Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search redirect me to other websites


  • This topic is locked This topic is locked
20 replies to this topic

#1 SilentScope001

SilentScope001

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 12:29 AM

When clicking on random links in Google search, I get taken to different pages entirely. Going back and clicking on the link again takes me to the correct page, but I suspect that a malware is responsible. Scanning using Malwarebytes got me nothing and the problem continues, so I went here. Bleeping Computer has helped solved numerous problems before, and it should help me out here for this problem as well.

A note though: It appears that the default Windows firewall does not function on my computer, so I do not currently have a firewall and thus cannot turn one on. Other than that, I have followed all other preliminary instructions.
===
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Tariq Ali at 23:22:55 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.701 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\Explorer.EXE
C:\Program Files\Soluto\soluto.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Soluto\SolutoService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Salaat Time\SalaatTime.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [SalaatTime] C:\Program Files (x86)\Salaat Time\SalaatTime.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Apple Computer] rundll32.exe "C:\Users\Tariq Ali\AppData\Local\Apps\Apple Computer\rxzrzgfy.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
StartupFolder: C:\Users\TARIQA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
StartupFolder: C:\Users\TARIQA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{35AF1852-069D-44ED-9A4A-F0536F4570E0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5A14AF5-69BB-44E9-A393-8E65E3FF2145} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5A14AF5-69BB-44E9-A393-8E65E3FF2145}\145747F6C4F646765602D4F64756C6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5A14AF5-69BB-44E9-A393-8E65E3FF2145}\46C696E6B6D213 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tariq Ali\AppData\Roaming\Mozilla\Firefox\Profiles\m6twpxns.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61232
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Tariq Ali\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;C:\windows\system32\DRIVERS\Soluto.sys --> C:\windows\system32\DRIVERS\Soluto.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 ssmirrdr;ssmirrdr;C:\windows\system32\DRIVERS\ssmirrdr.sys --> C:\windows\system32\DRIVERS\ssmirrdr.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-06-17 03:08:28 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F63376CE-E7FA-48D5-8AC0-3628F67B206E}
2012-06-16 15:08:04 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{41D1B80F-8697-47E4-A88F-C791ED5CEB59}
2012-06-16 03:07:35 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{49A7BB86-9E7E-4927-B5E0-223B6DF87362}
2012-06-15 23:52:18 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\Unity
2012-06-15 15:07:24 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{2261E20B-0A7E-4296-A2DD-8DDB3CCB54BD}
2012-06-15 02:02:23 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{D7B711B2-A1DE-4BB4-9AB4-81BBF8423823}
2012-06-14 13:58:18 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F87CEE6B-37B9-45D9-8FF2-3E1490D37603}
2012-06-14 13:58:08 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{A2388118-6E72-4802-BFFC-D71A1DE5F6F5}
2012-06-14 01:57:41 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{04D0C464-B1BF-4640-A080-EA4CA1162221}
2012-06-14 01:57:30 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{19314C55-A189-4116-B44A-CC1FE6AD520D}
2012-06-13 13:56:40 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{A3719D6D-150F-435C-A178-03EA70813943}
2012-06-13 13:56:26 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{23C17207-C060-402C-BBAC-5007A378A6BE}
2012-06-12 22:48:00 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-12 22:48:00 76288 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-12 22:48:00 208896 ----a-w- C:\windows\System32\profsvc.dll
2012-06-12 22:48:00 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-12 22:37:15 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{0AB9BC31-0170-4396-9FCC-054B32152744}
2012-06-12 22:36:57 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{DB38416E-CE5E-4A89-9398-071EDB5D1CE9}
2012-06-12 03:45:39 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{E0880A18-6AF0-4C5E-81E5-545153B97C06}
2012-06-12 03:45:28 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{EF63AF30-AB08-4965-BE3D-3CD7DCF890AF}
2012-06-11 15:45:11 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{031A981D-38D0-4B51-AE19-1B18FFF4C191}
2012-06-11 15:44:59 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{D857ABE4-52BE-43EA-B23A-925411EC481C}
2012-06-11 02:02:13 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{835BCD04-5227-41B5-B6C4-8956E72417E7}
2012-06-11 02:01:49 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{14C521FE-4EBA-46E5-B23F-A9F721B9E965}
2012-06-10 13:45:50 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{1FB0FE36-5BFE-4810-AFE9-AD5E323DABFC}
2012-06-10 13:45:38 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{5225A362-8E0B-46D3-8D07-108424F5A269}
2012-06-10 00:55:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-10 00:55:10 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-10 00:55:10 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-09 17:03:06 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{B16402D0-85D7-46D1-A541-7443EF5213E7}
2012-06-09 17:02:56 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{0C780855-0F2D-4445-B228-51F25C80D975}
2012-06-09 05:02:09 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F2A7EC86-E862-4309-9587-F185C39AE79C}
2012-06-09 05:01:51 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{B60CC19C-07EC-495C-82EF-DC6A8231720C}
2012-06-08 22:38:30 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-06-08 14:31:37 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{AB9ABA1B-3C34-43CB-AAE3-619C41A597DD}
2012-06-08 14:31:27 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{3E82E743-48C7-4984-B6C8-428BE836EC6F}
2012-06-08 02:13:53 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{601D9FD5-BABA-4BB9-A341-C3A6378E098E}
2012-06-08 02:13:41 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{32DAE68A-4244-420B-BE7B-B69A6E4F7920}
2012-06-07 14:13:21 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{11A73749-61B0-4205-9C9A-A356A1439953}
2012-06-07 14:13:09 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{42EF2618-CC12-4C57-A4FC-E1D4CC2E66D0}
2012-06-06 15:20:14 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{AAD37D38-60B3-465F-9AF7-52D1468CA955}
2012-06-06 15:20:03 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{144227B7-6E3B-49FD-892C-F16615A5491F}
2012-06-06 03:19:36 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{52EB2055-2D19-483C-B797-61DA6167D448}
2012-06-06 03:19:26 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F8DC3BAA-089F-44CB-8149-640AC71D365F}
2012-06-05 15:18:51 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{4C411C5A-04C7-409F-B32B-B1940D665EA6}
2012-06-05 15:18:40 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{16C5ABAD-1152-4930-899E-DBF52E3BC5EE}
2012-06-05 01:02:14 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{017D6E85-5402-4686-807B-E1DD75428B86}
2012-06-05 01:01:59 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{12419E09-13E0-4B26-83C0-3D465F2FD93A}
2012-06-04 10:23:37 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{519716B5-2E2E-44FA-9A09-07D829B1096D}
2012-06-04 10:23:25 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{A773A102-68A6-4AC6-85F3-EC15A9FB2FEE}
2012-06-03 17:36:08 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{07CE7636-91E6-49BB-B666-AE754B40493B}
2012-06-03 17:35:57 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{B9A7DAA4-466A-44DC-A5D3-DC86505A34FE}
2012-06-03 03:29:59 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{3DC5AC0D-6747-47D6-ABD7-252F7503CB19}
