Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Infection, Files Quarantined But Unable to Delete


  • This topic is locked This topic is locked
24 replies to this topic

#1 Jemro

Jemro

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 04 June 2012 - 09:08 PM

Hello,

I appear to be infected with some form of Sirefef. It has infected files in the Windows assembly folder (e.g., desktop.ini). I've been through a lot trying to remove this thing on my own with a multitude of tools, but nothing seems to work. It first infected my system when I was using Windows Security Essentials. That program was then infected, so I uninstalled it and reinstalled it. WSE quarantined the virus but was unable to delete it, running in an endless loop of quarantines.

I then uninstalled MSE and tried the ESET online scanner--it found the virus but failed to remove it. After that I tried the Microsoft Safety Scanner. Again, it found the virus but failed to remove it. Now, I currently have a trial of Bitdefender installed. Despite its various tactics, it has been unable to remove the virus, resulting in a quarantine loop similar to the Microsoft Security Essentials.

The virus is characterized by redirecting the browser during Internet searching (it redirects to spam sites, etc.) and similar browser-related problems. The symptoms seem to abate when the files are quarantined, but reappear once the computer reboots and until whatever virus program finds and quarantines the files again.

Unfortunately, I was unable to post a DDS log. I believe that the virus may be stopping the log from generating, or something else on the computer is causing trouble. I saved DDS to the desktop and began the scan. It completed but did not generate text files with the logs.

Any help will be greatly appreciated, as the only thing left that I know how to do is reformat the drive, which would be quite troublesome!

BC AdBot (Login to Remove)

 


#2 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 04 June 2012 - 10:24 PM

I was able to ferret out the DDS logs. Since my desktop is saved on the D drive, I imagine that may have caused the issue with them being saved in the temporary folder on the D drive rather than the desktop. They are below.

Attach.txt

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2012 9:41:19 AM
System Uptime: 6/4/2012 10:14:52 PM (0 hours ago)
.
Motherboard: MSI | | P67A-G43 (MS-7673)
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 38.539 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 379.093 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76731462&REV_06\4&1AAEAA1B&0&00E6
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76731462&REV_06\4&1AAEAA1B&0&00E6
Service: RTL8167
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76731462&REV_05\3&11583659&0&FB
Service:
.
Class GUID:
Description: Internet Access Server
Device ID: UUID:5FCAD437-DD09-0301-7F89-508493BF5455\UMB\3&1EE1C53A&0&UUID:5FCAD437-DD09-0301-7F89-508493BF5455
Manufacturer:
Name: Internet Access Server
PNP Device ID: UUID:5FCAD437-DD09-0301-7F89-508493BF5455\UMB\3&1EE1C53A&0&UUID:5FCAD437-DD09-0301-7F89-508493BF5455
Service:
.
==== System Restore Points ===================
.
RP74: 6/3/2012 10:05:11 AM - Removed Java™ 6 Update 31
RP75: 6/3/2012 10:06:05 AM - Installed Java™ 7 Update 4
RP76: 6/3/2012 10:06:13 AM - Installed JavaFX 2.1.0
RP77: 6/3/2012 11:21:20 AM - Installed ESET NOD32 Antivirus
RP78: 6/3/2012 11:29:38 AM - Installed ESET NOD32 Antivirus
RP79: 6/3/2012 11:37:17 AM - Installed ESET NOD32 Antivirus
RP80: 6/3/2012 11:57:09 AM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP81: 6/3/2012 11:58:30 AM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP82: 6/3/2012 12:21:48 PM - Installed ESET NOD32 Antivirus
RP83: 6/3/2012 12:25:16 PM - Installed ESET NOD32 Antivirus
RP84: 6/3/2012 12:31:44 PM - Installed ESET NOD32 Antivirus
RP85: 6/4/2012 9:41:44 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Apple Application Support
Apple Software Update
ASUS nVidia Driver
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Empires Dawn of the Modern World
GameRanger
Google Chrome
HandBrake 0.9.5
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
JDownloader 0.9
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Renesas Electronics USB 3.0 Host Controller Driver
Rise of Nations
Ship Simulator Extremes
Star Wars: The Old Republic
Trillian
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VLC media player 1.1.11
Winamp
Winamp Detector Plug-in
Windows Resource Kit Tools - SubInAcl.exe
WinRAR 4.11 (32-bit)
WinSCP 4.3.6
XRECODE
.
==== Event Viewer Messages From Past Week ========
.
6/4/2012 9:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.1171.0).
6/4/2012 8:44:34 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
6/4/2012 10:15:12 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/4/2012 10:15:12 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/4/2012 10:15:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nmfmfx
6/4/2012 10:15:04 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/4/2012 10:15:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/4/2012 10:15:04 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/4/2012 10:15:03 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/4/2012 10:12:08 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
6/4/2012 10:10:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/4/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/4/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/4/2012 10:10:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/4/2012 10:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/4/2012 10:10:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/4/2012 10:10:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 BdfNdisf bdfsfltr bdfwfpf BDVEDISK CSC DfsC discache NetBIOS NetBT nmfmfx nsiproxy Psched rdbss spldr tdx trufos vwififlt Wanarpv6 WfpLwf ws2ifsl
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 10:10:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/3/2012 9:53:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/3/2012 9:49:48 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
6/3/2012 9:39:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter nmfmfx spldr Wanarpv6
6/3/2012 9:29:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nmfmfx nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/3/2012 12:33:24 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
6/3/2012 12:33:20 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/3/2012 11:53:06 AM, Error: Service Control Manager [7030] - The ESET Uninstaller Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/3/2012 11:52:28 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/3/2012 11:52:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache nmfmfx spldr Wanarpv6
6/3/2012 11:48:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nmfmfx nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
6/3/2012 11:42:17 AM, Error: Microsoft Antimalware [2001] -
6/3/2012 11:19:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/3/2012 11:19:11 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2012 11:19:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/3/2012 11:18:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/3/2012 11:18:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/3/2012 11:18:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/3/2012 10:59:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/3/2012 10:09:51 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:09:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
6/3/2012 10:09:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
6/3/2012 10:08:49 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
6/3/2012 10:08:00 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:08:00 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:07:59 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 10:06:49 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2012 10:06:49 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2012 7:14:14 PM, Error: Application Popup [1060] - \??\D:\Downloads\CCE\ccekrnl.dat has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Joseph *REMOVED* at 22:28:35 on 2012-06-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8163.6861 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files (x86)\Adobe\Acrobat\Acrobat\acrotray.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Joseph *REMOVED*\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D58EE1BD-AD13-46F5-8C18-0214A6B9E1DB} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FAFA7B4E-030A-45E8-B97E-11F87FA26C5B} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe"
mRun-x64: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-9 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-20 378472]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-1-9 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-03 18:04:51 255970 ----a-w- C:\ProgramData\1338745879.bdinstall.bin
2012-06-03 17:56:26 -------- d-----w- C:\ProgramData\BDLogging
2012-06-03 17:56:21 -------- d-----w- C:\Users\Joseph *REMOVED*\AppData\Roaming\Bitdefender
2012-06-03 17:56:19 -------- d-----w- C:\ProgramData\Bitdefender
2012-06-03 17:52:26 -------- d-----w- C:\Users\Joseph *REMOVED*\AppData\Roaming\QuickScan
2012-06-03 17:51:51 -------- d-----w- C:\Program Files\Bitdefender
2012-06-03 17:51:32 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-06-03 17:51:32 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-06-03 17:50:46 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-06-03 17:50:46 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-06-03 17:44:20 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-06-03 17:22:59 -------- d-----w- C:\Program Files\ESET
2012-06-03 16:58:35 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-06-03 15:06:19 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-03 15:06:13 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-01 02:08:30 -------- d-----w- C:\CCE_Quarantine
2012-05-31 23:56:26 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-28 23:07:30 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-05-28 18:52:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-28 01:28:54 -------- d-----w- C:\Users\Joseph *REMOVED*\AppData\Roaming\GameRanger
2012-05-28 00:24:28 -------- d-----w- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft Games
2012-05-14 12:35:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-14 12:35:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-14 12:35:33 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-14 12:35:33 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-14 12:35:33 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-14 12:35:33 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 12:35:03 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-14 12:34:43 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-14 12:34:42 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 12:34:42 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-14 12:34:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-14 12:34:42 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-14 12:34:42 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M ====================
.
2012-05-05 01:58:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:58:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:58:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-21 01:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
.
============= FINISH: 22:28:52.82 ===============

Edited by Jemro, 04 June 2012 - 10:32 PM.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 06 June 2012 - 08:02 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 June 2012 - 09:02 AM

Thank you for your reply, ST. I backed up all of my data to a removable hard drive yesterday because I feared that I might have to reformat the drive in order to solve this problem. However, let's try some of your steps before doing that.

