:36:43.0149 2752 LSI_SAS - ok
10:36:44.0553 2752 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:36:44.0647 2752 LSI_SCSI - ok
10:36:45.0115 2752 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:36:45.0177 2752 luafv - ok
10:36:47.0876 2752 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
10:36:47.0923 2752 McComponentHostService - ok
10:36:48.0687 2752 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:36:48.0734 2752 Mcx2Svc - ok
10:36:49.0483 2752 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:36:50.0871 2752 megasas - ok
10:36:56.0300 2752 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:36:56.0737 2752 MegaSR - ok
10:36:57.0002 2752 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:36:57.0017 2752 MMCSS - ok
10:36:57.0423 2752 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:36:57.0470 2752 Modem - ok
10:36:58.0031 2752 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:36:58.0031 2752 monitor - ok
10:36:58.0577 2752 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:36:58.0577 2752 mouclass - ok
10:36:58.0858 2752 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:58.0905 2752 mouhid - ok
10:36:59.0763 2752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:36:59.0763 2752 MountMgr - ok
10:37:01.0136 2752 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:37:01.0229 2752 MozillaMaintenance - ok
10:37:01.0370 2752 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:37:01.0385 2752 mpio - ok
10:37:01.0463 2752 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:37:01.0479 2752 mpsdrv - ok
10:37:01.0635 2752 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:37:01.0744 2752 Mraid35x - ok
10:37:01.0978 2752 MREMPR5 - ok
10:37:01.0994 2752 MRENDIS5 - ok
10:37:02.0025 2752 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
10:37:02.0041 2752 MRxDAV - ok
10:37:02.0306 2752 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:02.0306 2752 mrxsmb - ok
10:37:02.0509 2752 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:02.0509 2752 mrxsmb10 - ok
10:37:02.0758 2752 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:02.0758 2752 mrxsmb20 - ok
10:37:02.0977 2752 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:37:02.0977 2752 msahci - ok
10:37:03.0070 2752 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:37:03.0070 2752 msdsm - ok
10:37:03.0179 2752 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:37:03.0195 2752 MSDTC - ok
10:37:03.0320 2752 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:37:03.0320 2752 Msfs - ok
10:37:03.0398 2752 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:37:03.0398 2752 msisadrv - ok
10:37:03.0507 2752 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:37:03.0523 2752 MSiSCSI - ok
10:37:03.0554 2752 msiserver - ok
10:37:03.0632 2752 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:03.0632 2752 MSKSSRV - ok
10:37:03.0694 2752 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:03.0694 2752 MSPCLOCK - ok
10:37:03.0757 2752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:37:03.0757 2752 MSPQM - ok
10:37:03.0819 2752 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
10:37:03.0866 2752 MsRPC - ok
10:37:03.0991 2752 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:03.0991 2752 mssmbios - ok
10:37:04.0037 2752 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:37:04.0037 2752 MSTEE - ok
10:37:04.0178 2752 MTsensor (bb16693616427eac1a436e106ea8d318) C:\Windows\system32\DRIVERS\ATKACPI.sys
10:37:04.0178 2752 MTsensor - ok
10:37:04.0412 2752 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
10:37:04.0412 2752 Mup - ok
10:37:04.0552 2752 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
10:37:04.0568 2752 napagent - ok
10:37:04.0739 2752 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:04.0739 2752 NativeWifiP - ok
10:37:04.0802 2752 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
10:37:04.0833 2752 NDIS - ok
10:37:04.0927 2752 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:04.0927 2752 NdisTapi - ok
10:37:04.0973 2752 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:04.0989 2752 Ndisuio - ok
10:37:07.0017 2752 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:07.0079 2752 NdisWan - ok
10:37:07.0142 2752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:37:07.0189 2752 NDProxy - ok
10:37:07.0750 2752 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
10:37:07.0797 2752 Net Driver HPZ12 - ok
10:37:08.0281 2752 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:37:08.0327 2752 NetBIOS - ok
10:37:09.0747 2752 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
10:37:09.0887 2752 netbt - ok
10:37:10.0075 2752 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:37:10.0075 2752 Netlogon - ok
10:37:14.0053 2752 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:37:14.0287 2752 Netman - ok
10:37:15.0956 2752 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:37:15.0956 2752 netprofm - ok
10:37:17.0953 2752 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:37:17.0968 2752 NetTcpPortSharing - ok
10:37:46.0142 2752 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:37:46.0251 2752 NETw5v32 - ok
10:37:46.0516 2752 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:37:46.0516 2752 nfrd960 - ok
10:37:46.0625 2752 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:37:46.0641 2752 NlaSvc - ok
10:37:46.0735 2752 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
10:37:46.0735 2752 Npfs - ok
10:37:46.0828 2752 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:37:46.0828 2752 nsi - ok
10:37:46.0875 2752 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:37:46.0891 2752 nsiproxy - ok
10:37:47.0031 2752 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
10:37:47.0062 2752 Ntfs - ok
10:37:47.0140 2752 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:37:47.0140 2752 ntrigdigi - ok
10:37:47.0249 2752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:37:47.0249 2752 Null - ok
10:37:47.0327 2752 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:37:47.0327 2752 nvraid - ok
10:37:47.0390 2752 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:37:47.0390 2752 nvstor - ok
10:37:47.0483 2752 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:37:47.0483 2752 nv_agp - ok
10:37:47.0530 2752 NwlnkFlt - ok
10:37:47.0546 2752 NwlnkFwd - ok
10:37:47.0686 2752 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:37:47.0733 2752 odserv - ok
10:37:47.0827 2752 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:47.0842 2752 ohci1394 - ok