2012-06-03 03:29:48 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{02B2CC88-5DD9-4EF1-8551-1CDC0172105D}
2012-06-02 14:59:23 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{2878AD3F-D41D-4A05-954D-7645954EC335}
2012-06-02 14:59:13 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{28696C7A-C41B-415F-A509-FB1BADAC7BC8}
2012-06-02 02:58:46 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{36EC8000-7AF9-421B-BDB6-D2427D934E40}
2012-06-02 02:58:36 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F097697F-2F80-47E0-95F3-981410F73BE4}
2012-06-01 14:57:43 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{C2316026-49E0-4445-9AFD-FF2B571AEE2F}
2012-06-01 14:56:55 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{FC1CC93F-88B8-435B-9DAA-60D3D00AA921}
2012-06-01 02:14:52 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{7C8B2363-156D-4C22-A989-3F4BFF67E908}
2012-06-01 02:14:41 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{9FC01A1A-BB6C-42E1-B055-F746D6A35FAD}
2012-05-31 14:10:31 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{78902915-09AD-465C-9CEE-0AD4708097D0}
2012-05-31 14:10:18 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{CE7F9806-35FE-45B9-8AC1-17C376E90AA0}
2012-05-30 20:11:05 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{C3FD8C46-FC94-4D87-82C4-121BBFAA0536}
2012-05-30 20:10:52 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{15F4AE87-39AE-434A-B922-DF3946420CA4}
2012-05-30 03:42:14 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{2B6F0025-C40B-44FE-B01A-869968038C61}
2012-05-30 03:42:03 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{7B64FD38-3802-4498-9127-1AE21AF83AAB}
2012-05-29 15:41:37 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{5D44D72F-7DFB-4DDF-98E1-C4B8254BCC46}
2012-05-29 15:41:26 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{0B25C21D-0EAF-4F54-8194-1268D4A6B2CC}
2012-05-29 03:41:00 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{E59C9514-A620-4D19-ADFA-C3F1F7D3E622}
2012-05-29 03:40:38 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{7F02579C-CD18-48BE-A219-210FDB44911E}
2012-05-28 15:39:59 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{C26B971D-8756-48CC-8F32-8E0249B542E5}
2012-05-28 15:39:46 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{F9BDC1F8-4A00-435D-BA19-BC136EB8B67C}
2012-05-28 01:07:55 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{EB29288E-BF1B-48BE-BB51-CF777BC203DF}
2012-05-28 01:07:42 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{AFE93298-95AF-4F44-BF7B-8D67F6004980}
2012-05-25 15:53:03 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{EEE17220-AC11-4492-AABF-A5B661719363}
2012-05-25 15:52:41 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{69D18CA4-2AAA-4697-8504-831A46A41B51}
2012-05-25 03:51:57 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{0E1A5422-D6FD-4499-B77C-C3C36CE48FDB}
2012-05-25 03:51:46 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{EC6250F2-5726-4842-A472-929AC1C7FC77}
2012-05-24 13:55:36 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{750F7C82-80D0-4DBA-864F-5986ADA2BF04}
2012-05-24 13:55:10 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{BCB54C99-82B1-4726-8CC8-B99A9AEC40C0}
2012-05-23 15:09:17 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{82C804BD-7C7B-4EAD-A532-D80B44F9F67F}
2012-05-23 15:08:54 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{37846AC8-B485-451A-A26D-BEA696BFE40E}
2012-05-23 03:08:18 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{63CF7402-B1B3-45A1-AC3F-614A0A03B5A5}
2012-05-23 03:08:08 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{9CD27BE2-8933-43DA-8F0D-63FE1B6C97EA}
2012-05-22 19:12:25 -------- d--h--w- C:\windows\msdownld.tmp
2012-05-22 19:12:13 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2012-05-22 19:12:13 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2012-05-22 19:12:13 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2012-05-22 19:12:13 1863680 ----a-w- C:\windows\System32\ExplorerFrame.dll
2012-05-22 19:12:13 1495040 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2012-05-22 19:12:13 144384 ----a-w- C:\windows\System32\cdd.dll
2012-05-22 19:12:13 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2012-05-22 19:12:13 1133568 ----a-w- C:\windows\System32\FntCache.dll
2012-05-22 18:05:25 -------- d-----w- C:\Users\Tariq Ali\Quran
2012-05-22 15:07:24 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{2F482C55-C5C5-4989-A462-85064E6410F4}
2012-05-22 15:06:57 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{B0171C46-EE54-4120-99F4-D6ABF8ACF968}
2012-05-22 05:08:54 0 ----a-w- C:\windows\SysWow64\shoD15B.tmp
2012-05-22 02:09:20 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{85118A19-F21B-45BC-8C1D-0D828E58CFD0}
2012-05-22 02:08:58 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{206C1D27-D395-41FD-9315-CC9D0348DF77}
2012-05-21 14:08:18 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{00BF890A-44E1-45A0-B7DD-AEB0AE8D3107}
2012-05-21 14:07:55 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{C21D6FD9-288F-47B0-B488-3B6341B3FF3E}
2012-05-21 02:07:23 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{07153F3C-F4DE-4544-BB5B-21ACD1E45953}
2012-05-21 02:07:01 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{C9950E1C-FD9C-43E1-BCCB-B4BA088A263C}
2012-05-20 14:06:03 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{27D852F4-FF19-46A5-B0EB-B227B4440950}
2012-05-20 14:05:54 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{A9950BBC-800B-4966-AFFA-EEC6122A6D41}
2012-05-20 01:18:21 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{06E44522-6D08-4C88-9C64-4044C691C42E}
2012-05-20 01:17:59 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{1FBE75B9-7C05-40AA-86B7-76EFEAE371FF}
2012-05-19 20:22:40 73728 ------w- C:\windows\SysWow64\BRCrypt.dll
2012-05-19 20:22:17 118784 ------w- C:\windows\SysWow64\BrMfNt.dll
2012-05-19 20:22:17 106496 ------w- C:\windows\SysWow64\BrMuSNMP.dll
2012-05-19 20:22:16 179712 ------w- C:\windows\System32\BrfxDA5b.dll
2012-05-19 20:22:05 167936 ------w- C:\windows\SysWow64\NSSearch.dll
2012-05-19 20:22:05 -------- d-----w- C:\Program Files (x86)\Brother
2012-05-19 20:20:58 -------- d-----w- C:\ProgramData\Brother
2012-05-19 18:32:14 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-05-19 18:31:10 227840 ----a-w- C:\windows\SysWow64\bzFlRdr.dll
2012-05-19 18:31:10 135168 ----a-w- C:\windows\SysWow64\bzpdfc.dll
2012-05-19 18:31:10 103424 ----a-w- C:\windows\SysWow64\bzDCT.dll
2012-05-19 18:31:10 -------- d-----w- C:\Program Files\Common Files\Bullzip
2012-05-19 18:31:07 216064 ----a-w- C:\windows\System32\bzpdf.dll
2012-05-19 18:31:03 -------- d-----w- C:\Program Files\Bullzip
2012-05-19 13:17:00 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{BDF6EF87-7F68-4B6E-BE7A-C19EEA2AA3CD}
2012-05-19 13:16:53 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{0A10D8F4-A5D3-4D44-8969-B380031F4541}
2012-05-19 00:39:04 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{040BEAFE-7EE7-4AD6-B623-ABA8FAC903C6}
2012-05-19 00:38:41 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{E7DE0A85-B680-4C0D-A6EA-CF15E6B94632}
2012-05-18 12:37:40 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{82998744-AE17-4673-8F59-C43AE2661641}
2012-05-18 12:37:11 -------- d-----w- C:\Users\Tariq Ali\AppData\Local\{9939575E-54BF-4A45-B527-193F61467204}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:50:40 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-25 00:13:24 54728 ----a-w- C:\windows\System32\drivers\Soluto.sys
2012-04-24 05:59:45 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-07 12:18:36 3213824 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-06 19:39:25 466456 ----a-w- C:\windows\System32\wrap_oal.dll
2012-04-06 19:39:25 444952 ----a-w- C:\windows\SysWow64\wrap_oal.dll
2012-04-06 19:39:25 122904 ----a-w- C:\windows\System32\OpenAL32.dll
2012-04-06 19:39:25 109080 ----a-w- C:\windows\SysWow64\OpenAL32.dll
2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2006-10-12 03:09:40 94208 --sh--w- C:\windows\SysWOW64\SalaatTime.dll
.