1) TDSKiller


08:43:43.0558 1828 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:43:43.0916 1828 ============================================================
08:43:43.0916 1828 Current date / time: 2012/06/06 08:43:43.0916
08:43:43.0916 1828 SystemInfo:
08:43:43.0916 1828
08:43:43.0916 1828 OS Version: 6.1.7601 ServicePack: 1.0
08:43:43.0916 1828 Product type: Workstation
08:43:43.0916 1828 ComputerName: JOSEPH-PC
08:43:43.0916 1828 UserName: Joseph *REMOVED*
08:43:43.0916 1828 Windows directory: C:\Windows
08:43:43.0916 1828 System windows directory: C:\Windows
08:43:43.0916 1828 Running under WOW64
08:43:43.0916 1828 Processor architecture: Intel x64
08:43:43.0916 1828 Number of processors: 4
08:43:43.0916 1828 Page size: 0x1000
08:43:43.0916 1828 Boot type: Normal boot
08:43:43.0916 1828 ============================================================
08:43:44.0260 1828 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:43:44.0260 1828 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:43:44.0291 1828 Drive \Device\Harddisk2\DR3 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:43:44.0291 1828 ============================================================
08:43:44.0291 1828 \Device\Harddisk0\DR0:
08:43:44.0291 1828 MBR partitions:
08:43:44.0291 1828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:43:44.0291 1828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
08:43:44.0291 1828 \Device\Harddisk1\DR1:
08:43:44.0291 1828 MBR partitions:
08:43:44.0291 1828 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
08:43:44.0291 1828 \Device\Harddisk2\DR3:
08:43:44.0291 1828 MBR partitions:
08:43:44.0291 1828 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x1D1C596E
08:43:44.0291 1828 ============================================================
08:43:44.0291 1828 C: <-> \Device\Harddisk0\DR0\Partition1
08:43:44.0291 1828 D: <-> \Device\Harddisk1\DR1\Partition0
08:43:44.0306 1828 F: <-> \Device\Harddisk2\DR3\Partition0
08:43:44.0306 1828 ============================================================
08:43:44.0306 1828 Initialize success
08:43:44.0306 1828 ============================================================
08:43:57.0054 0704 ============================================================
08:43:57.0054 0704 Scan started
08:43:57.0054 0704 Mode: Manual; SigCheck; TDLFS;
08:43:57.0054 0704 ============================================================
08:43:57.0522 0704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:43:57.0553 0704 1394ohci - ok
08:43:57.0569 0704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:43:57.0584 0704 ACPI - ok
08:43:57.0584 0704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:43:57.0600 0704 AcpiPmi - ok
08:43:57.0631 0704 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:57.0647 0704 AdobeFlashPlayerUpdateSvc - ok
08:43:57.0662 0704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:43:57.0678 0704 adp94xx - ok
08:43:57.0678 0704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:43:57.0693 0704 adpahci - ok
08:43:57.0709 0704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:43:57.0709 0704 adpu320 - ok
08:43:57.0725 0704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:43:57.0740 0704 AeLookupSvc - ok
08:43:57.0771 0704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:43:57.0787 0704 AFD - ok
08:43:57.0787 0704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:43:57.0803 0704 agp440 - ok
08:43:57.0803 0704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:43:57.0818 0704 ALG - ok
08:43:57.0818 0704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:43:57.0818 0704 aliide - ok
08:43:57.0818 0704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:43:57.0834 0704 amdide - ok
08:43:57.0834 0704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:43:57.0849 0704 AmdK8 - ok
08:43:57.0865 0704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:43:57.0865 0704 AmdPPM - ok
08:43:57.0881 0704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:43:57.0881 0704 amdsata - ok
08:43:57.0896 0704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:43:57.0896 0704 amdsbs - ok
08:43:57.0912 0704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:43:57.0912 0704 amdxata - ok
08:43:57.0912 0704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:43:57.0943 0704 AppID - ok
08:43:57.0943 0704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:43:57.0974 0704 AppIDSvc - ok
08:43:57.0974 0704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:43:58.0005 0704 Appinfo - ok
08:43:58.0005 0704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:43:58.0021 0704 Apple Mobile Device - ok
08:43:58.0021 0704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:43:58.0037 0704 AppMgmt - ok
08:43:58.0037 0704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:43:58.0052 0704 arc - ok
08:43:58.0052 0704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:43:58.0068 0704 arcsas - ok
08:43:58.0068 0704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:58.0083 0704 AsyncMac - ok
08:43:58.0083 0704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:43:58.0099 0704 atapi - ok
08:43:58.0115 0704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:58.0146 0704 AudioEndpointBuilder - ok
08:43:58.0146 0704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:58.0177 0704 AudioSrv - ok
08:43:58.0177 0704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:43:58.0193 0704 AxInstSV - ok
08:43:58.0208 0704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:43:58.0224 0704 b06bdrv - ok
08:43:58.0239 0704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:43:58.0255 0704 b57nd60a - ok
08:43:58.0271 0704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:43:58.0286 0704 BDESVC - ok
08:43:58.0286 0704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:43:58.0333 0704 Beep - ok
08:43:58.0349 0704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:43:58.0380 0704 BITS - ok
08:43:58.0380 0704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:43:58.0395 0704 blbdrive - ok
08:43:58.0411 0704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:43:58.0427 0704 bowser - ok
08:43:58.0427 0704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:43:58.0442 0704 BrFiltLo - ok
08:43:58.0442 0704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:43:58.0442 0704 BrFiltUp - ok
08:43:58.0458 0704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:43:58.0489 0704 BridgeMP - ok
08:43:58.0505 0704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:43:58.0520 0704 Browser - ok
08:43:58.0520 0704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:43:58.0536 0704 Brserid - ok
08:43:58.0551 0704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:43:58.0567 0704 BrSerWdm - ok
08:43:58.0567 0704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:43:58.0583 0704 BrUsbMdm - ok
08:43:58.0583 0704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:43:58.0598 0704 BrUsbSer - ok
08:43:58.0598 0704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:43:58.0614 0704 BTHMODEM - ok
08:43:58.0629 0704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:43:58.0645 0704 bthserv - ok
08:43:58.0661 0704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:43:58.0692 0704 cdfs - ok
08:43:58.0692 0704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:43:58.0707 0704 cdrom - ok
08:43:58.0723 0704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:58.0739 0704 CertPropSvc - ok
08:43:58.0754 0704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:43:58.0770 0704 circlass - ok
08:43:58.0785 0704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:43:58.0785 0704 CLFS - ok
08:43:58.0801 0704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:58.0817 0704 clr_optimization_v2.0.50727_32 - ok
08:43:58.0817 0704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:43:58.0832 0704 clr_optimization_v2.0.50727_64 - ok
08:43:58.0832 0704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:43:58.0848 0704 CmBatt - ok
08:43:58.0848 0704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:43:58.0848 0704 cmdide - ok
08:43:58.0863 0704 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:43:58.0895 0704 CNG - ok
08:43:58.0895 0704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:43:58.0895 0704 Compbatt - ok
08:43:58.0910 0704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:43:58.0910 0704 CompositeBus - ok
08:43:58.0926 0704 COMSysApp - ok
08:43:58.0926 0704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:43:58.0926 0704 crcdisk - ok
08:43:58.0941 0704 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:43:58.0957 0704 CryptSvc - ok
08:43:58.0973 0704 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:43:59.0004 0704 CSC - ok
08:43:59.0019 0704 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:43:59.0035 0704 CscService - ok
08:43:59.0051 0704 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
08:43:59.0066 0704 dc3d - ok
08:43:59.0066 0704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:59.0097 0704 DcomLaunch - ok
08:43:59.0113 0704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:43:59.0144 0704 defragsvc - ok
08:43:59.0160 0704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:43:59.0191 0704 DfsC - ok
08:43:59.0191 0704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:43:59.0238 0704 Dhcp - ok
08:43:59.0238 0704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:43:59.0253 0704 discache - ok
08:43:59.0269 0704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:43:59.0269 0704 Disk - ok
08:43:59.0285 0704 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:43:59.0300 0704 dmvsc - ok
08:43:59.0300 0704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:43:59.0331 0704 Dnscache - ok
08:43:59.0347 0704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:43:59.0378 0704 dot3svc - ok
08:43:59.0394 0704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:43:59.0409 0704 DPS - ok
08:43:59.0409 0704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:43:59.0425 0704 drmkaud - ok
08:43:59.0441 0704 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:43:59.0441 0704 dtsoftbus01 - ok
08:43:59.0472 0704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:43:59.0487 0704 DXGKrnl - ok
08:43:59.0503 0704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:43:59.0534 0704 EapHost - ok
08:43:59.0597 0704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:43:59.0659 0704 ebdrv - ok
08:43:59.0690 0704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:43:59.0706 0704 EFS - ok
08:43:59.0721 0704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:43:59.0753 0704 ehRecvr - ok
08:43:59.0768 0704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:43:59.0799 0704 ehSched - ok
08:43:59.0815 0704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:43:59.0831 0704 elxstor - ok
08:43:59.0831 0704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:43:59.0846 0704 ErrDev - ok
08:43:59.0862 0704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:43:59.0893 0704 EventSystem - ok
08:43:59.0893 0704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:43:59.0924 0704 exfat - ok
08:43:59.0924 0704 exittbqx (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\exittbqx.sys
08:43:59.0940 0704 exittbqx - ok
08:43:59.0940 0704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:43:59.0971 0704 fastfat - ok
08:43:59.0987 0704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:44:00.0002 0704 Fax - ok
08:44:00.0018 0704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:44:00.0018 0704 fdc - ok
08:44:00.0033 0704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:44:00.0049 0704 fdPHost - ok
08:44:00.0049 0704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:44:00.0080 0704 FDResPub - ok
08:44:00.0080 0704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:44:00.0096 0704 FileInfo - ok
08:44:00.0096 0704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:44:00.0127 0704 Filetrace - ok
08:44:00.0127 0704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:44:00.0143 0704 flpydisk - ok
08:44:00.0158 0704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:44:00.0158 0704 FltMgr - ok
08:44:00.0189 0704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:44:00.0205 0704 FontCache - ok
08:44:00.0221 0704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:44:00.0221 0704 FontCache3.0.0.0 - ok
08:44:00.0236 0704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:44:00.0236 0704 FsDepends - ok
08:44:00.0236 0704 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:44:00.0252 0704 Fs_Rec - ok
08:44:00.0252 0704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:44:00.0267 0704 fvevol - ok
08:44:00.0267 0704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:44:00.0283 0704 gagp30kx - ok
08:44:00.0283 0704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:44:00.0283 0704 GEARAspiWDM - ok
08:44:00.0314 0704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:44:00.0345 0704 gpsvc - ok
08:44:00.0345 0704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:44:00.0361 0704 hcw85cir - ok
08:44:00.0377 0704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:44:00.0392 0704 HdAudAddService - ok
08:44:00.0408 0704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:44:00.0408 0704 HDAudBus - ok
08:44:00.0423 0704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:44:00.0423 0704 HidBatt - ok
08:44:00.0439 0704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:44:00.0455 0704 HidBth - ok
08:44:00.0455 0704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:44:00.0470 0704 HidIr - ok
08:44:00.0486 0704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:44:00.0501 0704 hidserv - ok
08:44:00.0501 0704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:44:00.0517 0704 HidUsb - ok
08:44:00.0533 0704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:44:00.0564 0704 hkmsvc - ok
08:44:00.0564 0704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:44:00.0595 0704 HomeGroupListener - ok
08:44:00.0611 0704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:44:00.0611 0704 HomeGroupProvider - ok
08:44:00.0626 0704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:44:00.0626 0704 HpSAMD - ok
08:44:00.0642 0704 HPSIService (f7bc8c61850e51fada9087b6d3155023) C:\Windows\system32\HPSIsvc.exe
08:44:00.0642 0704 HPSIService - ok
08:44:00.0657 0704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:44:00.0689 0704 HTTP - ok
08:44:00.0689 0704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:44:00.0704 0704 hwpolicy - ok
08:44:00.0704 0704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:44:00.0720 0704 i8042prt - ok
08:44:00.0735 0704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:44:00.0751 0704 iaStorV - ok
08:44:00.0751 0704 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:44:00.0782 0704 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:44:00.0782 0704 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:44:00.0798 0704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:44:00.0829 0704 idsvc - ok
08:44:00.0860 0704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:44:00.0876 0704 iirsp - ok
08:44:00.0891 0704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:44:00.0938 0704 IKEEXT - ok
08:44:01.0001 0704 IntcAzAudAddService (177b4e48c7a288e70779b42ab81d2d06) C:\Windows\system32\drivers\RTKVHD64.sys
08:44:01.0047 0704 IntcAzAudAddService - ok
08:44:01.0079 0704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:44:01.0094 0704 intelide - ok
08:44:01.0094 0704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:44:01.0110 0704 intelppm - ok
08:44:01.0125 0704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:44:01.0141 0704 IPBusEnum - ok
08:44:01.0157 0704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:44:01.0172 0704 IpFilterDriver - ok
08:44:01.0188 0704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:44:01.0219 0704 iphlpsvc - ok
08:44:01.0219 0704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:44:01.0235 0704 IPMIDRV - ok
08:44:01.0250 0704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:44:01.0281 0704 IPNAT - ok
08:44:01.0297 0704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:44:01.0313 0704 iPod Service - ok
08:44:01.0313 0704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:44:01.0328 0704 IRENUM - ok
08:44:01.0328 0704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:44:01.0344 0704 isapnp - ok
08:44:01.0359 0704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:44:01.0359 0704 iScsiPrt - ok
08:44:01.0375 0704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:44:01.0375 0704 kbdclass - ok
08:44:01.0375 0704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:44:01.0391 0704 kbdhid - ok
08:44:01.0406 0704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:01.0406 0704 KeyIso - ok
08:44:01.0406 0704 KMService - ok
08:44:01.0406 0704 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:44:01.0422 0704 KSecDD - ok
08:44:01.0437 0704 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:44:01.0437 0704 KSecPkg - ok
08:44:01.0437 0704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:44:01.0469 0704 ksthunk - ok
08:44:01.0484 0704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:44:01.0515 0704 KtmRm - ok
08:44:01.0531 0704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:44:01.0562 0704 LanmanServer - ok
08:44:01.0578 0704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:44:01.0609 0704 LanmanWorkstation - ok
08:44:01.0609 0704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:44:01.0640 0704 lltdio - ok
08:44:01.0656 0704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:44:01.0703 0704 lltdsvc - ok
08:44:01.0703 0704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:44:01.0734 0704 lmhosts - ok
08:44:01.0734 0704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:44:01.0749 0704 LSI_FC - ok
08:44:01.0765 0704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:44:01.0765 0704 LSI_SAS - ok
08:44:01.0781 0704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:44:01.0781 0704 LSI_SAS2 - ok
08:44:01.0796 0704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:44:01.0796 0704 LSI_SCSI - ok
08:44:01.0812 0704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:44:01.0843 0704 luafv - ok
08:44:01.0843 0704 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
08:44:01.0843 0704 MBfilt - ok
08:44:01.0859 0704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:44:01.0874 0704 Mcx2Svc - ok
08:44:01.0890 0704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:44:01.0890 0704 megasas - ok
08:44:01.0905 0704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:44:01.0905 0704 MegaSR - ok
08:44:01.0921 0704 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:44:01.0921 0704 MEIx64 - ok
08:44:01.0937 0704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:44:01.0952 0704 MMCSS - ok
08:44:01.0952 0704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:44:01.0983 0704 Modem - ok
08:44:01.0983 0704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:44:01.0999 0704 monitor - ok
08:44:01.0999 0704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:44:02.0015 0704 mouclass - ok
08:44:02.0015 0704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:44:02.0030 0704 mouhid - ok
08:44:02.0030 0704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:44:02.0046 0704 mountmgr - ok
08:44:02.0061 0704 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:44:02.0061 0704 MpFilter - ok
08:44:02.0077 0704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:44:02.0093 0704 mpio - ok
08:44:02.0093 0704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:44:02.0124 0704 mpsdrv - ok
08:44:02.0139 0704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:44:02.0155 0704 MRxDAV - ok
08:44:02.0171 0704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:44:02.0186 0704 mrxsmb - ok
08:44:02.0202 0704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:44:02.0217 0704 mrxsmb10 - ok
08:44:02.0217 0704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:44:02.0233 0704 mrxsmb20 - ok
08:44:02.0249 0704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:44:02.0249 0704 msahci - ok
08:44:02.0264 0704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:44:02.0264 0704 msdsm - ok
08:44:02.0280 0704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:44:02.0295 0704 MSDTC - ok
08:44:02.0311 0704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:44:02.0327 0704 Msfs - ok
08:44:02.0327 0704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:44:02.0358 0704 mshidkmdf - ok
08:44:02.0358 0704 MSICDSetup - ok
08:44:02.0358 0704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:44:02.0373 0704 msisadrv - ok
08:44:02.0373 0704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:44:02.0405 0704 MSiSCSI - ok
08:44:02.0420 0704 msiserver - ok
08:44:02.0420 0704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:44:02.0436 0704 MSKSSRV - ok
08:44:02.0451 0704 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:44:02.0451 0704 MsMpSvc - ok
08:44:02.0451 0704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:44:02.0483 0704 MSPCLOCK - ok
08:44:02.0483 0704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:44:02.0498 0704 MSPQM - ok
08:44:02.0514 0704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:44:02.0529 0704 MsRPC - ok
08:44:02.0529 0704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:44:02.0545 0704 mssmbios - ok
08:44:02.0545 0704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:44:02.0561 0704 MSTEE - ok
08:44:02.0576 0704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:44:02.0576 0704 MTConfig - ok
08:44:02.0592 0704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:44:02.0592 0704 Mup - ok
08:44:02.0592 0704 mvusbews (f1b096bf8c2a7a5a1e42dc5a13e35952) C:\Windows\system32\Drivers\mvusbews.sys
08:44:02.0607 0704 mvusbews - ok
08:44:02.0623 0704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:44:02.0654 0704 napagent - ok
08:44:02.0670 0704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:44:02.0685 0704 NativeWifiP - ok
08:44:02.0717 0704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:44:02.0732 0704 NDIS - ok
08:44:02.0732 0704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:44:02.0763 0704 NdisCap - ok