10:37:47.0920 2752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:47.0936 2752 ose - ok
10:37:48.0061 2752 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:37:48.0092 2752 p2pimsvc - ok
10:37:48.0139 2752 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:37:48.0154 2752 p2psvc - ok
10:37:48.0263 2752 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:37:48.0263 2752 Parport - ok
10:37:48.0326 2752 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
10:37:48.0326 2752 partmgr - ok
10:37:48.0419 2752 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:37:48.0419 2752 Parvdm - ok
10:37:48.0560 2752 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
10:37:48.0560 2752 pavboot - ok
10:37:48.0685 2752 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:37:48.0685 2752 PcaSvc - ok
10:37:48.0809 2752 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
10:37:48.0809 2752 pci - ok
10:37:48.0903 2752 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:37:48.0903 2752 pciide - ok
10:37:49.0012 2752 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:37:49.0012 2752 pcmcia - ok
10:37:49.0168 2752 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:37:49.0199 2752 PEAUTH - ok
10:37:49.0387 2752 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:37:49.0433 2752 pla - ok
10:37:49.0621 2752 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
10:37:49.0621 2752 PlugPlay - ok
10:37:49.0714 2752 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
10:37:49.0714 2752 Pml Driver HPZ12 - ok
10:37:49.0839 2752 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:37:49.0855 2752 PNRPAutoReg - ok
10:37:49.0886 2752 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:37:49.0948 2752 PNRPsvc - ok
10:37:50.0026 2752 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
10:37:50.0057 2752 PolicyAgent - ok
10:37:50.0167 2752 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:50.0167 2752 PptpMiniport - ok
10:37:50.0276 2752 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:37:50.0276 2752 Processor - ok
10:37:50.0369 2752 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
10:37:50.0385 2752 ProfSvc - ok
10:37:50.0463 2752 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:37:50.0479 2752 ProtectedStorage - ok
10:37:50.0603 2752 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
10:37:50.0619 2752 PSched - ok
10:37:50.0697 2752 pwipf6 (f36574577dd24bfb9c7fa4c2e2edc4db) C:\Windows\system32\DRIVERS\pwipf6.sys
10:37:50.0697 2752 pwipf6 - ok
10:37:50.0837 2752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:37:50.0884 2752 ql2300 - ok
10:37:50.0915 2752 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:37:50.0931 2752 ql40xx - ok
10:37:51.0118 2752 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:37:51.0149 2752 QWAVE - ok
10:37:51.0259 2752 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:37:51.0259 2752 QWAVEdrv - ok
10:37:51.0399 2752 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:51.0399 2752 RasAcd - ok
10:37:51.0524 2752 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:37:51.0524 2752 RasAuto - ok
10:37:51.0586 2752 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:51.0586 2752 Rasl2tp - ok
10:37:51.0727 2752 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
10:37:51.0727 2752 RasMan - ok
10:37:51.0820 2752 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:51.0820 2752 RasPppoe - ok
10:37:51.0914 2752 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:51.0914 2752 RasSstp - ok
10:37:51.0976 2752 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:51.0992 2752 rdbss - ok
10:37:52.0070 2752 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:52.0070 2752 RDPCDD - ok
10:37:52.0179 2752 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:37:52.0179 2752 rdpdr - ok
10:37:52.0273 2752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:37:52.0273 2752 RDPENCDD - ok
10:37:52.0397 2752 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
10:37:52.0397 2752 RDPWD - ok
10:37:52.0522 2752 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:37:52.0538 2752 RemoteAccess - ok
10:37:52.0631 2752 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
10:37:52.0647 2752 RemoteRegistry - ok
10:37:52.0725 2752 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
10:37:52.0725 2752 RFCOMM - ok
10:37:52.0819 2752 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:37:52.0819 2752 RpcLocator - ok
10:37:52.0943 2752 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
10:37:52.0975 2752 RpcSs - ok
10:37:53.0037 2752 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:53.0037 2752 rspndr - ok
10:37:53.0131 2752 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:37:53.0131 2752 SamSs - ok
10:37:53.0240 2752 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:37:53.0240 2752 sbp2port - ok
10:37:53.0365 2752 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
10:37:53.0365 2752 SCardSvr - ok
10:37:53.0458 2752 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
10:37:53.0489 2752 Schedule - ok
10:37:53.0599 2752 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:37:53.0599 2752 SCPolicySvc - ok
10:37:53.0723 2752 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
10:37:53.0739 2752 sdbus - ok
10:37:53.0817 2752 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:37:53.0833 2752 SDRSVC - ok
10:37:53.0879 2752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:37:53.0879 2752 secdrv - ok
10:37:53.0973 2752 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:37:53.0989 2752 seclogon - ok
10:37:54.0067 2752 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:37:54.0082 2752 SENS - ok
10:37:54.0129 2752 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:37:54.0145 2752 Serenum - ok
10:37:54.0207 2752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:37:54.0207 2752 Serial - ok
10:37:54.0301 2752 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:37:54.0316 2752 sermouse - ok
10:37:54.0425 2752 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:37:54.0441 2752 SessionEnv - ok
10:37:54.0519 2752 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:37:54.0519 2752 sffdisk - ok
10:37:54.0613 2752 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:37:54.0613 2752 sffp_mmc - ok
10:37:54.0675 2752 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:37:54.0675 2752 sffp_sd - ok
10:37:54.0784 2752 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:37:54.0815 2752 sfloppy - ok
10:37:54.0909 2752 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:37:54.0909 2752 SharedAccess - ok