============= FINISH: 23:25:37.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 01:06 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 11:13 AM

Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.1.102.63 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

ComboFix 12-06-16.02 - Tariq Ali 06/17/2012 10:45:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1689 [GMT -5:00]
Running from: c:\users\Tariq Ali\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\users\Tariq Ali\AppData\Local\Apps\Apple Computer\rxzrzgfy.dll
c:\users\Tariq Ali\AppData\Roaming\3462.B51
c:\users\Tariq Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Tariq Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Tariq Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Tariq Ali\Documents\~WRL0003.tmp
c:\users\Tariq Ali\Documents\~WRL0004.tmp
c:\users\Tariq Ali\Documents\~WRL0005.tmp
c:\users\Tariq Ali\Documents\~WRL0006.tmp
c:\users\Tariq Ali\Documents\~WRL0007.tmp
c:\users\Tariq Ali\Documents\~WRL0008.tmp
c:\users\Tariq Ali\Documents\~WRL0956.tmp
c:\users\Tariq Ali\Documents\~WRL1412.tmp
c:\users\Tariq Ali\Documents\~WRL1529.tmp
c:\users\Tariq Ali\Documents\~WRL1784.tmp
c:\users\Tariq Ali\Documents\~WRL2752.tmp
c:\users\Tariq Ali\Documents\~WRL3383.tmp
c:\users\Tariq Ali\Documents\~WRL3794.tmp
c:\windows\s.bat
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\SET365F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 15:56 . 2012-06-17 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 23:52 . 2012-06-15 23:52 -------- d-----w- c:\users\Tariq Ali\AppData\Local\Unity
2012-06-12 22:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-10 00:55 . 2012-06-10 00:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-10 00:55 . 2012-06-10 00:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-10 00:55 . 2012-06-10 00:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-08 22:38 . 2012-06-08 22:38 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-06-08 22:38 . 2012-06-08 22:38 -------- d-----w- c:\users\Tariq Ali\AppData\Roaming\SystemRequirementsLab
2012-05-22 19:12 . 2012-05-22 19:15 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-22 19:12 . 2012-05-22 19:12 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-22 19:12 . 2012-05-22 19:12 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-22 19:12 . 2012-05-22 19:12 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-22 19:12 . 2012-05-22 19:12 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-22 19:12 . 2012-05-22 19:12 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-05-22 19:12 . 2012-05-22 19:12 144384 ----a-w- c:\windows\system32\cdd.dll
2012-05-22 19:12 . 2012-05-22 19:12 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-05-22 19:12 . 2012-05-22 19:12 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 18:05 . 2012-06-12 15:11 -------- d-----w- c:\users\Tariq Ali\Quran
2012-05-22 05:08 . 2012-05-22 05:08 0 ----a-w- c:\windows\SysWow64\shoD15B.tmp
2012-05-19 20:22 . 2006-07-07 17:40 73728 ------w- c:\windows\SysWow64\BRCrypt.dll
2012-05-19 20:22 . 2008-08-24 00:17 118784 ------w- c:\windows\SysWow64\BrMfNt.dll
2012-05-19 20:22 . 2002-11-26 18:43 106496 ------w- c:\windows\SysWow64\BrMuSNMP.dll
2012-05-19 20:22 . 2008-10-18 01:04 179712 ------w- c:\windows\system32\BrfxDA5b.dll
2012-05-19 20:22 . 2012-05-19 20:37 -------- d-----w- c:\program files (x86)\Brother
2012-05-19 20:22 . 2008-06-17 20:33 167936 ------w- c:\windows\SysWow64\NSSearch.dll
2012-05-19 20:20 . 2012-05-19 20:20 -------- d-----w- c:\programdata\Brother
2012-05-19 18:32 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-05-19 18:31 . 2012-05-19 18:31 -------- d-----w- c:\program files\Common Files\Bullzip
2012-05-19 18:31 . 2010-09-27 13:29 135168 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-05-19 18:31 . 2008-10-30 13:29 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-05-19 18:31 . 2008-07-09 13:29 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-05-19 18:31 . 2012-03-27 13:29 216064 ----a-w- c:\windows\system32\bzpdf.dll
2012-05-19 18:31 . 2012-05-19 18:31 -------- d-----w- c:\program files\Bullzip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 00:13 . 2012-03-07 23:28 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-06 19:39 . 2012-04-06 19:39 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-06 19:39 . 2012-04-06 19:39 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-06 19:39 . 2012-04-06 19:39 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-06 19:39 . 2012-04-06 19:39 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-04 20:56 . 2011-05-23 01:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:09 . 2012-05-11 15:52 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2006-10-12 03:09 94208 --sh--w- c:\windows\SysWOW64\SalaatTime.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 18:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 23:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files (x86)\Salaat Time\SalaatTime.exe" [2010-09-14 15376384]
"Facebook Update"="c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-24 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
.
c:\users\Tariq Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2012-4-30 7968008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-10 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-25 584224]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-657421210-406520831-2180993659-1000Core.job
- c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24 07:15]
.
2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-657421210-406520831-2180993659-1000UA.job
- c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24 07:15]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 16:59]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 16:59]
.
2012-06-03 c:\windows\Tasks\Norton Security Scan for Tariq Ali.job
- c:\progra~2\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-17 07:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-04-04 09:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"combofix"="c:\combofix\CF30531.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetUrl.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tariq Ali\AppData\Roaming\Mozilla\Firefox\Profiles\m6twpxns.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61232
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Tariq Ali\AppData\Local\Apps\Apple Computer\rxzrzgfy.dll
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-06-17 11:08:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 16:08
.
Pre-Run: 167,717,109,760 bytes free
Post-Run: 180,615,233,536 bytes free
.
- - End Of File - - 109E8BE2334A808F118B7A4E196E9BA1


1) I have received an error message about an illegal operation being attempted on a registery key that has been marked for deletion, but ComboFix later restarted the computer, so should I do a separate restart the computer? Rerun ComboFix? What?

2) No other problems detected on my computer.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 11:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 01:35 PM

After running TDSS, I ran aswMBR, but the entire computer froze after I started running a scan. I ran aswMBR again, and the computer again froze during the scan, and I am afraid that if I run it a third time, the computer might freeze again during the scan. TDSS did not have any rootkits though, so maybe the computer is clean?

12:50:31.0846 4220 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:50:32.0195 4220 ============================================================
12:50:32.0195 4220 Current date / time: 2012/06/17 12:50:32.0195
12:50:32.0195 4220 SystemInfo:
12:50:32.0195 4220
12:50:32.0195 4220 OS Version: 6.1.7600 ServicePack: 0.0
12:50:32.0195 4220 Product type: Workstation
12:50:32.0195 4220 ComputerName: TARIQALI-PC
12:50:32.0195 4220 UserName: Tariq Ali
12:50:32.0195 4220 Windows directory: C:\windows
12:50:32.0195 4220 System windows directory: C:\windows
12:50:32.0195 4220 Running under WOW64
12:50:32.0195 4220 Processor architecture: Intel x64
12:50:32.0195 4220 Number of processors: 2
12:50:32.0195 4220 Page size: 0x1000
12:50:32.0195 4220 Boot type: Normal boot
12:50:32.0195 4220 ============================================================
12:50:32.0847 4220 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:50:32.0857 4220 ============================================================
12:50:32.0857 4220 \Device\Harddisk0\DR0:
12:50:32.0857 4220 MBR partitions:
12:50:32.0857 4220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
12:50:32.0857 4220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
12:50:32.0887 4220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
12:50:32.0887 4220 ============================================================
12:50:32.0927 4220 C: <-> \Device\Harddisk0\DR0\Partition1
12:50:32.0957 4220 D: <-> \Device\Harddisk0\DR0\Partition2
12:50:32.0957 4220 ============================================================
12:50:32.0957 4220 Initialize success
12:50:32.0957 4220 ============================================================
12:50:42.0225 4276 ============================================================
12:50:42.0225 4276 Scan started
12:50:42.0225 4276 Mode: Manual;
12:50:42.0225 4276 ============================================================
12:50:44.0637 4276 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
12:50:44.0655 4276 1394ohci - ok
12:50:44.0711 4276 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
12:50:44.0736 4276 ACPI - ok
12:50:44.0785 4276 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
12:50:44.0787 4276 AcpiPmi - ok
12:50:44.0841 4276 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
12:50:44.0843 4276 ACPIVPC - ok
12:50:44.0964 4276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
12:50:44.0985 4276 adp94xx - ok
12:50:45.0036 4276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
12:50:45.0043 4276 adpahci - ok
12:50:45.0107 4276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
12:50:45.0117 4276 adpu320 - ok
12:50:45.0185 4276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
12:50:45.0187 4276 AeLookupSvc - ok
12:50:45.0299 4276 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
12:50:45.0322 4276 AFD - ok
12:50:45.0366 4276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
12:50:45.0369 4276 agp440 - ok
12:50:45.0400 4276 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
12:50:45.0403 4276 ALG - ok