08:44:02.0763 0704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:44:02.0795 0704 NdisTapi - ok
08:44:02.0810 0704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:44:02.0826 0704 Ndisuio - ok
08:44:02.0841 0704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:44:02.0873 0704 NdisWan - ok
08:44:02.0873 0704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:44:02.0904 0704 NDProxy - ok
08:44:02.0904 0704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:44:02.0935 0704 NetBIOS - ok
08:44:02.0935 0704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:44:02.0966 0704 NetBT - ok
08:44:02.0966 0704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:02.0982 0704 Netlogon - ok
08:44:02.0982 0704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:44:03.0013 0704 Netman - ok
08:44:03.0029 0704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:44:03.0060 0704 netprofm - ok
08:44:03.0075 0704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:44:03.0075 0704 NetTcpPortSharing - ok
08:44:03.0091 0704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:44:03.0091 0704 nfrd960 - ok
08:44:03.0091 0704 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:44:03.0107 0704 NisDrv - ok
08:44:03.0107 0704 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
08:44:03.0138 0704 NisSrv - ok
08:44:03.0153 0704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:44:03.0169 0704 NlaSvc - ok
08:44:03.0169 0704 nmfmfx - ok
08:44:03.0185 0704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:44:03.0200 0704 Npfs - ok
08:44:03.0216 0704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:44:03.0247 0704 nsi - ok
08:44:03.0247 0704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:44:03.0263 0704 nsiproxy - ok
08:44:03.0294 0704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:44:03.0325 0704 Ntfs - ok
08:44:03.0372 0704 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:44:03.0372 0704 NuidFltr - ok
08:44:03.0372 0704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:44:03.0403 0704 Null - ok
08:44:03.0403 0704 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:44:03.0419 0704 nusb3hub - ok
08:44:03.0434 0704 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:44:03.0450 0704 nusb3xhc - ok
08:44:03.0450 0704 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
08:44:03.0465 0704 NVHDA - ok
08:44:03.0715 0704 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:44:03.0902 0704 nvlddmkm - ok
08:44:03.0949 0704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:44:03.0965 0704 nvraid - ok
08:44:03.0965 0704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:44:03.0980 0704 nvstor - ok
08:44:03.0996 0704 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
08:44:04.0011 0704 NVSvc - ok
08:44:04.0074 0704 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:44:04.0105 0704 nvUpdatusService - ok
08:44:04.0152 0704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:44:04.0167 0704 nv_agp - ok
08:44:04.0167 0704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:44:04.0183 0704 ohci1394 - ok
08:44:04.0199 0704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:44:04.0230 0704 ose - ok
08:44:04.0323 0704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:44:04.0370 0704 osppsvc - ok
08:44:04.0417 0704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:44:04.0433 0704 p2pimsvc - ok
08:44:04.0448 0704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:44:04.0479 0704 p2psvc - ok
08:44:04.0495 0704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:44:04.0511 0704 Parport - ok
08:44:04.0511 0704 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:44:04.0526 0704 partmgr - ok
08:44:04.0526 0704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:44:04.0557 0704 PcaSvc - ok
08:44:04.0573 0704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:44:04.0573 0704 pci - ok
08:44:04.0573 0704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:44:04.0589 0704 pciide - ok
08:44:04.0589 0704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:44:04.0604 0704 pcmcia - ok
08:44:04.0604 0704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:44:04.0620 0704 pcw - ok
08:44:04.0635 0704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:44:04.0667 0704 PEAUTH - ok
08:44:04.0698 0704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:44:04.0729 0704 PeerDistSvc - ok
08:44:04.0745 0704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:44:04.0776 0704 PerfHost - ok
08:44:04.0838 0704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:44:04.0885 0704 pla - ok
08:44:04.0901 0704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:44:04.0932 0704 PlugPlay - ok
08:44:04.0932 0704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:44:04.0947 0704 PNRPAutoReg - ok
08:44:04.0963 0704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:44:04.0979 0704 PNRPsvc - ok
08:44:04.0979 0704 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:44:04.0994 0704 Point64 - ok
08:44:05.0010 0704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:44:05.0041 0704 PolicyAgent - ok
08:44:05.0057 0704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:44:05.0072 0704 Power - ok
08:44:05.0088 0704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:44:05.0119 0704 PptpMiniport - ok
08:44:05.0119 0704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:44:05.0135 0704 Processor - ok
08:44:05.0150 0704 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:44:05.0181 0704 ProfSvc - ok
08:44:05.0197 0704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:05.0197 0704 ProtectedStorage - ok
08:44:05.0213 0704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:44:05.0228 0704 Psched - ok
08:44:05.0259 0704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:44:05.0291 0704 ql2300 - ok
08:44:05.0337 0704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:44:05.0353 0704 ql40xx - ok
08:44:05.0353 0704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:44:05.0384 0704 QWAVE - ok
08:44:05.0400 0704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:44:05.0415 0704 QWAVEdrv - ok
08:44:05.0415 0704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:44:05.0431 0704 RasAcd - ok
08:44:05.0447 0704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:44:05.0478 0704 RasAgileVpn - ok
08:44:05.0478 0704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:44:05.0525 0704 RasAuto - ok
08:44:05.0525 0704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:44:05.0556 0704 Rasl2tp - ok
08:44:05.0571 0704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:44:05.0603 0704 RasMan - ok
08:44:05.0618 0704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:44:05.0649 0704 RasPppoe - ok
08:44:05.0649 0704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:44:05.0681 0704 RasSstp - ok
08:44:05.0696 0704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:44:05.0727 0704 rdbss - ok
08:44:05.0727 0704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:44:05.0743 0704 rdpbus - ok
08:44:05.0743 0704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:44:05.0759 0704 RDPCDD - ok
08:44:05.0774 0704 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:44:05.0790 0704 RDPDR - ok
08:44:05.0790 0704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:44:05.0805 0704 RDPENCDD - ok
08:44:05.0805 0704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:44:05.0837 0704 RDPREFMP - ok
08:44:05.0837 0704 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:44:05.0852 0704 RDPWD - ok
08:44:05.0868 0704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:44:05.0883 0704 rdyboost - ok
08:44:05.0883 0704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:44:05.0915 0704 RemoteAccess - ok
08:44:05.0930 0704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:44:05.0961 0704 RemoteRegistry - ok
08:44:05.0977 0704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:44:06.0008 0704 RpcEptMapper - ok
08:44:06.0008 0704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:44:06.0024 0704 RpcLocator - ok
08:44:06.0039 0704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:44:06.0071 0704 RpcSs - ok
08:44:06.0071 0704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:44:06.0102 0704 rspndr - ok
08:44:06.0117 0704 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:44:06.0133 0704 RTL8167 - ok
08:44:06.0164 0704 rtl8192se (789c177a1529f0453c625c68a4ef2f00) C:\Windows\system32\DRIVERS\rtl8192se.sys
08:44:06.0195 0704 rtl8192se - ok
08:44:06.0195 0704 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:44:06.0211 0704 s3cap - ok
08:44:06.0211 0704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:06.0211 0704 SamSs - ok
08:44:06.0227 0704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:44:06.0242 0704 sbp2port - ok
08:44:06.0242 0704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:44:06.0289 0704 SCardSvr - ok
08:44:06.0289 0704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:44:06.0320 0704 scfilter - ok
08:44:06.0336 0704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:44:06.0383 0704 Schedule - ok
08:44:06.0398 0704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:44:06.0414 0704 SCPolicySvc - ok
08:44:06.0429 0704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:44:06.0445 0704 SDRSVC - ok
08:44:06.0461 0704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:44:06.0476 0704 secdrv - ok
08:44:06.0492 0704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:44:06.0523 0704 seclogon - ok
08:44:06.0523 0704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:44:06.0554 0704 SENS - ok
08:44:06.0554 0704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:44:06.0570 0704 SensrSvc - ok
08:44:06.0570 0704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:44:06.0585 0704 Serenum - ok
08:44:06.0601 0704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:44:06.0601 0704 Serial - ok
08:44:06.0617 0704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:44:06.0617 0704 sermouse - ok
08:44:06.0632 0704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:44:06.0663 0704 SessionEnv - ok
08:44:06.0679 0704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:44:06.0679 0704 sffdisk - ok
08:44:06.0695 0704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:44:06.0695 0704 sffp_mmc - ok
08:44:06.0710 0704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:44:06.0710 0704 sffp_sd - ok
08:44:06.0726 0704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:44:06.0726 0704 sfloppy - ok
08:44:06.0741 0704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:44:06.0788 0704 ShellHWDetection - ok
08:44:06.0788 0704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:44:06.0804 0704 SiSRaid2 - ok
08:44:06.0804 0704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:44:06.0819 0704 SiSRaid4 - ok
08:44:06.0835 0704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:44:06.0851 0704 Smb - ok
08:44:06.0866 0704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:44:06.0882 0704 SNMPTRAP - ok
08:44:06.0882 0704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:44:06.0882 0704 spldr - ok
08:44:06.0897 0704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:44:06.0929 0704 Spooler - ok
08:44:07.0007 0704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:44:07.0053 0704 sppsvc - ok
08:44:07.0100 0704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:44:07.0131 0704 sppuinotify - ok
08:44:07.0147 0704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:44:07.0178 0704 srv - ok
08:44:07.0194 0704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:44:07.0209 0704 srv2 - ok
08:44:07.0225 0704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:44:07.0241 0704 srvnet - ok
08:44:07.0256 0704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:44:07.0272 0704 SSDPSRV - ok
08:44:07.0287 0704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:44:07.0319 0704 SstpSvc - ok
08:44:07.0334 0704 Stereo Service (284303d0b36d7825851a8ad752439e3b) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:44:07.0350 0704 Stereo Service - ok
08:44:07.0350 0704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:44:07.0350 0704 stexstor - ok
08:44:07.0365 0704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:44:07.0397 0704 stisvc - ok
08:44:07.0412 0704 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:44:07.0412 0704 storflt - ok
08:44:07.0428 0704 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:44:07.0443 0704 StorSvc - ok
08:44:07.0443 0704 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:44:07.0443 0704 storvsc - ok
08:44:07.0443 0704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:44:07.0459 0704 swenum - ok
08:44:07.0475 0704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:44:07.0506 0704 swprv - ok
08:44:07.0553 0704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:44:07.0584 0704 SysMain - ok
08:44:07.0615 0704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:44:07.0646 0704 TabletInputService - ok
08:44:07.0662 0704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:44:07.0693 0704 TapiSrv - ok
08:44:07.0709 0704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:44:07.0724 0704 TBS - ok
08:44:07.0771 0704 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:44:07.0818 0704 Tcpip - ok
08:44:07.0896 0704 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:44:07.0911 0704 TCPIP6 - ok
08:44:07.0958 0704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:44:07.0990 0704 tcpipreg - ok
08:44:07.0990 0704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:44:07.0990 0704 TDPIPE - ok
08:44:08.0005 0704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:44:08.0005 0704 TDTCP - ok
08:44:08.0021 0704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:44:08.0052 0704 tdx - ok
08:44:08.0052 0704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:44:08.0068 0704 TermDD - ok
08:44:08.0083 0704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:44:08.0130 0704 TermService - ok
08:44:08.0146 0704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:44:08.0161 0704 Themes - ok
08:44:08.0161 0704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:44:08.0192 0704 THREADORDER - ok
08:44:08.0208 0704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:44:08.0239 0704 TrkWks - ok
08:44:08.0239 0704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:44:08.0270 0704 TrustedInstaller - ok
08:44:08.0270 0704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:44:08.0302 0704 tssecsrv - ok
08:44:08.0317 0704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:44:08.0317 0704 TsUsbFlt - ok
08:44:08.0333 0704 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:44:08.0333 0704 TsUsbGD - ok
08:44:08.0348 0704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:44:08.0380 0704 tunnel - ok
08:44:08.0380 0704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:44:08.0395 0704 uagp35 - ok
08:44:08.0411 0704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:44:08.0442 0704 udfs - ok
08:44:08.0442 0704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:44:08.0458 0704 UI0Detect - ok
08:44:08.0473 0704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:44:08.0473 0704 uliagpkx - ok
08:44:08.0489 0704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:44:08.0504 0704 umbus - ok
08:44:08.0504 0704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:44:08.0520 0704 UmPass - ok
08:44:08.0520 0704 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:44:08.0551 0704 UmRdpService - ok
08:44:08.0551 0704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:44:08.0582 0704 upnphost - ok
08:44:08.0598 0704 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:44:08.0614 0704 USBAAPL64 - ok
08:44:08.0614 0704 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:44:08.0629 0704 usbccgp - ok
08:44:08.0629 0704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:44:08.0645 0704 usbcir - ok
08:44:08.0660 0704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:44:08.0660 0704 usbehci - ok
08:44:08.0676 0704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:44:08.0707 0704 usbhub - ok
08:44:08.0707 0704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:44:08.0707 0704 usbohci - ok
08:44:08.0723 0704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:44:08.0738 0704 usbprint - ok
08:44:08.0738 0704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:44:08.0754 0704 USBSTOR - ok
08:44:08.0754 0704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:44:08.0770 0704 usbuhci - ok
08:44:08.0770 0704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:44:08.0801 0704 UxSms - ok
08:44:08.0801 0704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:08.0816 0704 VaultSvc - ok
08:44:08.0816 0704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:44:08.0832 0704 vdrvroot - ok
08:44:08.0848 0704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:44:08.0879 0704 vds - ok
08:44:08.0879 0704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:44:08.0894 0704 vga - ok
08:44:08.0894 0704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:44:08.0926 0704 VgaSave - ok
08:44:08.0941 0704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:44:08.0941 0704 vhdmp - ok
08:44:08.0957 0704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:44:08.0957 0704 viaide - ok
08:44:08.0972 0704 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:44:08.0972 0704 vmbus - ok
08:44:08.0972 0704 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:44:08.0988 0704 VMBusHID - ok
08:44:09.0004 0704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:44:09.0004 0704 volmgr - ok
08:44:09.0019 0704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:44:09.0035 0704 volmgrx - ok
08:44:09.0050 0704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:44:09.0050 0704 volsnap - ok
08:44:09.0066 0704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:44:09.0082 0704 vsmraid - ok
08:44:09.0113 0704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:44:09.0175 0704 VSS - ok
08:44:09.0206 0704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:44:09.0222 0704 vwifibus - ok
08:44:09.0238 0704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:44:09.0253 0704 vwififlt - ok
08:44:09.0269 0704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:44:09.0300 0704 W32Time - ok
08:44:09.0316 0704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:44:09.0316 0704 WacomPen - ok
08:44:09.0331 0704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:09.0362 0704 WANARP - ok
08:44:09.0362 0704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:09.0378 0704 Wanarpv6 - ok
08:44:09.0409 0704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:44:09.0425 0704 WatAdminSvc - ok
08:44:09.0472 0704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:44:09.0518 0704 wbengine - ok
08:44:09.0565 0704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:44:09.0596 0704 WbioSrvc - ok
08:44:09.0612 0704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:44:09.0643 0704 wcncsvc - ok
08:44:09.0643 0704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:44:09.0659 0704 WcsPlugInService - ok
08:44:09.0659 0704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:44:09.0674 0704 Wd - ok
08:44:09.0690 0704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:44:09.0706 0704 Wdf01000 - ok
08:44:09.0706 0704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:09.0721 0704 WdiServiceHost - ok
08:44:09.0721 0704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:09.0737 0704 WdiSystemHost - ok
08:44:09.0752 0704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:44:09.0768 0704 WebClient - ok
08:44:09.0784 0704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:44:09.0815 0704 Wecsvc - ok
08:44:09.0830 0704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:44:09.0862 0704 wercplsupport - ok
08:44:09.0877 0704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:44:09.0893 0704 WerSvc - ok
08:44:09.0893 0704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:44:09.0924 0704 WfpLwf - ok
08:44:09.0924 0704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:44:09.0940 0704 WIMMount - ok
08:44:09.0940 0704 WinDefend - ok
08:44:09.0940 0704 WinHttpAutoProxySvc - ok
08:44:09.0955 0704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:44:09.0986 0704 Winmgmt - ok
08:44:10.0033 0704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:44:10.0096 0704 WinRM - ok
08:44:10.0142 0704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:44:10.0158 0704 WinUsb - ok
08:44:10.0174 0704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:44:10.0205 0704 Wlansvc - ok
08:44:10.0205 0704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:44:10.0205 0704 WmiAcpi - ok
08:44:10.0220 0704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:44:10.0252 0704 wmiApSrv - ok
08:44:10.0252 0704 WMPNetworkSvc - ok
08:44:10.0252 0704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:44:10.0267 0704 WPCSvc - ok
08:44:10.0283 0704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:44:10.0283 0704 WPDBusEnum - ok
08:44:10.0283 0704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:44:10.0314 0704 ws2ifsl - ok
08:44:10.0314 0704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:44:10.0330 0704 wscsvc - ok
08:44:10.0330 0704 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:44:10.0345 0704 WSDPrintDevice - ok
08:44:10.0345 0704 WSearch - ok
08:44:10.0392 0704 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:44:10.0439 0704 wuauserv - ok
08:44:10.0486 0704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:44:10.0517 0704 WudfPf - ok
08:44:10.0532 0704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:44:10.0564 0704 WUDFRd - ok
08:44:10.0579 0704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:44:10.0610 0704 wudfsvc - ok
08:44:10.0610 0704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:44:10.0642 0704 WwanSvc - ok
08:44:10.0642 0704 wytqoddj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wytqoddj.sys
08:44:10.0657 0704 wytqoddj - ok
08:44:10.0657 0704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:44:10.0720 0704 \Device\Harddisk0\DR0 - ok
08:44:10.0720 0704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:44:10.0798 0704 \Device\Harddisk1\DR1 - ok
08:44:10.0813 0704 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR3
08:44:10.0907 0704 \Device\Harddisk2\DR3 - ok