10:37:55.0003 2752 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
10:37:55.0018 2752 ShellHWDetection - ok
10:37:55.0081 2752 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:37:55.0096 2752 sisagp - ok
10:37:55.0159 2752 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:37:55.0159 2752 SiSRaid2 - ok
10:37:55.0252 2752 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:37:55.0252 2752 SiSRaid4 - ok
10:37:55.0502 2752 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
10:37:55.0533 2752 slsvc - ok
10:37:55.0767 2752 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
10:37:55.0783 2752 SLUINotify - ok
10:37:55.0861 2752 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
10:37:55.0861 2752 Smb - ok
10:37:56.0001 2752 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
10:37:56.0032 2752 smserial - ok
10:37:56.0173 2752 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:37:56.0173 2752 SNMPTRAP - ok
10:37:56.0391 2752 SNP2UVC (39fd0b63712bad55583f97d41936a07c) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:37:56.0438 2752 SNP2UVC - ok
10:37:56.0609 2752 SNXUAAAF (7abebb54375bd607e0867989f8b87529) C:\Windows\system32\DRIVERS\SNXUAAAF.sys
10:37:56.0609 2752 SNXUAAAF - ok
10:37:56.0703 2752 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:37:56.0703 2752 spldr - ok
10:37:56.0797 2752 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
10:37:56.0797 2752 Spooler - ok
10:37:56.0953 2752 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
10:37:56.0953 2752 srv - ok
10:37:57.0077 2752 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
10:37:57.0077 2752 srv2 - ok
10:37:57.0187 2752 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
10:37:57.0187 2752 srvnet - ok
10:37:57.0280 2752 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:37:57.0311 2752 SSDPSRV - ok
10:37:57.0405 2752 ssfs0bbc (4479aeb7ec022b75f882c167fe2a7a34) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
10:37:57.0405 2752 ssfs0bbc - ok
10:37:57.0499 2752 sshrmd (58154d7f69a1322d9bd885e2e61cf152) C:\Windows\system32\DRIVERS\sshrmd.sys
10:37:57.0499 2752 sshrmd - ok
10:37:57.0561 2752 ssidrv (e971eee20b8083e57b5529aea065ec51) C:\Windows\system32\DRIVERS\ssidrv.sys
10:37:57.0561 2752 ssidrv - ok
10:37:57.0623 2752 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:37:57.0623 2752 SstpSvc - ok
10:37:57.0717 2752 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
10:37:57.0733 2752 stisvc - ok
10:37:57.0764 2752 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:37:57.0764 2752 swenum - ok
10:37:57.0811 2752 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
10:37:57.0826 2752 swprv - ok
10:37:57.0857 2752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:37:57.0857 2752 Symc8xx - ok
10:37:57.0873 2752 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:37:57.0873 2752 Sym_hi - ok
10:37:57.0889 2752 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:37:57.0889 2752 Sym_u3 - ok
10:37:57.0935 2752 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
10:37:57.0951 2752 SysMain - ok
10:37:58.0076 2752 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:37:58.0076 2752 TabletInputService - ok
10:37:58.0201 2752 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
10:37:58.0216 2752 TapiSrv - ok
10:37:58.0310 2752 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:37:58.0325 2752 TBS - ok
10:37:58.0450 2752 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
10:37:58.0497 2752 Tcpip - ok
10:37:58.0559 2752 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:58.0559 2752 Tcpip6 - ok
10:37:58.0669 2752 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
10:37:58.0731 2752 tcpipreg - ok
10:37:58.0840 2752 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:37:58.0840 2752 TDPIPE - ok
10:37:58.0996 2752 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:37:58.0996 2752 TDTCP - ok
10:37:59.0074 2752 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
10:37:59.0074 2752 tdx - ok
10:37:59.0168 2752 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
10:37:59.0168 2752 TermDD - ok
10:37:59.0277 2752 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
10:37:59.0308 2752 TermService - ok
10:37:59.0745 2752 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
10:37:59.0745 2752 Themes - ok
10:37:59.0839 2752 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:37:59.0839 2752 THREADORDER - ok
10:37:59.0932 2752 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:37:59.0948 2752 TrkWks - ok
10:38:00.0151 2752 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
10:38:00.0151 2752 TrustedInstaller - ok
10:38:00.0291 2752 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:00.0307 2752 tssecsrv - ok
10:38:00.0385 2752 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:38:00.0385 2752 tunmp - ok
10:38:00.0509 2752 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
10:38:00.0509 2752 tunnel - ok
10:38:00.0681 2752 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:38:00.0712 2752 uagp35 - ok
10:38:01.0118 2752 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
10:38:01.0149 2752 udfs - ok
10:38:01.0289 2752 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:38:01.0305 2752 UI0Detect - ok
10:38:01.0431 2752 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:38:01.0462 2752 uliagpkx - ok
10:38:01.0634 2752 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:38:01.0649 2752 uliahci - ok
10:38:01.0836 2752 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:38:01.0852 2752 UlSata - ok
10:38:02.0070 2752 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:38:02.0102 2752 ulsata2 - ok
10:38:02.0226 2752 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:38:02.0242 2752 umbus - ok
10:38:02.0649 2752 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:38:02.0680 2752 upnphost - ok
10:38:02.0820 2752 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:38:02.0836 2752 USBAAPL - ok
10:38:02.0929 2752 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
10:38:02.0945 2752 usbaudio - ok
10:38:03.0007 2752 usbccgp (6b99d67cb445cdcda5c8caa2cab2f9c9) C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:03.0007 2752 usbccgp - ok
10:38:03.0257 2752 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:38:03.0319 2752 usbcir - ok
10:38:03.0475 2752 usbehci (1fef5156ddb0edb7201a8ac6416910c3) C:\Windows\system32\DRIVERS\usbehci.sys
10:38:03.0475 2752 usbehci - ok
10:38:03.0600 2752 usbhub (d30132b5b7711e33245355358e6f6875) C:\Windows\system32\DRIVERS\usbhub.sys
10:38:03.0616 2752 usbhub - ok