12:50:45.0454 4276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
12:50:45.0456 4276 aliide - ok
12:50:45.0462 4276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
12:50:45.0464 4276 amdide - ok
12:50:45.0537 4276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
12:50:45.0569 4276 AmdK8 - ok
12:50:45.0612 4276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
12:50:45.0614 4276 AmdPPM - ok
12:50:45.0686 4276 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
12:50:45.0691 4276 amdsata - ok
12:50:45.0745 4276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
12:50:45.0754 4276 amdsbs - ok
12:50:45.0803 4276 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
12:50:45.0804 4276 amdxata - ok
12:50:45.0858 4276 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
12:50:45.0860 4276 AppID - ok
12:50:45.0887 4276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
12:50:45.0890 4276 AppIDSvc - ok
12:50:45.0910 4276 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
12:50:45.0912 4276 Appinfo - ok
12:50:46.0030 4276 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:50:46.0033 4276 Apple Mobile Device - ok
12:50:46.0118 4276 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
12:50:46.0121 4276 arc - ok
12:50:46.0143 4276 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
12:50:46.0145 4276 arcsas - ok
12:50:46.0300 4276 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:50:46.0302 4276 aspnet_state - ok
12:50:46.0320 4276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:50:46.0322 4276 AsyncMac - ok
12:50:46.0368 4276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
12:50:46.0370 4276 atapi - ok
12:50:46.0500 4276 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
12:50:46.0551 4276 AudioEndpointBuilder - ok
12:50:46.0570 4276 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
12:50:46.0579 4276 AudioSrv - ok
12:50:46.0637 4276 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
12:50:46.0640 4276 AxInstSV - ok
12:50:46.0742 4276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
12:50:46.0753 4276 b06bdrv - ok
12:50:46.0854 4276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:50:46.0870 4276 b57nd60a - ok
12:50:47.0058 4276 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
12:50:47.0068 4276 BBSvc - ok
12:50:47.0131 4276 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
12:50:47.0160 4276 BBUpdate - ok
12:50:47.0513 4276 BCM43XX (47b210f18d8a7762c508960c4e475fb0) C:\windows\system32\DRIVERS\bcmwl664.sys
12:50:47.0614 4276 BCM43XX - ok
12:50:47.0828 4276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
12:50:47.0831 4276 BDESVC - ok
12:50:47.0898 4276 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:50:47.0899 4276 Beep - ok
12:50:47.0993 4276 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
12:50:48.0047 4276 BFE - ok
12:50:48.0193 4276 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
12:50:48.0244 4276 BITS - ok
12:50:48.0309 4276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:50:48.0311 4276 blbdrive - ok
12:50:48.0428 4276 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:50:48.0458 4276 Bonjour Service - ok
12:50:48.0553 4276 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
12:50:48.0556 4276 bowser - ok
12:50:48.0573 4276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:50:48.0574 4276 BrFiltLo - ok
12:50:48.0581 4276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:50:48.0583 4276 BrFiltUp - ok
12:50:48.0617 4276 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
12:50:48.0620 4276 BridgeMP - ok
12:50:48.0672 4276 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
12:50:48.0675 4276 Browser - ok
12:50:48.0731 4276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\system32\DRIVERS\BrSerId.sys
12:50:48.0737 4276 Brserid - ok
12:50:48.0748 4276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:50:48.0750 4276 BrSerWdm - ok
12:50:48.0779 4276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:50:48.0780 4276 BrUsbMdm - ok
12:50:48.0787 4276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\DRIVERS\BrUsbSer.sys
12:50:48.0788 4276 BrUsbSer - ok
12:50:48.0839 4276 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
12:50:48.0841 4276 BthEnum - ok
12:50:48.0865 4276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
12:50:48.0867 4276 BTHMODEM - ok
12:50:48.0895 4276 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
12:50:48.0898 4276 BthPan - ok
12:50:48.0990 4276 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
12:50:49.0030 4276 BTHPORT - ok
12:50:49.0100 4276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
12:50:49.0100 4276 bthserv - ok
12:50:49.0140 4276 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
12:50:49.0140 4276 BTHUSB - ok
12:50:49.0300 4276 Cam5607 (27c684d57a49dab19bce9d69529e8be7) C:\windows\system32\Drivers\BisonC07.sys
12:50:49.0330 4276 Cam5607 - ok
12:50:49.0398 4276 catchme - ok
12:50:49.0449 4276 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:50:49.0452 4276 cdfs - ok
12:50:49.0500 4276 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
12:50:49.0504 4276 cdrom - ok
12:50:49.0558 4276 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
12:50:49.0561 4276 CertPropSvc - ok
12:50:49.0587 4276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
12:50:49.0589 4276 circlass - ok
12:50:49.0656 4276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:50:49.0684 4276 CLFS - ok
12:50:49.0746 4276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:49.0748 4276 clr_optimization_v2.0.50727_32 - ok
12:50:49.0781 4276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:50:49.0784 4276 clr_optimization_v2.0.50727_64 - ok
12:50:49.0905 4276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:49.0908 4276 clr_optimization_v4.0.30319_32 - ok
12:50:49.0956 4276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:50:49.0960 4276 clr_optimization_v4.0.30319_64 - ok
12:50:50.0021 4276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:50:50.0023 4276 CmBatt - ok
12:50:50.0043 4276 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
12:50:50.0045 4276 cmdide - ok
12:50:50.0145 4276 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
12:50:50.0165 4276 CNG - ok
12:50:50.0260 4276 CnxtHdAudService (b9d6ba3c570c7c3dbcccdbab4081b1c6) C:\windows\system32\drivers\CHDRT64.sys
12:50:50.0275 4276 CnxtHdAudService - ok
12:50:50.0304 4276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
12:50:50.0305 4276 Compbatt - ok
12:50:50.0343 4276 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
12:50:50.0345 4276 CompositeBus - ok
12:50:50.0362 4276 COMSysApp - ok
12:50:50.0404 4276 cpuz135 - ok
12:50:50.0423 4276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
12:50:50.0425 4276 crcdisk - ok
12:50:50.0495 4276 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll
12:50:50.0507 4276 CryptSvc - ok
12:50:50.0648 4276 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:50:50.0672 4276 cvhsvc - ok
12:50:50.0749 4276 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
12:50:50.0761 4276 DcomLaunch - ok
12:50:50.0833 4276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
12:50:50.0849 4276 defragsvc - ok
12:50:50.0937 4276 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
12:50:50.0940 4276 DfsC - ok
12:50:51.0007 4276 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
12:50:51.0022 4276 Dhcp - ok
12:50:51.0053 4276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:50:51.0055 4276 discache - ok
12:50:51.0106 4276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
12:50:51.0108 4276 Disk - ok
12:50:51.0168 4276 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
12:50:51.0177 4276 Dnscache - ok
12:50:51.0225 4276 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
12:50:51.0245 4276 dot3svc - ok
12:50:51.0295 4276 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
12:50:51.0305 4276 DPS - ok
12:50:51.0335 4276 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:50:51.0335 4276 drmkaud - ok
12:50:51.0445 4276 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
12:50:51.0465 4276 DXGKrnl - ok
12:50:51.0505 4276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
12:50:51.0515 4276 EapHost - ok
12:50:51.0825 4276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
12:50:51.0905 4276 ebdrv - ok
12:50:52.0057 4276 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
12:50:52.0059 4276 EFS - ok
12:50:52.0164 4276 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
12:50:52.0183 4276 ehRecvr - ok
12:50:52.0212 4276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
12:50:52.0214 4276 ehSched - ok
12:50:52.0346 4276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
12:50:52.0361 4276 elxstor - ok
12:50:52.0371 4276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
12:50:52.0373 4276 ErrDev - ok
12:50:52.0433 4276 ETD (fb558cebea17a6b63205985dff39e662) C:\windows\system32\DRIVERS\ETD.sys
12:50:52.0444 4276 ETD - ok
12:50:52.0501 4276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
12:50:52.0512 4276 EventSystem - ok
12:50:52.0556 4276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:50:52.0566 4276 exfat - ok
12:50:52.0601 4276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:50:52.0611 4276 fastfat - ok
12:50:52.0695 4276 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
12:50:52.0713 4276 Fax - ok
12:50:52.0727 4276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
12:50:52.0729 4276 fdc - ok
12:50:52.0774 4276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
12:50:52.0776 4276 fdPHost - ok
12:50:52.0787 4276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
12:50:52.0789 4276 FDResPub - ok
12:50:52.0811 4276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:50:52.0813 4276 FileInfo - ok
12:50:52.0828 4276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:50:52.0830 4276 Filetrace - ok
12:50:52.0851 4276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
12:50:52.0852 4276 flpydisk - ok
12:50:52.0890 4276 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
12:50:52.0904 4276 FltMgr - ok
12:50:53.0023 4276 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\windows\system32\FntCache.dll
12:50:53.0051 4276 FontCache - ok
12:50:53.0126 4276 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:50:53.0128 4276 FontCache3.0.0.0 - ok
12:50:53.0193 4276 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:50:53.0195 4276 FsDepends - ok
12:50:53.0234 4276 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