08:44:10.0907 0704 Boot (0x1200) (856cd7687379e0802abed97959266f5e) \Device\Harddisk0\DR0\Partition0
08:44:10.0907 0704 \Device\Harddisk0\DR0\Partition0 - ok
08:44:10.0922 0704 Boot (0x1200) (d23e9890440fc279b9aa18be4e3d6743) \Device\Harddisk0\DR0\Partition1
08:44:10.0922 0704 \Device\Harddisk0\DR0\Partition1 - ok
08:44:10.0954 0704 Boot (0x1200) (a02206c9d50e4d49f02776dbc3570051) \Device\Harddisk1\DR1\Partition0
08:44:10.0954 0704 \Device\Harddisk1\DR1\Partition0 - ok
08:44:10.0954 0704 Boot (0x1200) (a80bbdd4cc545ae92942aca12017bf42) \Device\Harddisk2\DR3\Partition0
08:44:10.0954 0704 \Device\Harddisk2\DR3\Partition0 - ok
08:44:10.0954 0704 ============================================================
08:44:10.0954 0704 Scan finished
08:44:10.0954 0704 ============================================================
08:44:10.0969 1876 Detected object count: 1
08:44:10.0969 1876 Actual detected object count: 1
08:45:13.0069 1876 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:45:13.0069 1876 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:45:56.0402 3736 ============================================================
08:45:56.0402 3736 Scan started
08:45:56.0402 3736 Mode: Manual; SigCheck; TDLFS;
08:45:56.0402 3736 ============================================================
08:45:56.0480 3736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:45:56.0496 3736 1394ohci - ok
08:45:56.0511 3736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:45:56.0511 3736 ACPI - ok
08:45:56.0511 3736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:45:56.0527 3736 AcpiPmi - ok
08:45:56.0558 3736 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:45:56.0558 3736 AdobeFlashPlayerUpdateSvc - ok
08:45:56.0574 3736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:45:56.0589 3736 adp94xx - ok
08:45:56.0589 3736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:45:56.0605 3736 adpahci - ok
08:45:56.0605 3736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:45:56.0620 3736 adpu320 - ok
08:45:56.0636 3736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:45:56.0652 3736 AeLookupSvc - ok
08:45:56.0667 3736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:45:56.0683 3736 AFD - ok
08:45:56.0683 3736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:45:56.0683 3736 agp440 - ok
08:45:56.0698 3736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:45:56.0714 3736 ALG - ok
08:45:56.0714 3736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:45:56.0714 3736 aliide - ok
08:45:56.0714 3736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:45:56.0714 3736 amdide - ok
08:45:56.0730 3736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:45:56.0730 3736 AmdK8 - ok
08:45:56.0745 3736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:45:56.0745 3736 AmdPPM - ok
08:45:56.0761 3736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:45:56.0761 3736 amdsata - ok
08:45:56.0761 3736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:45:56.0776 3736 amdsbs - ok
08:45:56.0776 3736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:45:56.0776 3736 amdxata - ok
08:45:56.0792 3736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:45:56.0808 3736 AppID - ok
08:45:56.0808 3736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:45:56.0823 3736 AppIDSvc - ok
08:45:56.0839 3736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:45:56.0854 3736 Appinfo - ok
08:45:56.0870 3736 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:45:56.0870 3736 Apple Mobile Device - ok
08:45:56.0886 3736 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:45:56.0886 3736 AppMgmt - ok
08:45:56.0901 3736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:45:56.0901 3736 arc - ok
08:45:56.0917 3736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:45:56.0917 3736 arcsas - ok
08:45:56.0932 3736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:56.0948 3736 AsyncMac - ok
08:45:56.0948 3736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:45:56.0948 3736 atapi - ok
08:45:56.0979 3736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:45:56.0995 3736 AudioEndpointBuilder - ok
08:45:56.0995 3736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:45:57.0026 3736 AudioSrv - ok
08:45:57.0026 3736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:45:57.0042 3736 AxInstSV - ok
08:45:57.0057 3736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:45:57.0057 3736 b06bdrv - ok
08:45:57.0073 3736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:45:57.0073 3736 b57nd60a - ok
08:45:57.0088 3736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:45:57.0104 3736 BDESVC - ok
08:45:57.0104 3736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:45:57.0120 3736 Beep - ok
08:45:57.0135 3736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:45:57.0166 3736 BITS - ok
08:45:57.0166 3736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:45:57.0166 3736 blbdrive - ok
08:45:57.0182 3736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:45:57.0182 3736 bowser - ok
08:45:57.0182 3736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:45:57.0198 3736 BrFiltLo - ok
08:45:57.0198 3736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:45:57.0213 3736 BrFiltUp - ok
08:45:57.0213 3736 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:45:57.0244 3736 BridgeMP - ok
08:45:57.0244 3736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:45:57.0276 3736 Browser - ok
08:45:57.0276 3736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:45:57.0291 3736 Brserid - ok
08:45:57.0291 3736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:45:57.0291 3736 BrSerWdm - ok
08:45:57.0291 3736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:45:57.0307 3736 BrUsbMdm - ok
08:45:57.0307 3736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:45:57.0307 3736 BrUsbSer - ok
08:45:57.0322 3736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:45:57.0338 3736 BTHMODEM - ok
08:45:57.0338 3736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:45:57.0369 3736 bthserv - ok
08:45:57.0369 3736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:45:57.0385 3736 cdfs - ok
08:45:57.0400 3736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:45:57.0400 3736 cdrom - ok
08:45:57.0416 3736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:45:57.0432 3736 CertPropSvc - ok
08:45:57.0447 3736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:45:57.0447 3736 circlass - ok
08:45:57.0463 3736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:45:57.0463 3736 CLFS - ok
08:45:57.0478 3736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:57.0494 3736 clr_optimization_v2.0.50727_32 - ok
08:45:57.0494 3736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:45:57.0494 3736 clr_optimization_v2.0.50727_64 - ok
08:45:57.0510 3736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:45:57.0510 3736 CmBatt - ok
08:45:57.0510 3736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:45:57.0525 3736 cmdide - ok
08:45:57.0525 3736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:45:57.0541 3736 CNG - ok
08:45:57.0541 3736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:45:57.0556 3736 Compbatt - ok
08:45:57.0556 3736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:45:57.0572 3736 CompositeBus - ok
08:45:57.0572 3736 COMSysApp - ok
08:45:57.0572 3736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:45:57.0572 3736 crcdisk - ok
08:45:57.0588 3736 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:45:57.0603 3736 CryptSvc - ok
08:45:57.0619 3736 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:45:57.0634 3736 CSC - ok
08:45:57.0650 3736 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:45:57.0666 3736 CscService - ok
08:45:57.0666 3736 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
08:45:57.0666 3736 dc3d - ok
08:45:57.0681 3736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:45:57.0712 3736 DcomLaunch - ok
08:45:57.0712 3736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:45:57.0744 3736 defragsvc - ok
08:45:57.0744 3736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:45:57.0759 3736 DfsC - ok
08:45:57.0775 3736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:45:57.0806 3736 Dhcp - ok
08:45:57.0806 3736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:45:57.0822 3736 discache - ok
08:45:57.0837 3736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:45:57.0837 3736 Disk - ok
08:45:57.0853 3736 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:45:57.0853 3736 dmvsc - ok
08:45:57.0868 3736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:45:57.0868 3736 Dnscache - ok
08:45:57.0884 3736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:45:57.0900 3736 dot3svc - ok
08:45:57.0915 3736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:45:57.0931 3736 DPS - ok
08:45:57.0931 3736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:45:57.0946 3736 drmkaud - ok
08:45:57.0962 3736 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:45:57.0962 3736 dtsoftbus01 - ok
08:45:57.0978 3736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:45:57.0993 3736 DXGKrnl - ok
08:45:58.0009 3736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:45:58.0024 3736 EapHost - ok
08:45:58.0102 3736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:45:58.0118 3736 ebdrv - ok
08:45:58.0165 3736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:45:58.0165 3736 EFS - ok
08:45:58.0180 3736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:45:58.0196 3736 ehRecvr - ok
08:45:58.0212 3736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:45:58.0212 3736 ehSched - ok
08:45:58.0243 3736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:45:58.0243 3736 elxstor - ok
08:45:58.0243 3736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:45:58.0258 3736 ErrDev - ok
08:45:58.0274 3736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:45:58.0290 3736 EventSystem - ok
08:45:58.0305 3736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:45:58.0321 3736 exfat - ok
08:45:58.0321 3736 exittbqx (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\exittbqx.sys
08:45:58.0336 3736 exittbqx - ok
08:45:58.0336 3736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:45:58.0368 3736 fastfat - ok
08:45:58.0383 3736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:45:58.0383 3736 Fax - ok
08:45:58.0399 3736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:45:58.0399 3736 fdc - ok
08:45:58.0399 3736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:45:58.0414 3736 fdPHost - ok
08:45:58.0430 3736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:45:58.0446 3736 FDResPub - ok
08:45:58.0461 3736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:45:58.0461 3736 FileInfo - ok
08:45:58.0461 3736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:45:58.0492 3736 Filetrace - ok
08:45:58.0492 3736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:45:58.0492 3736 flpydisk - ok
08:45:58.0508 3736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:45:58.0524 3736 FltMgr - ok
08:45:58.0539 3736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:45:58.0555 3736 FontCache - ok
08:45:58.0555 3736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:45:58.0570 3736 FontCache3.0.0.0 - ok
08:45:58.0570 3736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:45:58.0586 3736 FsDepends - ok
08:45:58.0586 3736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:45:58.0586 3736 Fs_Rec - ok
08:45:58.0602 3736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:45:58.0602 3736 fvevol - ok
08:45:58.0617 3736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:45:58.0617 3736 gagp30kx - ok
08:45:58.0617 3736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:45:58.0633 3736 GEARAspiWDM - ok
08:45:58.0648 3736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:45:58.0664 3736 gpsvc - ok
08:45:58.0680 3736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:45:58.0680 3736 hcw85cir - ok
08:45:58.0695 3736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:45:58.0711 3736 HdAudAddService - ok
08:45:58.0711 3736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:45:58.0726 3736 HDAudBus - ok
08:45:58.0726 3736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:45:58.0726 3736 HidBatt - ok
08:45:58.0742 3736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:45:58.0758 3736 HidBth - ok
08:45:58.0758 3736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:45:58.0773 3736 HidIr - ok
08:45:58.0773 3736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:45:58.0789 3736 hidserv - ok
08:45:58.0804 3736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:45:58.0804 3736 HidUsb - ok
08:45:58.0820 3736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:45:58.0836 3736 hkmsvc - ok
08:45:58.0836 3736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:45:58.0851 3736 HomeGroupListener - ok
08:45:58.0867 3736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:45:58.0867 3736 HomeGroupProvider - ok
08:45:58.0882 3736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:45:58.0882 3736 HpSAMD - ok
08:45:58.0882 3736 HPSIService (f7bc8c61850e51fada9087b6d3155023) C:\Windows\system32\HPSIsvc.exe
08:45:58.0898 3736 HPSIService - ok
08:45:58.0914 3736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:45:58.0929 3736 HTTP - ok
08:45:58.0929 3736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:45:58.0945 3736 hwpolicy - ok
08:45:58.0960 3736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:45:58.0960 3736 i8042prt - ok
08:45:58.0976 3736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:45:58.0976 3736 iaStorV - ok
08:45:58.0992 3736 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:45:58.0992 3736 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:45:58.0992 3736 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:45:59.0007 3736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:45:59.0023 3736 idsvc - ok
08:45:59.0070 3736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:45:59.0070 3736 iirsp - ok
08:45:59.0101 3736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:45:59.0116 3736 IKEEXT - ok
08:45:59.0179 3736 IntcAzAudAddService (177b4e48c7a288e70779b42ab81d2d06) C:\Windows\system32\drivers\RTKVHD64.sys
08:45:59.0210 3736 IntcAzAudAddService - ok
08:45:59.0241 3736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:45:59.0257 3736 intelide - ok
08:45:59.0257 3736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:45:59.0272 3736 intelppm - ok
08:45:59.0272 3736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:45:59.0288 3736 IPBusEnum - ok
08:45:59.0304 3736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:45:59.0319 3736 IpFilterDriver - ok
08:45:59.0335 3736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:45:59.0366 3736 iphlpsvc - ok
08:45:59.0366 3736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:45:59.0382 3736 IPMIDRV - ok
08:45:59.0382 3736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:45:59.0413 3736 IPNAT - ok
08:45:59.0428 3736 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:45:59.0444 3736 iPod Service - ok
08:45:59.0444 3736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:45:59.0444 3736 IRENUM - ok
08:45:59.0460 3736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:45:59.0460 3736 isapnp - ok
08:45:59.0475 3736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:45:59.0475 3736 iScsiPrt - ok
08:45:59.0491 3736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:45:59.0491 3736 kbdclass - ok
08:45:59.0491 3736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:45:59.0506 3736 kbdhid - ok
08:45:59.0506 3736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:45:59.0506 3736 KeyIso - ok
08:45:59.0506 3736 KMService - ok
08:45:59.0522 3736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:45:59.0522 3736 KSecDD - ok
08:45:59.0538 3736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:45:59.0538 3736 KSecPkg - ok
08:45:59.0538 3736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:45:59.0569 3736 ksthunk - ok
08:45:59.0569 3736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:45:59.0600 3736 KtmRm - ok
08:45:59.0600 3736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:45:59.0631 3736 LanmanServer - ok
08:45:59.0631 3736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:45:59.0647 3736 LanmanWorkstation - ok
08:45:59.0662 3736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:45:59.0678 3736 lltdio - ok
08:45:59.0694 3736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:45:59.0709 3736 lltdsvc - ok
08:45:59.0709 3736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:45:59.0740 3736 lmhosts - ok
08:45:59.0740 3736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:45:59.0756 3736 LSI_FC - ok
08:45:59.0756 3736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:45:59.0772 3736 LSI_SAS - ok
08:45:59.0772 3736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:45:59.0787 3736 LSI_SAS2 - ok
08:45:59.0787 3736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:45:59.0803 3736 LSI_SCSI - ok
08:45:59.0803 3736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:45:59.0834 3736 luafv - ok
08:45:59.0834 3736 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
08:45:59.0834 3736 MBfilt - ok
08:45:59.0850 3736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:45:59.0850 3736 Mcx2Svc - ok
08:45:59.0850 3736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:45:59.0865 3736 megasas - ok
08:45:59.0881 3736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:45:59.0881 3736 MegaSR - ok
08:45:59.0896 3736 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:45:59.0896 3736 MEIx64 - ok
08:45:59.0896 3736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:45:59.0928 3736 MMCSS - ok
08:45:59.0928 3736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:45:59.0943 3736 Modem - ok
08:45:59.0959 3736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:45:59.0959 3736 monitor - ok
08:45:59.0959 3736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:45:59.0974 3736 mouclass - ok
08:45:59.0974 3736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:45:59.0974 3736 mouhid - ok
08:45:59.0990 3736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:45:59.0990 3736 mountmgr - ok
08:46:00.0006 3736 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:46:00.0006 3736 MpFilter - ok
08:46:00.0021 3736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:46:00.0021 3736 mpio - ok
08:46:00.0037 3736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:46:00.0052 3736 mpsdrv - ok
08:46:00.0068 3736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:46:00.0084 3736 MRxDAV - ok
08:46:00.0084 3736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:46:00.0099 3736 mrxsmb - ok
08:46:00.0115 3736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:46:00.0115 3736 mrxsmb10 - ok
08:46:00.0130 3736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:46:00.0130 3736 mrxsmb20 - ok
08:46:00.0130 3736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:46:00.0146 3736 msahci - ok
08:46:00.0146 3736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:46:00.0162 3736 msdsm - ok
08:46:00.0177 3736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:46:00.0177 3736 MSDTC - ok
08:46:00.0177 3736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:46:00.0208 3736 Msfs - ok
08:46:00.0208 3736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:46:00.0224 3736 mshidkmdf - ok
08:46:00.0224 3736 MSICDSetup - ok
08:46:00.0224 3736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:46:00.0240 3736 msisadrv - ok
08:46:00.0240 3736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:46:00.0271 3736 MSiSCSI - ok
08:46:00.0271 3736 msiserver - ok
08:46:00.0271 3736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:46:00.0286 3736 MSKSSRV - ok
08:46:00.0286 3736 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:46:00.0302 3736 MsMpSvc - ok
08:46:00.0302 3736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:46:00.0318 3736 MSPCLOCK - ok
08:46:00.0318 3736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:46:00.0333 3736 MSPQM - ok
08:46:00.0349 3736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:46:00.0364 3736 MsRPC - ok
08:46:00.0364 3736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:46:00.0364 3736 mssmbios - ok
08:46:00.0380 3736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:46:00.0396 3736 MSTEE - ok
08:46:00.0396 3736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:46:00.0396 3736 MTConfig - ok
08:46:00.0411 3736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:46:00.0411 3736 Mup - ok
08:46:00.0411 3736 mvusbews (f1b096bf8c2a7a5a1e42dc5a13e35952) C:\Windows\system32\Drivers\mvusbews.sys
08:46:00.0427 3736 mvusbews - ok
08:46:00.0442 3736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:46:00.0458 3736 napagent - ok
08:46:00.0474 3736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:46:00.0489 3736 NativeWifiP - ok
08:46:00.0505 3736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:46:00.0520 3736 NDIS - ok
08:46:00.0520 3736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:46:00.0536 3736 NdisCap - ok
08:46:00.0552 3736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:46:00.0598 3736 NdisTapi - ok
08:46:00.0598 3736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:46:00.0614 3736 Ndisuio - ok
08:46:00.0630 3736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:46:00.0645 3736 NdisWan - ok
08:46:00.0661 3736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:46:00.0676 3736 NDProxy - ok
08:46:00.0676 3736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:46:00.0708 3736 NetBIOS - ok
08:46:00.0708 3736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:46:00.0739 3736 NetBT - ok
08:46:00.0739 3736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:46:00.0739 3736 Netlogon - ok
08:46:00.0754 3736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:46:00.0786 3736 Netman - ok
08:46:00.0801 3736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:46:00.0817 3736 netprofm - ok
08:46:00.0832 3736 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:46:00.0832 3736 NetTcpPortSharing - ok
08:46:00.0848 3736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:46:00.0848 3736 nfrd960 - ok