10:38:03.0663 2752 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:38:03.0678 2752 usbohci - ok
10:38:03.0772 2752 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:38:03.0772 2752 usbprint - ok
10:38:03.0881 2752 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:38:03.0881 2752 usbscan - ok
10:38:04.0006 2752 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:04.0006 2752 USBSTOR - ok
10:38:04.0099 2752 usbuhci (bef36c2a565bf0aed44a83ead8d72199) C:\Windows\system32\DRIVERS\usbuhci.sys
10:38:04.0099 2752 usbuhci - ok
10:38:04.0209 2752 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:38:04.0209 2752 usbvideo - ok
10:38:04.0302 2752 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
10:38:04.0302 2752 UxSms - ok
10:38:04.0411 2752 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
10:38:04.0443 2752 vds - ok
10:38:04.0536 2752 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:04.0536 2752 vga - ok
10:38:04.0599 2752 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:38:04.0599 2752 VgaSave - ok
10:38:04.0692 2752 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:38:04.0692 2752 viaagp - ok
10:38:04.0739 2752 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:38:04.0755 2752 ViaC7 - ok
10:38:04.0848 2752 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:38:04.0848 2752 viaide - ok
10:38:04.0957 2752 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:38:04.0957 2752 volmgr - ok
10:38:05.0067 2752 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
10:38:05.0067 2752 volmgrx - ok
10:38:05.0176 2752 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
10:38:05.0176 2752 volsnap - ok
10:38:05.0238 2752 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:38:05.0238 2752 vsmraid - ok
10:38:05.0394 2752 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
10:38:05.0441 2752 VSS - ok
10:38:05.0488 2752 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
10:38:05.0519 2752 W32Time - ok
10:38:05.0597 2752 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:38:05.0597 2752 WacomPen - ok
10:38:05.0628 2752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:05.0628 2752 Wanarp - ok
10:38:05.0675 2752 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:38:05.0675 2752 Wanarpv6 - ok
10:38:05.0800 2752 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
10:38:05.0831 2752 wcncsvc - ok
10:38:05.0909 2752 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:38:05.0909 2752 WcsPlugInService - ok
10:38:06.0049 2752 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:38:06.0049 2752 Wd - ok
10:38:06.0143 2752 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:38:06.0174 2752 Wdf01000 - ok
10:38:06.0268 2752 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:38:06.0268 2752 WdiServiceHost - ok
10:38:06.0315 2752 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:38:06.0315 2752 WdiSystemHost - ok
10:38:06.0424 2752 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
10:38:06.0439 2752 WebClient - ok
10:38:06.0751 2752 WebrootSpySweeperService (3102fd5f65b3ca05aadd1c1aa1a42220) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
10:38:06.0814 2752 WebrootSpySweeperService - ok
10:38:07.0017 2752 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:38:07.0017 2752 Wecsvc - ok
10:38:07.0110 2752 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:38:07.0126 2752 wercplsupport - ok
10:38:07.0219 2752 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
10:38:07.0219 2752 WerSvc - ok
10:38:07.0360 2752 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:38:07.0360 2752 WimFltr - ok
10:38:07.0500 2752 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:38:07.0516 2752 WinDefend - ok
10:38:07.0578 2752 WinHttpAutoProxySvc - ok
10:38:07.0656 2752 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
10:38:07.0656 2752 Winmgmt - ok
10:38:07.0812 2752 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:38:07.0859 2752 WinRM - ok
10:38:08.0046 2752 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
10:38:08.0062 2752 Wlansvc - ok
10:38:08.0171 2752 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:38:08.0187 2752 WmiAcpi - ok
10:38:08.0296 2752 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
10:38:08.0343 2752 wmiApSrv - ok
10:38:08.0530 2752 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:38:08.0545 2752 WMPNetworkSvc - ok
10:38:08.0655 2752 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
10:38:08.0670 2752 WPCSvc - ok
10:38:08.0701 2752 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
10:38:08.0701 2752 WPDBusEnum - ok
10:38:08.0826 2752 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
10:38:08.0826 2752 WpdUsb - ok
10:38:09.0045 2752 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:38:09.0076 2752 WPFFontCache_v0400 - ok
10:38:09.0232 2752 WRConsumerService (cd4527c485d82fc5c31023661421f39b) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
10:38:09.0310 2752 WRConsumerService - ok
10:38:09.0513 2752 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:09.0528 2752 ws2ifsl - ok
10:38:09.0606 2752 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
10:38:09.0622 2752 wscsvc - ok
10:38:09.0653 2752 WSearch - ok
10:38:09.0825 2752 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:38:09.0871 2752 wuauserv - ok
10:38:10.0105 2752 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:10.0121 2752 WUDFRd - ok
10:38:10.0215 2752 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:38:10.0215 2752 wudfsvc - ok
10:38:10.0339 2752 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
10:38:10.0339 2752 yukonwlh - ok
10:38:10.0823 2752 ZuneNetworkSvc (bcc62ed44d85236f802efccda3fba457) C:\Program Files\Zune\ZuneNss.exe
10:38:11.0010 2752 ZuneNetworkSvc - ok
10:38:11.0182 2752 ZuneWlanCfgSvc (b10cc66b7947bb1a2a24ff563bf36021) C:\Windows\system32\ZuneWlanCfgSvc.exe
10:38:11.0213 2752 ZuneWlanCfgSvc - ok
10:38:11.0338 2752 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
10:38:11.0868 2752 \Device\Harddisk0\DR0 - ok
10:38:11.0931 2752 Boot (0x1200) (baba389f63bec136f14b5e24af4d635b) \Device\Harddisk0\DR0\Partition0
10:38:11.0946 2752 \Device\Harddisk0\DR0\Partition0 - ok
10:38:11.0977 2752 Boot (0x1200) (caec9fb5eca344e3bb97037b5975d69a) \Device\Harddisk0\DR0\Partition1
10:38:11.0977 2752 \Device\Harddisk0\DR0\Partition1 - ok
10:38:11.0993 2752 ============================================================
10:38:11.0993 2752 Scan finished
10:38:11.0993 2752 ============================================================
10:38:12.0009 1228 Detected object count: 0
10:38:12.0009 1228 Actual detected object count: 0