12:50:53.0236 4276 Fs_Rec - ok
12:50:53.0314 4276 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
12:50:53.0323 4276 fvevol - ok
12:50:53.0361 4276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
12:50:53.0380 4276 gagp30kx - ok
12:50:53.0430 4276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:50:53.0432 4276 GEARAspiWDM - ok
12:50:53.0508 4276 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
12:50:53.0524 4276 gpsvc - ok
12:50:53.0667 4276 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:50:53.0670 4276 gupdate - ok
12:50:53.0705 4276 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:50:53.0707 4276 gupdatem - ok
12:50:53.0767 4276 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:50:53.0777 4276 gusvc - ok
12:50:53.0826 4276 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
12:50:53.0828 4276 hamachi - ok
12:50:54.0125 4276 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:50:54.0190 4276 Hamachi2Svc - ok
12:50:54.0323 4276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:50:54.0324 4276 hcw85cir - ok
12:50:54.0400 4276 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
12:50:54.0407 4276 HdAudAddService - ok
12:50:54.0453 4276 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:50:54.0456 4276 HDAudBus - ok
12:50:54.0514 4276 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
12:50:54.0516 4276 HECIx64 - ok
12:50:54.0524 4276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
12:50:54.0525 4276 HidBatt - ok
12:50:54.0542 4276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
12:50:54.0544 4276 HidBth - ok
12:50:54.0553 4276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
12:50:54.0555 4276 HidIr - ok
12:50:54.0593 4276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
12:50:54.0595 4276 hidserv - ok
12:50:54.0638 4276 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
12:50:54.0640 4276 HidUsb - ok
12:50:54.0668 4276 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
12:50:54.0673 4276 hkmsvc - ok
12:50:54.0727 4276 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
12:50:54.0758 4276 HomeGroupListener - ok
12:50:54.0814 4276 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
12:50:54.0856 4276 HomeGroupProvider - ok
12:50:54.0884 4276 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
12:50:54.0887 4276 HpSAMD - ok
12:50:54.0980 4276 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
12:50:55.0009 4276 HTTP - ok
12:50:55.0031 4276 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
12:50:55.0033 4276 hwpolicy - ok
12:50:55.0080 4276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:50:55.0083 4276 i8042prt - ok
12:50:55.0167 4276 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
12:50:55.0173 4276 iaStor - ok
12:50:55.0275 4276 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:50:55.0277 4276 IAStorDataMgrSvc - ok
12:50:55.0359 4276 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
12:50:55.0378 4276 iaStorV - ok
12:50:55.0510 4276 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:50:55.0531 4276 idsvc - ok
12:50:56.0161 4276 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
12:50:56.0426 4276 igfx - ok
12:50:56.0577 4276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
12:50:56.0579 4276 iirsp - ok
12:50:56.0673 4276 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
12:50:56.0697 4276 IKEEXT - ok
12:50:56.0758 4276 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
12:50:56.0762 4276 Impcd - ok
12:50:56.0825 4276 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
12:50:56.0841 4276 IntcDAud - ok
12:50:56.0858 4276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
12:50:56.0860 4276 intelide - ok
12:50:56.0898 4276 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:50:56.0900 4276 intelppm - ok
12:50:56.0926 4276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
12:50:56.0930 4276 IPBusEnum - ok
12:50:56.0942 4276 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:50:56.0945 4276 IpFilterDriver - ok
12:50:56.0998 4276 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
12:50:57.0011 4276 iphlpsvc - ok
12:50:57.0036 4276 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
12:50:57.0038 4276 IPMIDRV - ok
12:50:57.0099 4276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:50:57.0102 4276 IPNAT - ok
12:50:57.0228 4276 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
12:50:57.0244 4276 iPod Service - ok
12:50:57.0278 4276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:50:57.0280 4276 IRENUM - ok
12:50:57.0300 4276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
12:50:57.0302 4276 isapnp - ok
12:50:57.0333 4276 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
12:50:57.0341 4276 iScsiPrt - ok
12:50:57.0393 4276 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
12:50:57.0398 4276 k57nd60a - ok
12:50:57.0426 4276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:50:57.0429 4276 kbdclass - ok
12:50:57.0464 4276 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
12:50:57.0466 4276 kbdhid - ok
12:50:57.0523 4276 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:50:57.0526 4276 KeyIso - ok
12:50:57.0576 4276 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
12:50:57.0579 4276 KSecDD - ok
12:50:57.0609 4276 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
12:50:57.0622 4276 KSecPkg - ok
12:50:57.0638 4276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:50:57.0640 4276 ksthunk - ok
12:50:57.0719 4276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
12:50:57.0739 4276 KtmRm - ok
12:50:57.0804 4276 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
12:50:57.0823 4276 LanmanServer - ok
12:50:57.0866 4276 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
12:50:57.0871 4276 LanmanWorkstation - ok
12:50:57.0920 4276 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:50:57.0923 4276 lltdio - ok
12:50:57.0980 4276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
12:50:57.0992 4276 lltdsvc - ok
12:50:58.0011 4276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
12:50:58.0013 4276 lmhosts - ok
12:50:58.0160 4276 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:50:58.0180 4276 LMS - ok
12:50:58.0220 4276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
12:50:58.0220 4276 LSI_FC - ok
12:50:58.0250 4276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
12:50:58.0250 4276 LSI_SAS - ok
12:50:58.0260 4276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:50:58.0270 4276 LSI_SAS2 - ok
12:50:58.0280 4276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:50:58.0280 4276 LSI_SCSI - ok
12:50:58.0330 4276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:50:58.0330 4276 luafv - ok
12:50:58.0390 4276 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
12:50:58.0400 4276 mcdbus - ok
12:50:58.0430 4276 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
12:50:58.0430 4276 Mcx2Svc - ok
12:50:58.0440 4276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
12:50:58.0450 4276 megasas - ok
12:50:58.0500 4276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
12:50:58.0520 4276 MegaSR - ok
12:50:58.0550 4276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:50:58.0560 4276 MMCSS - ok
12:50:58.0570 4276 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:50:58.0570 4276 Modem - ok
12:50:58.0610 4276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:50:58.0610 4276 monitor - ok
12:50:58.0650 4276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:50:58.0650 4276 mouclass - ok
12:50:58.0690 4276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:50:58.0690 4276 mouhid - ok
12:50:58.0710 4276 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
12:50:58.0710 4276 mountmgr - ok
12:50:58.0810 4276 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:50:58.0810 4276 MozillaMaintenance - ok
12:50:58.0850 4276 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
12:50:58.0860 4276 mpio - ok
12:50:58.0880 4276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:50:58.0880 4276 mpsdrv - ok
12:50:59.0000 4276 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
12:50:59.0020 4276 MpsSvc - ok
12:50:59.0060 4276 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
12:50:59.0072 4276 MRxDAV - ok
12:50:59.0131 4276 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
12:50:59.0142 4276 mrxsmb - ok
12:50:59.0200 4276 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:50:59.0216 4276 mrxsmb10 - ok
12:50:59.0240 4276 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:50:59.0262 4276 mrxsmb20 - ok
12:50:59.0287 4276 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
12:50:59.0290 4276 msahci - ok
12:50:59.0320 4276 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
12:50:59.0332 4276 msdsm - ok
12:50:59.0364 4276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
12:50:59.0368 4276 MSDTC - ok
12:50:59.0420 4276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:50:59.0452 4276 Msfs - ok
12:50:59.0472 4276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:50:59.0473 4276 mshidkmdf - ok
12:50:59.0487 4276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
12:50:59.0489 4276 msisadrv - ok
12:50:59.0555 4276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
12:50:59.0567 4276 MSiSCSI - ok
12:50:59.0573 4276 msiserver - ok
12:50:59.0614 4276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:50:59.0616 4276 MSKSSRV - ok
12:50:59.0637 4276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:50:59.0638 4276 MSPCLOCK - ok
12:50:59.0660 4276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:50:59.0661 4276 MSPQM - ok
12:50:59.0711 4276 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
12:50:59.0742 4276 MsRPC - ok
12:50:59.0801 4276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:50:59.0803 4276 mssmbios - ok
12:50:59.0810 4276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:50:59.0812 4276 MSTEE - ok
12:50:59.0858 4276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
12:50:59.0860 4276 MTConfig - ok
12:50:59.0888 4276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:50:59.0891 4276 Mup - ok
12:50:59.0971 4276 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
12:51:00.0027 4276 napagent - ok
12:51:00.0094 4276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:51:00.0108 4276 NativeWifiP - ok
12:51:00.0215 4276 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
12:51:00.0235 4276 NDIS - ok
12:51:00.0265 4276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:51:00.0265 4276 NdisCap - ok