08:46:00.0848 3736 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:46:00.0864 3736 NisDrv - ok
08:46:00.0864 3736 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
08:46:00.0879 3736 NisSrv - ok
08:46:00.0895 3736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:46:00.0910 3736 NlaSvc - ok
08:46:00.0910 3736 nmfmfx - ok
08:46:00.0910 3736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:46:00.0942 3736 Npfs - ok
08:46:00.0942 3736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:46:00.0957 3736 nsi - ok
08:46:00.0957 3736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:46:00.0988 3736 nsiproxy - ok
08:46:01.0020 3736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:46:01.0035 3736 Ntfs - ok
08:46:01.0082 3736 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:46:01.0082 3736 NuidFltr - ok
08:46:01.0082 3736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:46:01.0098 3736 Null - ok
08:46:01.0113 3736 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:46:01.0113 3736 nusb3hub - ok
08:46:01.0129 3736 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:46:01.0129 3736 nusb3xhc - ok
08:46:01.0144 3736 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
08:46:01.0144 3736 NVHDA - ok
08:46:01.0394 3736 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:46:01.0519 3736 nvlddmkm - ok
08:46:01.0566 3736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:46:01.0581 3736 nvraid - ok
08:46:01.0581 3736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:46:01.0597 3736 nvstor - ok
08:46:01.0612 3736 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
08:46:01.0628 3736 NVSvc - ok
08:46:01.0675 3736 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:46:01.0706 3736 nvUpdatusService - ok
08:46:01.0753 3736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:46:01.0768 3736 nv_agp - ok
08:46:01.0768 3736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:46:01.0784 3736 ohci1394 - ok
08:46:01.0784 3736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:46:01.0800 3736 ose - ok
08:46:01.0893 3736 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:46:01.0940 3736 osppsvc - ok
08:46:01.0987 3736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:46:02.0002 3736 p2pimsvc - ok
08:46:02.0018 3736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:46:02.0018 3736 p2psvc - ok
08:46:02.0034 3736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:46:02.0034 3736 Parport - ok
08:46:02.0049 3736 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:46:02.0049 3736 partmgr - ok
08:46:02.0065 3736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:46:02.0080 3736 PcaSvc - ok
08:46:02.0096 3736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:46:02.0096 3736 pci - ok
08:46:02.0096 3736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:46:02.0112 3736 pciide - ok
08:46:02.0112 3736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:46:02.0112 3736 pcmcia - ok
08:46:02.0127 3736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:46:02.0127 3736 pcw - ok
08:46:02.0143 3736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:46:02.0174 3736 PEAUTH - ok
08:46:02.0205 3736 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:46:02.0221 3736 PeerDistSvc - ok
08:46:02.0236 3736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:46:02.0252 3736 PerfHost - ok
08:46:02.0314 3736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:46:02.0346 3736 pla - ok
08:46:02.0361 3736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:46:02.0361 3736 PlugPlay - ok
08:46:02.0377 3736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:46:02.0377 3736 PNRPAutoReg - ok
08:46:02.0392 3736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:46:02.0392 3736 PNRPsvc - ok
08:46:02.0408 3736 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:46:02.0408 3736 Point64 - ok
08:46:02.0424 3736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:46:02.0455 3736 PolicyAgent - ok
08:46:02.0455 3736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:46:02.0486 3736 Power - ok
08:46:02.0486 3736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:46:02.0502 3736 PptpMiniport - ok
08:46:02.0517 3736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:46:02.0517 3736 Processor - ok
08:46:02.0533 3736 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:46:02.0548 3736 ProfSvc - ok
08:46:02.0564 3736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:46:02.0564 3736 ProtectedStorage - ok
08:46:02.0580 3736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:46:02.0595 3736 Psched - ok
08:46:02.0626 3736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:46:02.0642 3736 ql2300 - ok
08:46:02.0689 3736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:46:02.0704 3736 ql40xx - ok
08:46:02.0704 3736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:46:02.0720 3736 QWAVE - ok
08:46:02.0736 3736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:46:02.0736 3736 QWAVEdrv - ok
08:46:02.0736 3736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:46:02.0767 3736 RasAcd - ok
08:46:02.0767 3736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:46:02.0782 3736 RasAgileVpn - ok
08:46:02.0798 3736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:46:02.0814 3736 RasAuto - ok
08:46:02.0829 3736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:46:02.0845 3736 Rasl2tp - ok
08:46:02.0860 3736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:46:02.0876 3736 RasMan - ok
08:46:02.0892 3736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:46:02.0907 3736 RasPppoe - ok
08:46:02.0923 3736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:46:02.0938 3736 RasSstp - ok
08:46:02.0954 3736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:46:02.0970 3736 rdbss - ok
08:46:02.0985 3736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:46:02.0985 3736 rdpbus - ok
08:46:02.0985 3736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:46:03.0016 3736 RDPCDD - ok
08:46:03.0016 3736 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:46:03.0016 3736 RDPDR - ok
08:46:03.0016 3736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:46:03.0048 3736 RDPENCDD - ok
08:46:03.0048 3736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:46:03.0063 3736 RDPREFMP - ok
08:46:03.0079 3736 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:46:03.0079 3736 RDPWD - ok
08:46:03.0094 3736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:46:03.0094 3736 rdyboost - ok
08:46:03.0110 3736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:46:03.0126 3736 RemoteAccess - ok
08:46:03.0141 3736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:46:03.0157 3736 RemoteRegistry - ok
08:46:03.0172 3736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:46:03.0188 3736 RpcEptMapper - ok
08:46:03.0204 3736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:46:03.0204 3736 RpcLocator - ok
08:46:03.0219 3736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:46:03.0235 3736 RpcSs - ok
08:46:03.0250 3736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:46:03.0266 3736 rspndr - ok
08:46:03.0282 3736 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:46:03.0297 3736 RTL8167 - ok
08:46:03.0328 3736 rtl8192se (789c177a1529f0453c625c68a4ef2f00) C:\Windows\system32\DRIVERS\rtl8192se.sys
08:46:03.0344 3736 rtl8192se - ok
08:46:03.0344 3736 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:46:03.0344 3736 s3cap - ok
08:46:03.0360 3736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:46:03.0360 3736 SamSs - ok
08:46:03.0375 3736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:46:03.0375 3736 sbp2port - ok
08:46:03.0391 3736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:46:03.0406 3736 SCardSvr - ok
08:46:03.0406 3736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:46:03.0438 3736 scfilter - ok
08:46:03.0453 3736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:46:03.0484 3736 Schedule - ok
08:46:03.0500 3736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:46:03.0516 3736 SCPolicySvc - ok
08:46:03.0531 3736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:46:03.0531 3736 SDRSVC - ok
08:46:03.0531 3736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:46:03.0562 3736 secdrv - ok
08:46:03.0562 3736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:46:03.0578 3736 seclogon - ok
08:46:03.0594 3736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:46:03.0609 3736 SENS - ok
08:46:03.0609 3736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:46:03.0625 3736 SensrSvc - ok
08:46:03.0625 3736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:46:03.0625 3736 Serenum - ok
08:46:03.0640 3736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:46:03.0640 3736 Serial - ok
08:46:03.0640 3736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:46:03.0656 3736 sermouse - ok
08:46:03.0672 3736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:46:03.0687 3736 SessionEnv - ok
08:46:03.0687 3736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:46:03.0687 3736 sffdisk - ok
08:46:03.0703 3736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:46:03.0703 3736 sffp_mmc - ok
08:46:03.0703 3736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:46:03.0718 3736 sffp_sd - ok
08:46:03.0718 3736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:46:03.0718 3736 sfloppy - ok
08:46:03.0734 3736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:46:03.0765 3736 ShellHWDetection - ok
08:46:03.0765 3736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:46:03.0765 3736 SiSRaid2 - ok
08:46:03.0781 3736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:46:03.0796 3736 SiSRaid4 - ok
08:46:03.0796 3736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:46:03.0828 3736 Smb - ok
08:46:03.0828 3736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:46:03.0828 3736 SNMPTRAP - ok
08:46:03.0828 3736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:46:03.0843 3736 spldr - ok
08:46:03.0859 3736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:46:03.0874 3736 Spooler - ok
08:46:03.0952 3736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:46:03.0999 3736 sppsvc - ok
08:46:04.0030 3736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:46:04.0046 3736 sppuinotify - ok
08:46:04.0062 3736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:46:04.0077 3736 srv - ok
08:46:04.0093 3736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:46:04.0093 3736 srv2 - ok
08:46:04.0108 3736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:46:04.0108 3736 srvnet - ok
08:46:04.0124 3736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:46:04.0140 3736 SSDPSRV - ok
08:46:04.0155 3736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:46:04.0171 3736 SstpSvc - ok
08:46:04.0186 3736 Stereo Service (284303d0b36d7825851a8ad752439e3b) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:46:04.0202 3736 Stereo Service - ok
08:46:04.0202 3736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:46:04.0202 3736 stexstor - ok
08:46:04.0218 3736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:46:04.0233 3736 stisvc - ok
08:46:04.0249 3736 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:46:04.0249 3736 storflt - ok
08:46:04.0249 3736 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:46:04.0264 3736 StorSvc - ok
08:46:04.0264 3736 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:46:04.0264 3736 storvsc - ok
08:46:04.0264 3736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:46:04.0280 3736 swenum - ok
08:46:04.0280 3736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:46:04.0311 3736 swprv - ok
08:46:04.0342 3736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:46:04.0374 3736 SysMain - ok
08:46:04.0405 3736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:46:04.0420 3736 TabletInputService - ok
08:46:04.0436 3736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:46:04.0452 3736 TapiSrv - ok
08:46:04.0467 3736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:46:04.0483 3736 TBS - ok
08:46:04.0530 3736 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:46:04.0545 3736 Tcpip - ok
08:46:04.0623 3736 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:46:04.0654 3736 TCPIP6 - ok
08:46:04.0701 3736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:46:04.0717 3736 tcpipreg - ok
08:46:04.0717 3736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:46:04.0717 3736 TDPIPE - ok
08:46:04.0732 3736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:46:04.0732 3736 TDTCP - ok
08:46:04.0748 3736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:46:04.0764 3736 tdx - ok
08:46:04.0779 3736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:46:04.0779 3736 TermDD - ok
08:46:04.0810 3736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:46:04.0826 3736 TermService - ok
08:46:04.0842 3736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:46:04.0842 3736 Themes - ok
08:46:04.0857 3736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:46:04.0873 3736 THREADORDER - ok
08:46:04.0888 3736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:46:04.0904 3736 TrkWks - ok
08:46:04.0920 3736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:46:04.0935 3736 TrustedInstaller - ok
08:46:04.0935 3736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:46:04.0966 3736 tssecsrv - ok
08:46:04.0966 3736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:46:04.0982 3736 TsUsbFlt - ok
08:46:04.0982 3736 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:46:04.0982 3736 TsUsbGD - ok
08:46:04.0998 3736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:46:05.0013 3736 tunnel - ok
08:46:05.0029 3736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:46:05.0029 3736 uagp35 - ok
08:46:05.0044 3736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:46:05.0060 3736 udfs - ok
08:46:05.0076 3736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:46:05.0076 3736 UI0Detect - ok
08:46:05.0091 3736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:46:05.0091 3736 uliagpkx - ok
08:46:05.0091 3736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:46:05.0107 3736 umbus - ok
08:46:05.0107 3736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:46:05.0107 3736 UmPass - ok
08:46:05.0122 3736 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:46:05.0122 3736 UmRdpService - ok
08:46:05.0138 3736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:46:05.0169 3736 upnphost - ok
08:46:05.0169 3736 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:46:05.0169 3736 USBAAPL64 - ok
08:46:05.0185 3736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:46:05.0185 3736 usbccgp - ok
08:46:05.0200 3736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:46:05.0200 3736 usbcir - ok
08:46:05.0216 3736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:46:05.0216 3736 usbehci - ok
08:46:05.0232 3736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:46:05.0232 3736 usbhub - ok
08:46:05.0247 3736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:46:05.0247 3736 usbohci - ok
08:46:05.0247 3736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:46:05.0263 3736 usbprint - ok
08:46:05.0263 3736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:46:05.0278 3736 USBSTOR - ok
08:46:05.0278 3736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:46:05.0278 3736 usbuhci - ok
08:46:05.0294 3736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:46:05.0310 3736 UxSms - ok
08:46:05.0325 3736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:46:05.0325 3736 VaultSvc - ok
08:46:05.0325 3736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:46:05.0341 3736 vdrvroot - ok
08:46:05.0356 3736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:46:05.0372 3736 vds - ok
08:46:05.0372 3736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:46:05.0388 3736 vga - ok
08:46:05.0388 3736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:46:05.0419 3736 VgaSave - ok
08:46:05.0419 3736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:46:05.0434 3736 vhdmp - ok
08:46:05.0434 3736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:46:05.0434 3736 viaide - ok
08:46:05.0450 3736 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:46:05.0450 3736 vmbus - ok
08:46:05.0450 3736 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:46:05.0466 3736 VMBusHID - ok
08:46:05.0466 3736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:46:05.0481 3736 volmgr - ok
08:46:05.0481 3736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:46:05.0497 3736 volmgrx - ok
08:46:05.0512 3736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:46:05.0512 3736 volsnap - ok
08:46:05.0528 3736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:46:05.0528 3736 vsmraid - ok
08:46:05.0575 3736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:46:05.0606 3736 VSS - ok
08:46:05.0637 3736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:46:05.0653 3736 vwifibus - ok
08:46:05.0653 3736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:46:05.0668 3736 vwififlt - ok
08:46:05.0684 3736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:46:05.0700 3736 W32Time - ok
08:46:05.0700 3736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:46:05.0715 3736 WacomPen - ok
08:46:05.0731 3736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:46:05.0746 3736 WANARP - ok
08:46:05.0746 3736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:46:05.0762 3736 Wanarpv6 - ok
08:46:05.0793 3736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:46:05.0809 3736 WatAdminSvc - ok
08:46:05.0856 3736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:46:05.0871 3736 wbengine - ok
08:46:05.0902 3736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:46:05.0918 3736 WbioSrvc - ok
08:46:05.0934 3736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:46:05.0949 3736 wcncsvc - ok
08:46:05.0949 3736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:46:05.0949 3736 WcsPlugInService - ok
08:46:05.0965 3736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:46:05.0965 3736 Wd - ok
08:46:05.0980 3736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:46:05.0996 3736 Wdf01000 - ok
08:46:05.0996 3736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:46:06.0012 3736 WdiServiceHost - ok
08:46:06.0012 3736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:46:06.0027 3736 WdiSystemHost - ok
08:46:06.0027 3736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:46:06.0043 3736 WebClient - ok
08:46:06.0058 3736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:46:06.0074 3736 Wecsvc - ok
08:46:06.0090 3736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:46:06.0105 3736 wercplsupport - ok
08:46:06.0121 3736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:46:06.0136 3736 WerSvc - ok
08:46:06.0136 3736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:46:06.0168 3736 WfpLwf - ok
08:46:06.0168 3736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:46:06.0168 3736 WIMMount - ok
08:46:06.0168 3736 WinDefend - ok
08:46:06.0168 3736 WinHttpAutoProxySvc - ok
08:46:06.0183 3736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:46:06.0214 3736 Winmgmt - ok
08:46:06.0261 3736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:46:06.0292 3736 WinRM - ok
08:46:06.0339 3736 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:46:06.0339 3736 WinUsb - ok
08:46:06.0355 3736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:46:06.0370 3736 Wlansvc - ok
08:46:06.0386 3736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:46:06.0386 3736 WmiAcpi - ok
08:46:06.0402 3736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:46:06.0402 3736 wmiApSrv - ok
08:46:06.0417 3736 WMPNetworkSvc - ok
08:46:06.0417 3736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:46:06.0417 3736 WPCSvc - ok
08:46:06.0433 3736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:46:06.0448 3736 WPDBusEnum - ok
08:46:06.0448 3736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:46:06.0464 3736 ws2ifsl - ok
08:46:06.0480 3736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:46:06.0480 3736 wscsvc - ok
08:46:06.0495 3736 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:46:06.0495 3736 WSDPrintDevice - ok
08:46:06.0495 3736 WSearch - ok
08:46:06.0542 3736 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:46:06.0573 3736 wuauserv - ok
08:46:06.0636 3736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:46:06.0651 3736 WudfPf - ok
08:46:06.0667 3736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:46:06.0682 3736 WUDFRd - ok
08:46:06.0682 3736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:46:06.0714 3736 wudfsvc - ok
08:46:06.0714 3736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:46:06.0729 3736 WwanSvc - ok
08:46:06.0745 3736 wytqoddj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wytqoddj.sys
08:46:06.0745 3736 wytqoddj - ok
08:46:06.0745 3736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:46:06.0807 3736 \Device\Harddisk0\DR0 - ok
08:46:06.0823 3736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:46:06.0885 3736 \Device\Harddisk1\DR1 - ok
08:46:06.0916 3736 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR3
08:46:07.0010 3736 \Device\Harddisk2\DR3 - ok
08:46:07.0010 3736 Boot (0x1200) (856cd7687379e0802abed97959266f5e) \Device\Harddisk0\DR0\Partition0
08:46:07.0010 3736 \Device\Harddisk0\DR0\Partition0 - ok
08:46:07.0010 3736 Boot (0x1200) (d23e9890440fc279b9aa18be4e3d6743) \Device\Harddisk0\DR0\Partition1
08:46:07.0010 3736 \Device\Harddisk0\DR0\Partition1 - ok
08:46:07.0041 3736 Boot (0x1200) (a02206c9d50e4d49f02776dbc3570051) \Device\Harddisk1\DR1\Partition0
08:46:07.0041 3736 \Device\Harddisk1\DR1\Partition0 - ok
08:46:07.0041 3736 Boot (0x1200) (a80bbdd4cc545ae92942aca12017bf42) \Device\Harddisk2\DR3\Partition0
08:46:07.0041 3736 \Device\Harddisk2\DR3\Partition0 - ok
08:46:07.0041 3736 ============================================================
08:46:07.0041 3736 Scan finished
08:46:07.0041 3736 ============================================================
08:46:07.0041 2564 Detected object count: 1
08:46:07.0041 2564 Actual detected object count: 1
08:46:34.0170 2564 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:46:34.0170 2564 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:46:41.0564 4080 Deinitialize success