Here is the aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 10:50:13
-----------------------------
10:50:13.318 OS Version: Windows 6.0.6001 Service Pack 1
10:50:13.318 Number of processors: 1 586 0x170A
10:50:13.318 ComputerName: CUPCAKE UserName: Alice
10:50:30.384 Initialize success
10:52:01.457 AVAST engine defs: 12060500
10:52:47.352 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:52:47.352 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
10:52:47.383 Disk 0 MBR read successfully
10:52:47.383 Disk 0 MBR scan
10:52:47.399 Disk 0 unknown MBR code
10:52:47.399 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
10:52:47.415 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 24579450
10:52:47.415 Disk 0 Partition - 00 0F Extended LBA 140623 MB offset 337140090
10:52:47.446 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140623 MB offset 337140153
10:52:47.446 Disk 0 scanning sectors +625137345
10:52:47.539 Disk 0 scanning C:\Windows\system32\drivers
10:52:59.817 Service scanning
10:53:29.410 Modules scanning
10:53:41.024 Disk 0 trace - called modules:
10:53:41.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
10:53:41.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866b9ac8]
10:53:41.047 3 CLASSPNP.SYS[8aba3745] -> nt!IofCallDriver -> [0x86278c60]
10:53:41.047 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8533a028]
10:53:43.476 AVAST engine scan C:\Windows
10:53:50.772 AVAST engine scan C:\Windows\system32
10:58:27.698 AVAST engine scan C:\Windows\system32\drivers
10:58:42.583 AVAST engine scan C:\Users\Alice
11:14:22.092 AVAST engine scan C:\ProgramData
11:17:39.288 Scan finished successfully
11:18:02.215 Disk 0 MBR has been saved successfully to "C:\Users\Alice\Desktop\MBR.dat"
11:18:02.215 The log file has been saved successfully to "C:\Users\Alice\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 05 June 2012 - 01:22 PM