12:51:00.0305 4276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:51:00.0305 4276 NdisTapi - ok
12:51:00.0335 4276 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
12:51:00.0335 4276 Ndisuio - ok
12:51:00.0365 4276 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
12:51:00.0375 4276 NdisWan - ok
12:51:00.0405 4276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
12:51:00.0405 4276 NDProxy - ok
12:51:00.0425 4276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:51:00.0435 4276 NetBIOS - ok
12:51:00.0465 4276 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
12:51:00.0505 4276 NetBT - ok
12:51:00.0575 4276 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:51:00.0575 4276 Netlogon - ok
12:51:00.0665 4276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
12:51:00.0735 4276 Netman - ok
12:51:00.0865 4276 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:00.0865 4276 NetMsmqActivator - ok
12:51:00.0885 4276 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:00.0895 4276 NetPipeActivator - ok
12:51:00.0925 4276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
12:51:00.0935 4276 netprofm - ok
12:51:00.0955 4276 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:00.0955 4276 NetTcpActivator - ok
12:51:00.0965 4276 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:00.0965 4276 NetTcpPortSharing - ok
12:51:01.0363 4276 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
12:51:01.0505 4276 netw5v64 - ok
12:51:01.0644 4276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
12:51:01.0646 4276 nfrd960 - ok
12:51:01.0709 4276 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
12:51:01.0757 4276 NlaSvc - ok
12:51:01.0797 4276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:51:01.0799 4276 Npfs - ok
12:51:01.0830 4276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
12:51:01.0833 4276 nsi - ok
12:51:01.0841 4276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:51:01.0843 4276 nsiproxy - ok
12:51:02.0042 4276 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
12:51:02.0087 4276 Ntfs - ok
12:51:02.0248 4276 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:51:02.0251 4276 Null - ok
12:51:02.0306 4276 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
12:51:02.0310 4276 nvraid - ok
12:51:02.0355 4276 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
12:51:02.0369 4276 nvstor - ok
12:51:02.0406 4276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
12:51:02.0409 4276 nv_agp - ok
12:51:02.0541 4276 Oasis2Service (f5a3015dafc7ae80fc43f36558a19ba5) C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
12:51:02.0551 4276 Oasis2Service - ok
12:51:02.0561 4276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
12:51:02.0561 4276 ohci1394 - ok
12:51:02.0601 4276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:02.0601 4276 ose - ok
12:51:03.0001 4276 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:51:03.0131 4276 osppsvc - ok
12:51:03.0261 4276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:51:03.0271 4276 p2pimsvc - ok
12:51:03.0331 4276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
12:51:03.0351 4276 p2psvc - ok
12:51:03.0391 4276 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
12:51:03.0401 4276 Parport - ok
12:51:03.0431 4276 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
12:51:03.0431 4276 partmgr - ok
12:51:03.0451 4276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
12:51:03.0461 4276 PcaSvc - ok
12:51:03.0491 4276 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
12:51:03.0501 4276 pci - ok
12:51:03.0521 4276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:51:03.0521 4276 pciide - ok
12:51:03.0551 4276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
12:51:03.0561 4276 pcmcia - ok
12:51:03.0581 4276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:51:03.0581 4276 pcw - ok
12:51:03.0705 4276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:51:03.0733 4276 PEAUTH - ok
12:51:03.0880 4276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
12:51:03.0883 4276 PerfHost - ok
12:51:04.0087 4276 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
12:51:04.0132 4276 pla - ok
12:51:04.0224 4276 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
12:51:04.0235 4276 PlugPlay - ok
12:51:04.0257 4276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
12:51:04.0261 4276 PNRPAutoReg - ok
12:51:04.0296 4276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:51:04.0302 4276 PNRPsvc - ok
12:51:04.0359 4276 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
12:51:04.0377 4276 PolicyAgent - ok
12:51:04.0419 4276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
12:51:04.0432 4276 Power - ok
12:51:04.0498 4276 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
12:51:04.0501 4276 PptpMiniport - ok
12:51:04.0519 4276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
12:51:04.0521 4276 Processor - ok
12:51:04.0578 4276 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll
12:51:04.0632 4276 ProfSvc - ok
12:51:04.0689 4276 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:51:04.0692 4276 ProtectedStorage - ok
12:51:04.0743 4276 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
12:51:04.0747 4276 Psched - ok
12:51:04.0900 4276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
12:51:04.0941 4276 ql2300 - ok
12:51:05.0038 4276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
12:51:05.0049 4276 ql40xx - ok
12:51:05.0087 4276 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
12:51:05.0106 4276 QWAVE - ok
12:51:05.0120 4276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:51:05.0122 4276 QWAVEdrv - ok
12:51:05.0129 4276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:51:05.0137 4276 RasAcd - ok
12:51:05.0188 4276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:51:05.0190 4276 RasAgileVpn - ok
12:51:05.0211 4276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
12:51:05.0215 4276 RasAuto - ok
12:51:05.0239 4276 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
12:51:05.0242 4276 Rasl2tp - ok
12:51:05.0293 4276 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
12:51:05.0328 4276 RasMan - ok
12:51:05.0362 4276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:51:05.0365 4276 RasPppoe - ok
12:51:05.0402 4276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:51:05.0405 4276 RasSstp - ok
12:51:05.0440 4276 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
12:51:05.0456 4276 rdbss - ok
12:51:05.0477 4276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
12:51:05.0479 4276 rdpbus - ok
12:51:05.0500 4276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:51:05.0502 4276 RDPCDD - ok
12:51:05.0544 4276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:51:05.0545 4276 RDPENCDD - ok
12:51:05.0555 4276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:51:05.0557 4276 RDPREFMP - ok
12:51:05.0624 4276 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys
12:51:05.0641 4276 RDPWD - ok
12:51:05.0689 4276 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
12:51:05.0698 4276 rdyboost - ok
12:51:05.0789 4276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
12:51:05.0793 4276 RemoteAccess - ok
12:51:05.0836 4276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
12:51:05.0847 4276 RemoteRegistry - ok
12:51:05.0894 4276 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
12:51:05.0909 4276 RFCOMM - ok
12:51:05.0948 4276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
12:51:05.0952 4276 RpcEptMapper - ok
12:51:05.0971 4276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
12:51:05.0973 4276 RpcLocator - ok
12:51:06.0032 4276 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
12:51:06.0040 4276 RpcSs - ok
12:51:06.0120 4276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:51:06.0149 4276 rspndr - ok
12:51:06.0232 4276 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
12:51:06.0250 4276 RSUSBSTOR - ok
12:51:06.0307 4276 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
12:51:06.0314 4276 RTL8167 - ok
12:51:06.0334 4276 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:51:06.0336 4276 SamSs - ok
12:51:06.0403 4276 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
12:51:06.0411 4276 Samsung UPD Service - ok
12:51:06.0436 4276 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
12:51:06.0438 4276 sbp2port - ok
12:51:06.0477 4276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
12:51:06.0486 4276 SCardSvr - ok
12:51:06.0521 4276 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
12:51:06.0523 4276 scfilter - ok
12:51:06.0621 4276 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
12:51:06.0641 4276 Schedule - ok
12:51:06.0670 4276 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
12:51:06.0680 4276 SCPolicySvc - ok
12:51:06.0708 4276 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
12:51:06.0713 4276 SDRSVC - ok
12:51:06.0770 4276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:51:06.0772 4276 secdrv - ok
12:51:06.0791 4276 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
12:51:06.0793 4276 seclogon - ok
12:51:06.0816 4276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
12:51:06.0819 4276 SENS - ok
12:51:06.0827 4276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
12:51:06.0831 4276 SensrSvc - ok
12:51:06.0852 4276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
12:51:06.0854 4276 Serenum - ok
12:51:06.0884 4276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
12:51:06.0886 4276 Serial - ok
12:51:06.0893 4276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
12:51:06.0896 4276 sermouse - ok
12:51:06.0934 4276 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
12:51:06.0938 4276 SessionEnv - ok
12:51:06.0966 4276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
12:51:06.0968 4276 sffdisk - ok
12:51:06.0981 4276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
12:51:06.0983 4276 sffp_mmc - ok
12:51:06.0998 4276 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
12:51:06.0999 4276 sffp_sd - ok
12:51:07.0006 4276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
12:51:07.0008 4276 sfloppy - ok
12:51:07.0123 4276 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
12:51:07.0148 4276 Sftfs - ok
12:51:07.0284 4276 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:51:07.0301 4276 sftlist - ok
12:51:07.0348 4276 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
12:51:07.0365 4276 Sftplay - ok