2) Farbar Service Scanner

Farbar Service Scanner Version: 05-06-2012
Ran by Joseph *REMOVED* (administrator) on 06-06-2012 at 08:50:08
Running from "D:\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

It would not let me put everything in one post because it was too long. Here is the rest.

3) OTL Scanner

OTL logfile created on: 6/6/2012 8:52:48 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = D:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.94 Gb Available Physical Memory | 87.00% Memory free
15.94 Gb Paging File | 14.58 Gb Available in Paging File | 91.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 37.03 Gb Free Space | 49.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 380.48 Gb Free Space | 81.69% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 182.14 Gb Free Space | 78.21% Space Free | Partition Type: exFAT

Computer Name: JOSEPH-PC | User Name: Joseph *REMOVED* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 08:51:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2012/06/06 08:49:51 | 000,338,059 | ---- | M] () -- D:\Desktop\FSS.exe
PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat\Acrobat\acrotray.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/20 16:33:22 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 08:49:51 | 000,338,059 | ---- | M] () -- D:\Desktop\FSS.exe
MOD - [2012/05/22 20:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 20:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 20:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 20:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 20:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 20:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 20:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/10 21:08:32 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2010/11/20 22:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/04 20:58:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/09 23:26:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/20 16:33:22 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/05 22:40:23 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wytqoddj.sys -- (wytqoddj)
DRV:64bit: - [2012/06/05 22:27:35 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\exittbqx.sys -- (exittbqx)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/30 17:16:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/08 02:28:44 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/20 17:07:08 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 10:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B D2 28 27 6F EB CC 01 [binary data]
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2984130202-553733383-943653490-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joseph *REMOVED*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joseph *REMOVED*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Browser\WCFirefoxExtn [2012/04/10 15:51:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Entanglement = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Poppit = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Gmail = C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/03 09:38:53 | 000,000,821 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2984130202-553733383-943653490-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2984130202-553733383-943653490-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D58EE1BD-AD13-46F5-8C18-0214A6B9E1DB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAFA7B4E-030A-45E8-B97E-11F87FA26C5B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/06 08:51:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012/06/06 08:41:06 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- D:\Desktop\tdsskiller.exe
[2012/06/05 22:40:23 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wytqoddj.sys
[2012/06/05 22:27:35 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\exittbqx.sys
[2012/06/05 18:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/05 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/04 20:50:37 | 000,607,260 | R--- | C] (Swearware) -- D:\Desktop\dds.scr
[2012/06/04 20:35:24 | 004,731,392 | ---- | C] (AVAST Software) -- D:\Desktop\aswMBR.exe
[2012/06/03 12:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/06/03 12:52:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\QuickScan
[2012/06/03 12:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/03 12:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/03 11:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2012/06/03 10:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 10:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/03 10:06:13 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/03 10:06:13 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/03 10:06:11 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/03 10:06:11 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/03 10:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/31 21:08:30 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2012/05/31 18:56:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/28 18:07:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012/05/28 18:07:30 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empires Dawn of the Modern World
[2012/05/28 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empires Dawn of the Modern World
[2012/05/28 13:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/05/27 20:28:54 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\GameRanger
[2012/05/27 19:24:42 | 000,000,000 | ---D | C] -- D:\Documents\My Games
[2012/05/27 19:24:28 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft Games
[2012/05/27 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/05/27 19:21:11 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/27 19:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/27 19:08:41 | 000,000,000 | ---D | C] -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/27 19:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/27 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/05/14 07:35:34 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/14 07:35:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/14 07:35:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/14 07:35:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 08:51:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012/06/06 08:49:51 | 000,338,059 | ---- | M] () -- D:\Desktop\FSS.exe
[2012/06/06 08:41:04 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- D:\Desktop\tdsskiller.exe
[2012/06/06 08:33:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004UA.job
[2012/06/06 08:32:58 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1000UA.job
[2012/06/06 08:32:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 08:32:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/05 23:10:06 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 23:10:06 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 22:40:23 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wytqoddj.sys
[2012/06/05 22:36:54 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/05 22:36:54 | 000,620,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/05 22:36:54 | 000,105,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 22:27:35 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\exittbqx.sys
[2012/06/05 22:26:46 | 2124,951,551 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 18:26:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/05 18:25:11 | 000,734,642 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/05 18:22:08 | 000,284,651 | ---- | M] () -- C:\ProgramData\1338938297.bdinstall.bin
[2012/06/05 09:07:27 | 000,111,582 | ---- | M] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2012/06/04 22:09:10 | 001,012,656 | ---- | M] () -- D:\Desktop\rkill.exe
[2012/06/04 20:58:49 | 000,607,260 | R--- | M] (Swearware) -- D:\Desktop\dds.scr
[2012/06/04 20:35:43 | 004,731,392 | ---- | M] (AVAST Software) -- D:\Desktop\aswMBR.exe
[2012/06/04 20:10:19 | 000,000,168 | ---- | M] () -- C:\Users\Joseph *REMOVED*\defogger_reenable
[2012/06/04 15:36:52 | 000,000,600 | ---- | M] () -- C:\Users\Joseph *REMOVED*\AppData\Roaming\winscp.rnd
[2012/06/03 13:04:51 | 000,255,970 | ---- | M] () -- C:\ProgramData\1338745879.bdinstall.bin
[2012/06/03 12:56:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/03 11:13:33 | 000,000,000 | ---- | M] () -- C:\Users\Joseph *REMOVED*\copy
[2012/06/03 10:06:09 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/03 10:06:09 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/03 09:38:53 | 000,000,821 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/03 09:33:34 | 000,000,821 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ccebak
[2012/06/02 17:13:14 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004Core.job
[2012/06/02 11:13:39 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1000Core.job
[2012/05/28 18:07:30 | 000,000,762 | ---- | M] () -- C:\Windows\Edofma.INI
[2012/05/14 08:10:41 | 000,417,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/06 08:49:51 | 000,338,059 | ---- | C] () -- D:\Desktop\FSS.exe
[2012/06/05 18:25:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/05 18:22:08 | 000,284,651 | ---- | C] () -- C:\ProgramData\1338938297.bdinstall.bin
[2012/06/05 09:07:27 | 000,111,582 | ---- | C] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2012/06/04 22:09:10 | 001,012,656 | ---- | C] () -- D:\Desktop\rkill.exe
[2012/06/04 20:10:19 | 000,000,168 | ---- | C] () -- C:\Users\Joseph *REMOVED*\defogger_reenable
[2012/06/03 13:04:51 | 000,255,970 | ---- | C] () -- C:\ProgramData\1338745879.bdinstall.bin
[2012/06/03 12:56:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/03 11:13:33 | 000,000,000 | ---- | C] () -- C:\Users\Joseph *REMOVED*\copy
[2012/05/28 18:03:35 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2012/05/27 20:28:58 | 000,001,063 | ---- | C] () -- C:\Users\Joseph *REMOVED*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2012/04/24 18:42:42 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/03 19:36:44 | 000,187,228 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/12 00:28:06 | 000,000,600 | ---- | C] () -- C:\Users\Joseph *REMOVED*\AppData\Roaming\winscp.rnd
[2012/01/09 23:27:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/01/09 22:23:38 | 000,007,605 | ---- | C] () -- C:\Users\Joseph *REMOVED*\AppData\Local\Resmon.ResmonCfg
[2012/01/09 21:06:42 | 000,734,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 21:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 22:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: TDX.SYS >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Joseph\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Joseph\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Joseph\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Joseph\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\ShowIconsCommand: "C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\HideIconsCommand: "C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\ReinstallCommand: "C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\shell\open\command\\: "C:\Users\Joseph *REMOVED*\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/09 21:35:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/09 21:35:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/09 21:35:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/09 21:35:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/01/09 21:35:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JOSEPH\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JOSEPH\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JOSEPH\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JOSEPH\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\ShowIconsCommand: "C:\USERS\JOSEPH *REMOVED*\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\HideIconsCommand: "C:\USERS\JOSEPH *REMOVED*\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\InstallInfo\\ReinstallCommand: "C:\USERS\JOSEPH *REMOVED*\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Joseph *REMOVED*\shell\open\command\\: "C:\USERS\JOSEPH *REMOVED*\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/01/09 21:35:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/01/09 21:35:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/01/09 21:35:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/01/09 21:35:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/01/09 21:35:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

-----------------------------------------

OTL Extras logfile created on: 6/6/2012 8:52:48 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = D:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.94 Gb Available Physical Memory | 87.00% Memory free
15.94 Gb Paging File | 14.58 Gb Available in Paging File | 91.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 37.03 Gb Free Space | 49.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 380.48 Gb Free Space | 81.69% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 182.14 Gb Free Space | 78.21% Space Free | Partition Type: exFAT

Computer Name: JOSEPH-PC | User Name: Joseph *REMOVED* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Joseph *REMOVED*] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.48
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"DAEMON Tools Lite" = DAEMON Tools Lite
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"HandBrake" = HandBrake 0.9.5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Ship Simulator Extremes_is1" = Ship Simulator Extremes
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"winscp3_is1" = WinSCP 4.3.6
"XRECODE_is1" = XRECODE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2984130202-553733383-943653490-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

=========================================================

4) Computer status and behavior

As far as I can tell, the computer is behaving the same as mentioned in the original post. Google gets redirected on searches (or the page will not even load--only Google), until an anti-virus program quarantines what it believes to be infected files. I'm not sure if the two are related, but they do happen in conjunction with one another.