The logs are clean. Try this.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#5 fantasygirl007

fantasygirl007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 05 June 2012 - 01:42 PM

Here's the log for Combofix:

ComboFix 12-06-05.03 - Alice 06/05/2012 13:29:42.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.2326 [GMT -5:00]
Running from: c:\users\Alice\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alice\dds.scr
c:\users\Alice\Defogger.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 18:37 . 2012-06-05 18:37 -------- d-----w- c:\users\Alice\AppData\Local\temp
2012-06-05 18:37 . 2012-06-05 18:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-05 18:37 . 2012-06-05 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 21:54 . 2012-05-28 21:54 -------- d-----w- C:\found.000
2012-05-19 19:28 . 2012-05-19 19:28 -------- d-----w- c:\program files\iPod
2012-05-19 19:28 . 2012-05-19 19:30 -------- d-----w- c:\program files\iTunes
2012-05-19 17:32 . 2012-05-19 17:32 -------- d-----w- c:\program files\Apple Software Update
2012-05-19 17:28 . 2012-05-19 17:28 -------- d-----w- c:\program files\Bonjour
2012-05-19 16:55 . 2012-05-19 16:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-19 16:52 . 2012-05-19 17:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-18 06:32 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56603DB8-5EE9-47C0-8658-EB9495C4D7A1}\mpengine.dll
2012-05-15 19:50 . 2012-05-29 07:02 -------- d-----w- c:\users\Alice\AppData\Roaming\Smartsims
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 17:43 . 2011-09-21 12:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-05-16 05:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 14:11 . 2011-04-22 20:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IPEVO Control Center"="c:\program files\IPEVO\Control Center\IPEVO Control Center.exe" [2008-07-03 1363968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-01 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-02 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 497536]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-03 237568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-26 3054136]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-07 274608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
.
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 752168]
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2009-7-26 12862]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2009-7-26 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ECACHE
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 17:43]
.
2012-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-55378245-1660095997-355431448-1000Core.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 17:08]
.
2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-55378245-1660095997-355431448-1000UA.job
- c:\users\Alice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 17:08]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:00]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:00]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55378245-1660095997-355431448-1000Core.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-18 17:16]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55378245-1660095997-355431448-1000UA.job
- c:\users\Alice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-18 17:16]
.
2012-06-05 c:\windows\Tasks\User_Feed_Synchronization-{14E020BD-CE69-4570-AC2D-F7BEF811297B}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?rls=ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} - hxxps://trade.tsc.com.tw/ebroker/axekey.cab
FF - ProfilePath - c:\users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\1g497r6r.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 13:37
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1640)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
Completion time: 2012-06-05 13:39:59
ComboFix-quarantined-files.txt 2012-06-05 18:39
ComboFix2.txt 2012-05-31 22:59
ComboFix3.txt 2012-05-31 04:16
.
Pre-Run: 45,048,164,352 bytes free
Post-Run: 45,141,659,648 bytes free
.
- - End Of File - - C207F8537BF1794336C7D40CEE8FD169