12:51:07.0381 4276 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
12:51:07.0383 4276 Sftredir - ok
12:51:07.0402 4276 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
12:51:07.0405 4276 Sftvol - ok
12:51:07.0436 4276 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:51:07.0445 4276 sftvsa - ok
12:51:07.0542 4276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
12:51:07.0555 4276 SharedAccess - ok
12:51:07.0623 4276 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
12:51:07.0635 4276 ShellHWDetection - ok
12:51:07.0715 4276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:51:07.0717 4276 SiSRaid2 - ok
12:51:07.0729 4276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
12:51:07.0732 4276 SiSRaid4 - ok
12:51:07.0859 4276 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:51:07.0870 4276 SkypeUpdate - ok
12:51:07.0898 4276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:51:07.0901 4276 Smb - ok
12:51:07.0944 4276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
12:51:07.0947 4276 SNMPTRAP - ok
12:51:08.0017 4276 Soluto (f9369327409492097b0bb7ce86bd29de) C:\windows\system32\DRIVERS\Soluto.sys
12:51:08.0019 4276 Soluto - ok
12:51:08.0216 4276 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
12:51:08.0236 4276 SolutoService - ok
12:51:08.0266 4276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:51:08.0266 4276 spldr - ok
12:51:08.0336 4276 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
12:51:08.0356 4276 Spooler - ok
12:51:08.0586 4276 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
12:51:08.0676 4276 sppsvc - ok
12:51:08.0783 4276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
12:51:08.0787 4276 sppuinotify - ok
12:51:08.0867 4276 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
12:51:08.0888 4276 srv - ok
12:51:08.0931 4276 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
12:51:08.0940 4276 srv2 - ok
12:51:08.0986 4276 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
12:51:08.0996 4276 srvnet - ok
12:51:09.0044 4276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
12:51:09.0054 4276 SSDPSRV - ok
12:51:09.0111 4276 ssmirrdr (1100066057fbf612b573efd3b21383f1) C:\windows\system32\DRIVERS\ssmirrdr.sys
12:51:09.0113 4276 ssmirrdr - ok
12:51:09.0137 4276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
12:51:09.0143 4276 SstpSvc - ok
12:51:09.0173 4276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
12:51:09.0174 4276 stexstor - ok
12:51:09.0250 4276 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
12:51:09.0275 4276 stisvc - ok
12:51:09.0290 4276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:51:09.0291 4276 swenum - ok
12:51:09.0344 4276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
12:51:09.0362 4276 swprv - ok
12:51:09.0497 4276 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
12:51:09.0553 4276 SysMain - ok
12:51:09.0698 4276 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
12:51:09.0705 4276 TabletInputService - ok
12:51:09.0772 4276 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
12:51:09.0827 4276 TapiSrv - ok
12:51:09.0859 4276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
12:51:09.0863 4276 TBS - ok
12:51:10.0062 4276 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
12:51:10.0115 4276 Tcpip - ok
12:51:10.0368 4276 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
12:51:10.0392 4276 TCPIP6 - ok
12:51:10.0473 4276 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
12:51:10.0475 4276 tcpipreg - ok
12:51:10.0496 4276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:51:10.0498 4276 TDPIPE - ok
12:51:10.0538 4276 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
12:51:10.0540 4276 TDTCP - ok
12:51:10.0590 4276 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
12:51:10.0596 4276 tdx - ok
12:51:10.0903 4276 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:51:10.0981 4276 TeamViewer7 - ok
12:51:11.0141 4276 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
12:51:11.0144 4276 TermDD - ok
12:51:11.0219 4276 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
12:51:11.0241 4276 TermService - ok
12:51:11.0265 4276 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
12:51:11.0269 4276 Themes - ok
12:51:11.0313 4276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:51:11.0317 4276 THREADORDER - ok
12:51:11.0344 4276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
12:51:11.0349 4276 TrkWks - ok
12:51:11.0387 4276 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
12:51:11.0391 4276 TrustedInstaller - ok
12:51:11.0426 4276 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
12:51:11.0428 4276 tssecsrv - ok
12:51:11.0498 4276 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
12:51:11.0523 4276 tunnel - ok
12:51:11.0556 4276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
12:51:11.0559 4276 uagp35 - ok
12:51:11.0606 4276 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
12:51:11.0619 4276 udfs - ok
12:51:11.0691 4276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
12:51:11.0695 4276 UI0Detect - ok
12:51:11.0716 4276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
12:51:11.0718 4276 uliagpkx - ok
12:51:11.0757 4276 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
12:51:11.0759 4276 umbus - ok
12:51:11.0778 4276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
12:51:11.0781 4276 UmPass - ok
12:51:12.0105 4276 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:51:12.0171 4276 UNS - ok
12:51:12.0303 4276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
12:51:12.0315 4276 upnphost - ok
12:51:12.0363 4276 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
12:51:12.0365 4276 USBAAPL64 - ok
12:51:12.0428 4276 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
12:51:12.0431 4276 usbaudio - ok
12:51:12.0478 4276 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
12:51:12.0481 4276 usbccgp - ok
12:51:12.0516 4276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
12:51:12.0519 4276 usbcir - ok
12:51:12.0539 4276 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
12:51:12.0541 4276 usbehci - ok
12:51:12.0586 4276 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
12:51:12.0599 4276 usbhub - ok
12:51:12.0639 4276 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
12:51:12.0641 4276 usbohci - ok
12:51:12.0683 4276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:51:12.0685 4276 usbprint - ok
12:51:12.0743 4276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:51:12.0745 4276 usbscan - ok
12:51:12.0789 4276 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:51:12.0792 4276 USBSTOR - ok
12:51:12.0815 4276 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
12:51:12.0817 4276 usbuhci - ok
12:51:12.0870 4276 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
12:51:12.0880 4276 usbvideo - ok
12:51:12.0932 4276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
12:51:12.0936 4276 UxSms - ok
12:51:12.0979 4276 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:51:12.0981 4276 VaultSvc - ok
12:51:13.0050 4276 VBoxDrv (0480981ebec902c763f83007274496ca) C:\windows\system32\DRIVERS\VBoxDrv.sys
12:51:13.0058 4276 VBoxDrv - ok
12:51:13.0130 4276 VBoxUSBMon (8908bb024508e71413b807ab3715ad97) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
12:51:13.0133 4276 VBoxUSBMon - ok
12:51:13.0168 4276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
12:51:13.0171 4276 vdrvroot - ok
12:51:13.0229 4276 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
12:51:13.0250 4276 vds - ok
12:51:13.0269 4276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:51:13.0271 4276 vga - ok
12:51:13.0290 4276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:51:13.0292 4276 VgaSave - ok
12:51:13.0315 4276 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
12:51:13.0319 4276 vhdmp - ok
12:51:13.0337 4276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
12:51:13.0339 4276 viaide - ok
12:51:13.0367 4276 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
12:51:13.0370 4276 volmgr - ok
12:51:13.0410 4276 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
12:51:13.0424 4276 volmgrx - ok
12:51:13.0452 4276 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
12:51:13.0458 4276 volsnap - ok
12:51:13.0494 4276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
12:51:13.0506 4276 vsmraid - ok
12:51:13.0658 4276 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
12:51:13.0733 4276 VSS - ok
12:51:13.0851 4276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:51:13.0853 4276 vwifibus - ok
12:51:13.0872 4276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:51:13.0875 4276 vwififlt - ok
12:51:13.0917 4276 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:51:13.0919 4276 vwifimp - ok
12:51:13.0950 4276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
12:51:13.0969 4276 W32Time - ok
12:51:13.0999 4276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
12:51:14.0001 4276 WacomPen - ok
12:51:14.0049 4276 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:51:14.0052 4276 WANARP - ok
12:51:14.0071 4276 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:51:14.0073 4276 Wanarpv6 - ok
12:51:14.0309 4276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
12:51:14.0363 4276 WatAdminSvc - ok
12:51:14.0531 4276 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
12:51:14.0583 4276 wbengine - ok
12:51:14.0703 4276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
12:51:14.0712 4276 WbioSrvc - ok
12:51:14.0779 4276 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
12:51:14.0792 4276 wcncsvc - ok
12:51:14.0815 4276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
12:51:14.0819 4276 WcsPlugInService - ok
12:51:14.0864 4276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
12:51:14.0866 4276 Wd - ok
12:51:14.0932 4276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:51:14.0953 4276 Wdf01000 - ok
12:51:14.0964 4276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:51:14.0974 4276 WdiServiceHost - ok
12:51:14.0974 4276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:51:14.0984 4276 WdiSystemHost - ok
12:51:15.0047 4276 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
12:51:15.0066 4276 WebClient - ok
12:51:15.0098 4276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
12:51:15.0117 4276 Wecsvc - ok
12:51:15.0139 4276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
12:51:15.0143 4276 wercplsupport - ok
12:51:15.0181 4276 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
12:51:15.0186 4276 WerSvc - ok