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 06 June 2012 - 10:24 AM

Hi Jemro!

Thank you for your reply, ST. I backed up all of my data to a removable hard drive yesterday because I feared that I might have to reformat the drive in order to solve this problem. However, let's try some of your steps before doing that.

Okay, lets see what we can do. :)

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKLM..\Run: [] File not found
    [2012/06/05 22:40:23 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wytqoddj.sys
    [2012/06/05 22:27:35 | 000,050,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\exittbqx.sys
    [2012/05/31 18:56:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/06/05 22:27:35 | 000,050,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\exittbqx.sys
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


Let me know how the above goes.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 06 June 2012 - 03:49 PM

1) OTL Log


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File move failed. C:\Windows\SysNative\drivers\wytqoddj.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\exittbqx.sys scheduled to be moved on reboot.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
File move failed. C:\Windows\SysNative\drivers\exittbqx.sys scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
D:\Desktop\cmd.bat deleted successfully.
D:\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Desktop\cmd.bat deleted successfully.
D:\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Joseph *REMOVED*
->Flash cache emptied: 2058 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Joseph *REMOVED*
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.1 log created on 06062012_153048

Files\Folders moved on Reboot...
File\Folder C:\Windows\SysNative\drivers\wytqoddj.sys not found!
File\Folder C:\Windows\SysNative\drivers\exittbqx.sys not found!

Registry entries deleted on Reboot...

2) ComboFix

I ran ComboFix with no error message; however, I could not find the log. I searched in the D and C drive. My desktop is saved on the D drive, so I searched it more thoroughly. The log is either saved in an obscure place or was not generated.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 07 June 2012 - 01:14 AM

Hi!

Can you check to see if it's located in your D drive named ComboFix.txt?

If it's not there, please go ahead and run a new scan with ComboFix, and post the log it produces.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 07 June 2012 - 07:47 AM

It is not there. I ran multiple scans trying to get the thing to produce a report. I ran a full search on both drives for anything called "ComboFix." The only thing that was found was the .exe file on the desktop. I also manually looked in every folder I could find on the D drive and in all folders on the C drive. I see no evidence of a log from ComboxFix.

Edited by Jemro, 07 June 2012 - 07:48 AM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 07 June 2012 - 08:00 AM

Okay.

Do you have access to a USB flash drive? I have a feeling you maybe infected with a new version of ZeroAccess.

Running FRST

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 07 June 2012 - 08:11 AM

Aren't I lucky to get the new and improved version of the evil virus? Anyway, ST, that worked and I was able to generate a log.

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 08:08:31
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6612072 2011-03-06] (Realtek Semiconductor)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe" [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe" [x]
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Joseph *NAME*\...\Run: [Google Update] "C:\Users\Joseph *NAME*\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-09] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-01-09] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 bsjjbqst; C:\Windows\System32\Drivers\bsjjbqst.sys [50000 2012-06-06] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-01-30] (DT Soft Ltd)
1 fyazkxup; C:\Windows\System32\Drivers\fyazkxup.sys [50000 2012-06-06] (Microsoft Corporation)
3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [32344 2009-11-17] (Creative Technology Ltd.)
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-07] (Marvell Semiconductor, Inc.)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation)
3 MSICDSetup; \??\D:\CDriver64.sys [x]
0 nmfmfx; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-07 08:08 - 2012-06-07 08:08 - 00000000 ____D C:\FRST
2012-06-06 18:09 - 2012-06-06 18:09 - 00002696 ____A C:\Users\Joseph *NAME*\AppData\Local\recently-used.xbel
2012-06-06 16:15 - 2012-06-06 16:15 - 00000000 ____D C:\Users\Joseph *NAME*\.thumbnails
2012-06-06 15:52 - 2012-06-06 18:10 - 00000000 ____D C:\Users\Joseph *NAME*\.gimp-2.8
2012-06-06 15:52 - 2012-06-06 15:52 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Local\gegl-0.2
2012-06-06 15:52 - 2012-06-06 15:52 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Local\fontconfig
2012-06-06 15:43 - 2012-06-06 15:43 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fyazkxup.sys
2012-06-06 15:43 - 2012-06-06 15:43 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsjjbqst.sys
2012-06-06 15:21 - 2012-06-06 15:28 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\TeamViewer
2012-06-06 15:15 - 2012-06-06 15:15 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-06-06 15:15 - 2012-06-06 15:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-06-06 14:56 - 2012-06-06 14:56 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-06 12:59 - 2012-06-06 12:59 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 12:40 - 2012-06-06 12:50 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 05:43 - 2012-06-06 05:46 - 00247212 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_08.43.43_log.txt
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-05 15:25 - 2012-06-05 15:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-05 15:22 - 2012-06-05 15:22 - 00284651 ____A C:\Users\All Users\1338938297.bdinstall.bin
2012-06-05 06:07 - 2012-06-05 06:07 - 00111582 ____A C:\Users\Public\Desktop\bdsyslog.zip
2012-06-04 19:12 - 2012-06-04 19:12 - 00000361 ____A C:\rkill.log
2012-06-04 17:10 - 2012-06-04 17:10 - 00000168 ____A C:\Users\Joseph *NAME*\defogger_reenable
2012-06-03 10:45 - 2012-06-05 15:18 - 00009072 ____A C:\bdlog.txt
2012-06-03 10:04 - 2012-06-03 10:04 - 00255970 ____A C:\Users\All Users\1338745879.bdinstall.bin
2012-06-03 09:56 - 2012-06-05 13:35 - 00000376 ____A C:\Users\Joseph *NAME*\AppData\Roamingprivacy.xml
2012-06-03 09:56 - 2012-06-04 13:32 - 00000000 ____D C:\Users\All Users\BDLogging
2012-06-03 09:56 - 2012-06-03 09:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-06-03 09:52 - 2012-06-03 09:52 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\QuickScan
2012-06-03 09:22 - 2012-06-03 09:22 - 00000000 ____D C:\Users\All Users\ESET
2012-06-03 09:22 - 2012-06-03 09:22 - 00000000 ____D C:\Program Files\ESET
2012-06-03 08:58 - 2012-06-03 08:58 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-06-03 08:26 - 2012-06-04 19:13 - 00506494 ____A C:\Windows\ntbtlog.txt
2012-06-03 08:20 - 2012-06-07 05:05 - 00428927 ____A C:\Windows\WindowsUpdate.log
2012-06-03 08:18 - 2012-06-06 15:42 - 00018284 ____A C:\Windows\PFRO.log
2012-06-03 08:18 - 2012-06-06 15:42 - 00001531 ____A C:\Windows\setupact.log
2012-06-03 08:18 - 2012-06-03 08:18 - 00000000 ____A C:\Windows\setuperr.log
2012-06-03 08:13 - 2012-06-03 08:13 - 00000000 ____A C:\Users\Joseph *NAME*\copy
2012-06-03 07:06 - 2012-06-03 07:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-03 07:06 - 2012-06-03 07:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-03 07:06 - 2012-06-03 07:06 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-03 07:06 - 2012-06-03 07:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-03 07:06 - 2012-04-04 15:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-03 07:06 - 2012-04-04 15:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-03 06:33 - 2012-06-03 06:33 - 00000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-05-31 18:08 - 2012-06-03 06:08 - 00000000 ____D C:\CCE_Quarantine
2012-05-28 15:07 - 2003-04-18 15:29 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2012-05-28 15:03 - 2012-05-28 15:07 - 00000762 ____A C:\Windows\Edofma.INI
2012-05-28 10:52 - 2012-05-28 10:52 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-27 17:28 - 2012-05-27 17:28 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\GameRanger
2012-05-27 16:24 - 2012-05-27 16:24 - 00000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\Microsoft Games
2012-05-27 16:08 - 2012-05-27 16:08 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-05-14 04:35 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-14 04:35 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-14 04:35 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-14 04:35 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 04:35 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-14 04:35 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-14 04:35 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-14 04:34 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

============ 3 Months Modified Files and Folders =============

2012-06-07 05:05 - 2012-06-03 08:20 - 0428927 ____A C:\Windows\WindowsUpdate.log
2012-06-07 05:05 - 2012-01-09 20:18 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\BitTorrent
2012-06-07 05:05 - 2009-07-13 21:13 - 0721264 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 05:04 - 2012-01-10 07:59 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1000UA.job
2012-06-07 05:03 - 2012-04-03 06:36 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-07 04:42 - 2012-01-09 19:12 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004UA.job
2012-06-06 18:10 - 2012-06-06 15:52 - 0000000 ____D C:\Users\Joseph *NAME*\.gimp-2.8
2012-06-06 18:09 - 2012-06-06 18:09 - 0002696 ____A C:\Users\Joseph *NAME*\AppData\Local\recently-used.xbel
2012-06-06 16:15 - 2012-06-06 16:15 - 0000000 ____D C:\Users\Joseph *NAME*\.thumbnails
2012-06-06 16:15 - 2012-01-09 18:58 - 0000000 ____D C:\users\Joseph *NAME*
2012-06-06 15:52 - 2012-06-06 15:52 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Local\gegl-0.2
2012-06-06 15:52 - 2012-06-06 15:52 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Local\fontconfig
2012-06-06 15:49 - 2009-07-13 20:45 - 0020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-06 15:49 - 2009-07-13 20:45 - 0020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-06 15:43 - 2012-06-06 15:43 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fyazkxup.sys
2012-06-06 15:43 - 2012-06-06 15:43 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsjjbqst.sys
2012-06-06 15:42 - 2012-06-03 08:18 - 0018284 ____A C:\Windows\PFRO.log
2012-06-06 15:42 - 2012-06-03 08:18 - 0001531 ____A C:\Windows\setupact.log
2012-06-06 15:42 - 2012-01-10 09:24 - 2124951552 __ASH C:\hiberfil.sys
2012-06-06 15:42 - 2012-01-09 18:09 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-06-06 15:42 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-06 15:42 - 2009-07-13 20:45 - 0417920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-06 15:28 - 2012-06-06 15:21 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\TeamViewer
2012-06-06 15:15 - 2012-06-06 15:15 - 0001162 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-06-06 15:15 - 2012-06-06 15:15 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-06-06 14:56 - 2012-06-06 14:56 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-06-06 14:54 - 2012-01-09 18:58 - 0109624 ____A C:\Users\Joseph *NAME*\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-06 13:06 - 2012-01-09 19:12 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004Core.job
2012-06-06 12:59 - 2012-06-06 12:59 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 12:50 - 2012-06-06 12:40 - 0000000 ___SD C:\32788R22FWJFW
2012-06-06 12:50 - 2009-07-13 21:08 - 0032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 12:35 - 2009-07-13 18:34 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2012-06-06 12:25 - 2012-01-10 07:59 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1000Core.job
2012-06-06 05:46 - 2012-06-06 05:43 - 0247212 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_08.43.43_log.txt
2012-06-05 15:26 - 2012-01-09 18:06 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-05 15:25 - 2012-06-05 15:25 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-05 15:25 - 2012-06-05 15:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-05 15:25 - 2012-01-09 18:06 - 0734642 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-05 15:22 - 2012-06-05 15:22 - 0284651 ____A C:\Users\All Users\1338938297.bdinstall.bin
2012-06-05 15:18 - 2012-06-03 10:45 - 0009072 ____A C:\bdlog.txt
2012-06-05 13:35 - 2012-06-03 09:56 - 0000376 ____A C:\Users\Joseph *NAME*\AppData\Roamingprivacy.xml
2012-06-05 06:07 - 2012-06-05 06:07 - 0111582 ____A C:\Users\Public\Desktop\bdsyslog.zip
2012-06-04 19:13 - 2012-06-03 08:26 - 0506494 ____A C:\Windows\ntbtlog.txt
2012-06-04 19:12 - 2012-06-04 19:12 - 0000361 ____A C:\rkill.log
2012-06-04 17:10 - 2012-06-04 17:10 - 0000168 ____A C:\Users\Joseph *NAME*\defogger_reenable
2012-06-04 13:32 - 2012-06-03 09:56 - 0000000 ____D C:\Users\All Users\BDLogging
2012-06-04 13:03 - 2012-01-11 21:01 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-04 12:36 - 2012-01-11 21:28 - 0000600 ____A C:\Users\Joseph *NAME*\AppData\Roaming\winscp.rnd
2012-06-03 11:19 - 2012-01-30 14:15 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\DAEMON Tools Lite
2012-06-03 11:12 - 2012-01-10 11:59 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Local\ElevatedDiagnostics
2012-06-03 11:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-06-03 10:04 - 2012-06-03 10:04 - 0255970 ____A C:\Users\All Users\1338745879.bdinstall.bin
2012-06-03 09:56 - 2012-06-03 09:56 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-06-03 09:53 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-03 09:52 - 2012-06-03 09:52 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\QuickScan
2012-06-03 09:22 - 2012-06-03 09:22 - 0000000 ____D C:\Users\All Users\ESET
2012-06-03 09:22 - 2012-06-03 09:22 - 0000000 ____D C:\Program Files\ESET
2012-06-03 08:58 - 2012-06-03 08:58 - 0000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-06-03 08:18 - 2012-06-03 08:18 - 0000000 ____A C:\Windows\setuperr.log
2012-06-03 08:13 - 2012-06-03 08:13 - 0000000 ____A C:\Users\Joseph *NAME*\copy
2012-06-03 07:06 - 2012-06-03 07:06 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-03 07:06 - 2012-06-03 07:06 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-03 07:06 - 2012-06-03 07:06 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-06-03 07:06 - 2012-06-03 07:06 - 0000000 ____D C:\Program Files (x86)\Java
2012-06-03 07:06 - 2012-01-09 18:58 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\LocalLow
2012-06-03 06:33 - 2012-06-03 06:33 - 0000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-06-03 06:31 - 2012-03-18 07:50 - 0000000 ____D C:\Windows\Minidump
2012-06-03 06:08 - 2012-05-31 18:08 - 0000000 ____D C:\CCE_Quarantine
2012-05-28 15:07 - 2012-05-28 15:03 - 0000762 ____A C:\Windows\Edofma.INI
2012-05-28 10:52 - 2012-05-28 10:52 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-27 17:28 - 2012-05-27 17:28 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\GameRanger
2012-05-27 16:24 - 2012-05-27 16:24 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\Microsoft Games
2012-05-27 16:09 - 2012-01-15 16:49 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\WinRAR
2012-05-27 16:08 - 2012-05-27 16:08 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-14 04:54 - 2012-01-09 20:23 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-14 04:54 - 2012-01-09 18:24 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-14 04:54 - 2012-01-09 18:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 04:53 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-14 04:29 - 2012-01-09 18:04 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-05-04 21:21 - 2012-05-04 21:17 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\Quest3D
2012-05-04 17:58 - 2012-04-23 14:58 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 17:58 - 2012-04-03 06:36 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 17:58 - 2012-01-25 06:57 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-24 15:42 - 2012-04-24 15:42 - 0000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2012-04-24 15:42 - 2012-04-24 15:42 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-04-24 15:42 - 2012-01-10 07:46 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-19 18:12 - 2012-04-19 18:12 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_mvusbews_01007.Wdf
2012-04-08 08:42 - 2012-04-08 08:41 - 0000000 ____D C:\Program Files\iTunes
2012-04-08 08:41 - 2012-04-08 08:41 - 0000000 ____D C:\Program Files\iPod
2012-04-04 15:47 - 2012-06-03 07:06 - 0772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 15:47 - 2012-06-03 07:06 - 0227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 15:47 - 2012-01-15 12:27 - 0687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-02 12:10 - 2012-04-02 12:08 - 0000000 ____D C:\Users\Joseph *NAME*\AppData\Roaming\Trillian
2012-03-30 22:05 - 2012-05-14 04:35 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-14 04:35 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-14 04:35 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-14 04:35 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-14 04:34 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-18 07:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-03-16 23:58 - 2012-05-14 04:35 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\00000004.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\1afb2d56
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\201d3dde
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000004.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000008.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\000000cb.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000000.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000032.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8163.34 MB
Available physical RAM: 7364.89 MB
Total Pagefile: 8161.54 MB
Available Pagefile: 7358.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.43 GB) (Free:38.9 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:378.92 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:3.82 GB) (Free:2.59 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B
Disk 1 Online 465 GB 0 B
Disk 2 Online 3920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 74 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 74 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3919 MB 344 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT32 Removable 3919 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-31 10:09