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 06 June 2012 - 08:35 AM

All your logs are clean.

What is the present difficulties with this computer.

#7 fantasygirl007

fantasygirl007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 June 2012 - 12:05 PM

My computer is very slow, and I can use it for perhaps five minutes before every window or program I try to open will freeze and I'll have to manually restart my computer. I've been running the scans in Safe Mode because I can't get into normal mode without all my programs freezing up...is that a problem?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 06 June 2012 - 12:57 PM

Check your virtual memory.
http://windows.microsoft.com/en-us/windows-vista/Change-the-size-of-virtual-memory

What the percentage is presently set.

#9 fantasygirl007

fantasygirl007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 June 2012 - 02:12 PM

Virtual memory currently allocated: 3336
Recommended: 4554

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 07 June 2012 - 06:12 AM

Increase it to the recommended size.

#11 fantasygirl007

fantasygirl007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 07 June 2012 - 11:58 AM

Still doesn't work, computer still freezes after a few minutes (usually after Spysweeper starts up). I can use the Guest account on my computer and it works fine, but the icons in my account are always oddly rearranged when I sign in so I think it's a virus.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 07 June 2012 - 01:10 PM

I would remove Spysweeper with the Add/Remove Programs applet, restart the computer and with all programs closed I would reinstall it.

Keep in mind that your profile may be damaged. Creating a new one may solve your problem.

Keep me posted.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 13 June 2012 - 01:37 PM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users