======================= End Of Log ==========================

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 07 June 2012 - 08:21 AM

Hi Jemro!

Aren't I lucky to get the new and improved version of the evil virus? Anyway, ST, that worked and I was able to generate a log.

Yes, this new variant can be a pain to remove.

Run this fix below, followed by attempting to run ComboFix again.

Lets see how that goes.

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
1 bsjjbqst; C:\Windows\System32\Drivers\bsjjbqst.sys [50000 2012-06-06] (Microsoft Corporation)
1 fyazkxup; C:\Windows\System32\Drivers\fyazkxup.sys [50000 2012-06-06] (Microsoft Corporation)
3 MSICDSetup; \??\D:\CDriver64.sys [x]
0 nmfmfx; [x]
2012-06-06 15:43 - 2012-06-06 15:43 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fyazkxup.sys
2012-06-06 15:43 - 2012-06-06 15:43 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsjjbqst.sys
2012-06-06 12:59 - 2012-06-06 12:59 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 15:43 - 2012-06-06 15:43 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fyazkxup.sys
2012-06-06 15:43 - 2012-06-06 15:43 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsjjbqst.sys
2012-06-06 12:59 - 2012-06-06 12:59 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\00000004.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\1afb2d56
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\201d3dde
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000004.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000008.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\000000cb.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000000.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000032.@
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000064.@

end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 07 June 2012 - 08:40 AM

Good news! I was able to run the fix. ComboFix ran and generated a log (I see now that it was not fully running before), and at least I can use Google again. The quarantine was no longer working.

1) ComboFix

ComboFix 12-06-06.02 - Joseph *NAME* 06/07/2012 8:33:19.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8163.6886 [GMT -5:00]
Running from: D:\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\1338745879.bdinstall.bin
C:\ProgramData\1338938297.bdinstall.bin
C:\Users\Joseph *NAME*\AppData\Roaming\Roaming
C:\Users\Joseph *NAME*\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\XSxS


((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))


2012-06-07 16:08:22 . 2012-06-07 16:08:42 -------- d-----w- C:\FRST
2012-06-07 13:36:35 . 2012-06-07 13:36:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC40E4FD-3520-424A-90CC-368F44287266}\offreg.dll
2012-06-07 00:15:18 . 2012-06-07 00:15:18 -------- d-----w- C:\Users\Joseph *NAME*\.thumbnails
2012-06-06 23:53:27 . 2012-05-08 15:02:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC40E4FD-3520-424A-90CC-368F44287266}\mpengine.dll
2012-06-06 23:52:41 . 2012-06-07 02:10:37 -------- d-----w- C:\Users\Joseph *NAME*\.gimp-2.8
2012-06-06 23:52:41 . 2012-06-06 23:52:41 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Local\gegl-0.2
2012-06-06 23:52:41 . 2012-06-06 23:52:41 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Local\fontconfig
2012-06-06 23:21:09 . 2012-06-06 23:28:02 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Roaming\TeamViewer
2012-06-06 23:15:47 . 2012-06-06 23:15:47 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-06-06 22:56:14 . 2012-06-06 22:56:14 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-06 20:52:17 . 2012-05-08 15:02:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 23:26:23 . 2012-06-05 23:26:20 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DA83DC8-EFE4-4086-B17D-E2165119C6CC}\gapaengine.dll
2012-06-05 23:25:10 . 2012-06-05 23:25:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-05 23:25:08 . 2012-06-05 23:25:12 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-03 17:56:26 . 2012-06-04 21:32:20 -------- d-----w- C:\ProgramData\BDLogging
2012-06-03 17:52:26 . 2012-06-03 17:52:26 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Roaming\QuickScan
2012-06-03 17:22:59 . 2012-06-03 17:22:59 -------- d-----w- C:\Program Files\ESET
2012-06-03 16:58:35 . 2012-06-03 16:58:35 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-06-03 15:06:28 . 2012-06-03 15:06:28 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-06-03 15:06:19 . 2012-06-03 15:06:19 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-03 15:06:13 . 2012-04-04 23:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-03 15:06:08 . 2012-06-03 15:06:08 -------- d-----w- C:\Program Files (x86)\Java
2012-06-01 02:08:30 . 2012-06-03 14:08:47 -------- d-----w- C:\CCE_Quarantine
2012-05-28 23:07:30 . 2003-04-18 23:29:26 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-05-28 18:52:28 . 2012-05-28 18:52:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-28 01:28:54 . 2012-05-28 01:28:58 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Roaming\GameRanger
2012-05-28 00:24:28 . 2012-05-28 00:24:28 -------- d-----w- C:\Users\Joseph *NAME*\AppData\Roaming\Microsoft Games
2012-05-14 12:35:34 . 2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-14 12:35:34 . 2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-14 12:35:33 . 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-14 12:35:33 . 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-14 12:35:33 . 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-14 12:35:33 . 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\system32\win32k.sys
2012-05-14 12:35:03 . 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-14 12:34:43 . 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-14 12:34:42 . 2012-03-31 05:42:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-14 12:34:42 . 2012-03-31 05:40:32 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-14 12:34:42 . 2012-03-31 05:40:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 12:34:42 . 2012-03-31 05:40:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-14 12:34:42 . 2012-03-31 04:29:48 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 01:58:22 . 2012-04-03 14:36:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:58:22 . 2012-01-25 14:57:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:58:10 . 2012-04-23 22:58:05 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 23:47:02 . 2012-01-15 20:27:00 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-21 01:44:12 . 2012-03-21 01:44:12 98688 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 . 2012-03-21 01:44:12 203888 ----a-w- C:\Windows\system32\drivers\MpFilter.sys


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2009-07-14 01:39:37 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 01:39:37 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\services.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"BCSSync"="D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 23:22:24 91520]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Adobe Acrobat Speed Launcher"="D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe" [2012-04-04 05:53:56 36760]
"Acrobat Assistant 8.0"="D:\Program Files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe" [2012-04-04 05:53:56 815512]
"iTunesHelper"="D:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 10:09:24 421736]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 16:07:54 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 12:01:00 2214504]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 01:58:23 257696]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 23:49:56 291696]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:34:24 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 21:33:22 378472]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 11:38:47 2666880]
S3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-06-07 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:36:30 . 2012-05-05 01:58:23]

2012-06-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004Core.job
- C:\Users\Joseph *NAME*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 03:12:43 . 2012-01-10 03:12:37]

2012-06-07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004UA.job
- C:\Users\Joseph *NAME*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 03:12:43 . 2012-01-10 03:12:37]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-07 05:44:40 6612072]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 22:40:58 1873256]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 21:59:06 2417032]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-26 23:54:34 1271168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FRST

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 2012-06-07 08:30:48 Run:1
Running from G:\

==============================================

bsjjbqst service not found.
fyazkxup service not found.
MSICDSetup service deleted successfully.
nmfmfx service deleted successfully.
C:\Windows\System32\Drivers\fyazkxup.sys not found.
C:\Windows\System32\Drivers\bsjjbqst.sys not found.
C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Windows\System32\Drivers\fyazkxup.sys not found.
C:\Windows\System32\Drivers\bsjjbqst.sys not found.
C:\Windows\SysWOW64\%APPDATA% not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e} moved successfully.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\00000004.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\1afb2d56 not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\L\201d3dde not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000004.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\00000008.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\000000cb.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000000.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000032.@ not found.
C:\Windows\Installer\{babfcd41-1151-5804-b1fd-f31a4929b80e}\U\80000064.@ not found.

==== End of Fixlog ====

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 07 June 2012 - 08:51 AM

Great!

I'm so glad to hear that!!

Give this script a whirl for me.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
C:\Users\Joseph *NAME*\AppData\Roaming\QuickScan
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\system32\services.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Jemro

Jemro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 07 June 2012 - 09:09 AM

Here is the log. I did not encounter any problems.


ComboFix 12-06-06.02 - Joseph *NAME* 06/07/2012 9:04.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8163.7182 [GMT -5:00]
Running from: d:\desktop\ComboFix.exe
Command switches used :: d:\desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\1338745879.bdinstall.bin
c:\programdata\1338938297.bdinstall.bin
c:\users\Joseph *NAME*\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-07 16:08 . 2012-06-07 16:08 -------- d-----w- C:\FRST
2012-06-07 14:06 . 2012-06-07 14:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-07 14:06 . 2012-06-07 14:06 -------- d-----w- c:\users\Joseph *NAME*\AppData\Local\temp
2012-06-07 14:06 . 2012-06-07 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 00:15 . 2012-06-07 00:15 -------- d-----w- c:\users\Joseph *NAME*\.thumbnails
2012-06-06 23:53 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC40E4FD-3520-424A-90CC-368F44287266}\mpengine.dll
2012-06-06 23:52 . 2012-06-07 02:10 -------- d-----w- c:\users\Joseph *NAME*\.gimp-2.8
2012-06-06 23:52 . 2012-06-06 23:52 -------- d-----w- c:\users\Joseph *NAME*\AppData\Local\gegl-0.2
2012-06-06 23:52 . 2012-06-06 23:52 -------- d-----w- c:\users\Joseph *NAME*\AppData\Local\fontconfig
2012-06-06 23:21 . 2012-06-06 23:28 -------- d-----w- c:\users\Joseph *NAME*\AppData\Roaming\TeamViewer
2012-06-06 23:15 . 2012-06-06 23:15 -------- d-----w- c:\program files (x86)\TeamViewer
2012-06-06 22:56 . 2012-06-06 22:56 -------- d-----w- c:\programdata\Tarma Installer
2012-06-06 20:52 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 23:26 . 2012-06-05 23:26 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA83DC8-EFE4-4086-B17D-E2165119C6CC}\gapaengine.dll
2012-06-05 23:25 . 2012-06-05 23:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-05 23:25 . 2012-06-05 23:25 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-03 17:56 . 2012-06-04 21:32 -------- d-----w- c:\programdata\BDLogging
2012-06-03 17:52 . 2012-06-03 17:52 -------- d-----w- c:\users\Joseph *NAME*\AppData\Roaming\QuickScan
2012-06-03 17:22 . 2012-06-03 17:22 -------- d-----w- c:\program files\ESET
2012-06-03 16:58 . 2012-06-03 16:58 -------- d-----w- c:\program files (x86)\Windows Resource Kits
2012-06-03 15:06 . 2012-06-03 15:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-03 15:06 . 2012-06-03 15:06 -------- d-----w- c:\program files (x86)\Oracle
2012-06-03 15:06 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-03 15:06 . 2012-06-03 15:06 -------- d-----w- c:\program files (x86)\Java
2012-06-01 02:08 . 2012-06-03 14:08 -------- d-----w- C:\CCE_Quarantine
2012-05-28 23:07 . 2003-04-18 23:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-05-28 18:52 . 2012-05-28 18:52 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-28 01:28 . 2012-05-28 01:28 -------- d-----w- c:\users\Joseph *NAME*\AppData\Roaming\GameRanger
2012-05-28 00:24 . 2012-05-28 00:24 -------- d-----w- c:\users\Joseph *NAME*\AppData\Roaming\Microsoft Games
2012-05-14 12:35 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 12:35 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-14 12:35 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 12:35 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-14 12:35 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-14 12:35 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-14 12:35 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 12:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 12:34 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-14 12:34 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-14 12:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 12:34 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-14 12:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 01:58 . 2012-04-03 14:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:58 . 2012-01-25 14:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:58 . 2012-04-23 22:58 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 23:47 . 2012-01-15 20:27 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Joseph *NAME*\AppData\Roaming\QuickScan ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-07_13.36.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-07 13:38 38492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-07 13:38 35528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-10 03:05 . 2012-06-07 13:38 8276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2984130202-553733383-943653490-1004_UserData.bin
- 2012-01-10 03:05 . 2012-06-07 13:11 8276 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2984130202-553733383-943653490-1004_UserData.bin
+ 2012-06-07 14:06 . 2012-06-07 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-07 13:36 . 2012-06-07 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-10 04:53 . 2012-06-07 14:02 307950 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-06-07 13:35 387472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-07 14:06 387472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat\Acrobat\Acrotray.exe" [2012-04-04 815512]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:58]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004Core.job
- c:\users\Joseph *NAME*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 03:12]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2984130202-553733383-943653490-1004UA.job
- c:\users\Joseph *NAME*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 03:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-07 6612072]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-07 09:07:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 14:07
.
Pre-Run: 41,927,413,760 bytes free
Post-Run: 41,882,181,632 bytes free
.
- - End Of File - - 844431E85582FF3F29FEC681F9904AE7

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:23 PM

Posted 07 June 2012 - 09:11 AM

Hi!

Great!

That log file looks good!


Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.61.0.4000) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users