12:51:15.0264 4276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:51:15.0266 4276 WfpLwf - ok
12:51:15.0324 4276 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
12:51:15.0328 4276 WimFltr - ok
12:51:15.0353 4276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:51:15.0355 4276 WIMMount - ok
12:51:15.0411 4276 WinDefend - ok
12:51:15.0441 4276 WinHttpAutoProxySvc - ok
12:51:15.0527 4276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
12:51:15.0546 4276 Winmgmt - ok
12:51:15.0773 4276 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
12:51:15.0832 4276 WinRM - ok
12:51:16.0025 4276 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
12:51:16.0027 4276 WinUsb - ok
12:51:16.0140 4276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
12:51:16.0161 4276 Wlansvc - ok
12:51:16.0253 4276 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:51:16.0255 4276 wlcrasvc - ok
12:51:16.0468 4276 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:51:16.0533 4276 wlidsvc - ok
12:51:16.0661 4276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
12:51:16.0663 4276 WmiAcpi - ok
12:51:16.0741 4276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
12:51:16.0751 4276 wmiApSrv - ok
12:51:16.0781 4276 WMPNetworkSvc - ok
12:51:16.0836 4276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
12:51:16.0840 4276 WPCSvc - ok
12:51:16.0861 4276 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
12:51:16.0866 4276 WPDBusEnum - ok
12:51:16.0885 4276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:51:16.0887 4276 ws2ifsl - ok
12:51:16.0942 4276 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
12:51:16.0947 4276 wscsvc - ok
12:51:16.0953 4276 WSearch - ok
12:51:17.0016 4276 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
12:51:17.0019 4276 wsvd - ok
12:51:17.0189 4276 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
12:51:17.0259 4276 wuauserv - ok
12:51:17.0397 4276 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
12:51:17.0400 4276 WudfPf - ok
12:51:17.0447 4276 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
12:51:17.0460 4276 WUDFRd - ok
12:51:17.0501 4276 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
12:51:17.0506 4276 wudfsvc - ok
12:51:17.0539 4276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
12:51:17.0558 4276 WwanSvc - ok
12:51:17.0621 4276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:51:17.0848 4276 \Device\Harddisk0\DR0 - ok
12:51:17.0854 4276 Boot (0x1200) (734ab96d77d4cf2a1869cbf7f43d5f21) \Device\Harddisk0\DR0\Partition0
12:51:17.0856 4276 \Device\Harddisk0\DR0\Partition0 - ok
12:51:17.0880 4276 Boot (0x1200) (705fd9f7b8e2e444a4e439351504e547) \Device\Harddisk0\DR0\Partition1
12:51:17.0884 4276 \Device\Harddisk0\DR0\Partition1 - ok
12:51:17.0962 4276 Boot (0x1200) (58cbdffbc326f0b1effcf175b1e784a1) \Device\Harddisk0\DR0\Partition2
12:51:18.0006 4276 \Device\Harddisk0\DR0\Partition2 - ok
12:51:18.0020 4276 ============================================================
12:51:18.0020 4276 Scan finished
12:51:18.0020 4276 ============================================================
12:51:18.0065 4544 Detected object count: 0
12:51:18.0065 4544 Actual detected object count: 0
12:52:01.0087 5308 ============================================================
12:52:01.0088 5308 Scan started
12:52:01.0088 5308 Mode: Manual;
12:52:01.0088 5308 ============================================================
12:52:01.0291 5308 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
12:52:01.0294 5308 1394ohci - ok
12:52:01.0358 5308 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
12:52:01.0362 5308 ACPI - ok
12:52:01.0396 5308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
12:52:01.0396 5308 AcpiPmi - ok
12:52:01.0419 5308 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
12:52:01.0420 5308 ACPIVPC - ok
12:52:01.0517 5308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
12:52:01.0526 5308 adp94xx - ok
12:52:01.0569 5308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
12:52:01.0569 5308 adpahci - ok
12:52:01.0619 5308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
12:52:01.0629 5308 adpu320 - ok
12:52:01.0707 5308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
12:52:01.0708 5308 AeLookupSvc - ok
12:52:01.0796 5308 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
12:52:01.0803 5308 AFD - ok
12:52:01.0846 5308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
12:52:01.0848 5308 agp440 - ok
12:52:01.0863 5308 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
12:52:01.0864 5308 ALG - ok
12:52:01.0898 5308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
12:52:01.0899 5308 aliide - ok
12:52:01.0910 5308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
12:52:01.0911 5308 amdide - ok
12:52:01.0950 5308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
12:52:01.0951 5308 AmdK8 - ok
12:52:01.0976 5308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
12:52:01.0977 5308 AmdPPM - ok
12:52:02.0029 5308 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
12:52:02.0031 5308 amdsata - ok
12:52:02.0053 5308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
12:52:02.0055 5308 amdsbs - ok
12:52:02.0102 5308 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
12:52:02.0103 5308 amdxata - ok
12:52:02.0134 5308 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
12:52:02.0136 5308 AppID - ok
12:52:02.0165 5308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
12:52:02.0166 5308 AppIDSvc - ok
12:52:02.0186 5308 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
12:52:02.0188 5308 Appinfo - ok
12:52:02.0289 5308 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:52:02.0291 5308 Apple Mobile Device - ok
12:52:02.0328 5308 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
12:52:02.0330 5308 arc - ok
12:52:02.0376 5308 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
12:52:02.0378 5308 arcsas - ok
12:52:02.0544 5308 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:52:02.0545 5308 aspnet_state - ok
12:52:02.0554 5308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:52:02.0555 5308 AsyncMac - ok
12:52:02.0579 5308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
12:52:02.0579 5308 atapi - ok
12:52:02.0654 5308 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
12:52:02.0664 5308 AudioEndpointBuilder - ok
12:52:02.0676 5308 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
12:52:02.0684 5308 AudioSrv - ok
12:52:02.0713 5308 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
12:52:02.0714 5308 AxInstSV - ok
12:52:02.0767 5308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
12:52:02.0772 5308 b06bdrv - ok
12:52:02.0795 5308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:52:02.0798 5308 b57nd60a - ok
12:52:02.0924 5308 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
12:52:02.0926 5308 BBSvc - ok
12:52:02.0962 5308 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
12:52:02.0965 5308 BBUpdate - ok
12:52:03.0225 5308 BCM43XX (47b210f18d8a7762c508960c4e475fb0) C:\windows\system32\DRIVERS\bcmwl664.sys
12:52:03.0269 5308 BCM43XX - ok
12:52:03.0405 5308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
12:52:03.0406 5308 BDESVC - ok
12:52:03.0452 5308 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:52:03.0453 5308 Beep - ok
12:52:03.0520 5308 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
12:52:03.0529 5308 BFE - ok
12:52:03.0657 5308 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
12:52:03.0670 5308 BITS - ok
12:52:03.0708 5308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:52:03.0709 5308 blbdrive - ok
12:52:03.0823 5308 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:52:03.0828 5308 Bonjour Service - ok
12:52:03.0896 5308 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
12:52:03.0897 5308 bowser - ok
12:52:03.0916 5308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:52:03.0917 5308 BrFiltLo - ok
12:52:03.0924 5308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:52:03.0924 5308 BrFiltUp - ok
12:52:03.0942 5308 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
12:52:03.0944 5308 BridgeMP - ok
12:52:03.0981 5308 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
12:52:03.0983 5308 Browser - ok
12:52:04.0006 5308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\system32\DRIVERS\BrSerId.sys
12:52:04.0010 5308 Brserid - ok
12:52:04.0025 5308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:52:04.0026 5308 BrSerWdm - ok
12:52:04.0044 5308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:52:04.0045 5308 BrUsbMdm - ok
12:52:04.0054 5308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\DRIVERS\BrUsbSer.sys
12:52:04.0055 5308 BrUsbSer - ok
12:52:04.0093 5308 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
12:52:04.0094 5308 BthEnum - ok
12:52:04.0119 5308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
12:52:04.0121 5308 BTHMODEM - ok
12:52:04.0150 5308 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
12:52:04.0152 5308 BthPan - ok
12:52:04.0242 5308 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
12:52:04.0249 5308 BTHPORT - ok
12:52:04.0278 5308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
12:52:04.0279 5308 bthserv - ok
12:52:04.0318 5308 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
12:52:04.0320 5308 BTHUSB - ok
12:52:04.0445 5308 Cam5607 (27c684d57a49dab19bce9d69529e8be7) C:\windows\system32\Drivers\BisonC07.sys
12:52:04.0461 5308 Cam5607 - ok
12:52:04.0468 5308 catchme - ok
12:52:04.0503 5308 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:52:04.0505 5308 cdfs - ok
12:52:04.0533 5308 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
12:52:04.0535 5308 cdrom - ok
12:52:04.0547 5308 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
12:52:04.0549 5308 CertPropSvc - ok
12:52:04.0575 5308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
12:52:04.0576 5308 circlass - ok
12:52:04.0628 5308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:52:04.0634 5308 CLFS - ok
12:52:04.0689 5308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:52:04.0690 5308 clr_optimization_v2.0.50727_32 - ok
12:52:04.0724 5308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:52:04.0726 5308 clr_optimization_v2.0.50727_64 - ok
12:52:04.0803 5308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:52:04.0805 5308 clr_optimization_v4.0.30319_32 - ok
12:52:04.0855 5308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:52:04.0857 5308 clr_optimization_v4.0.30319_64 - ok
12:52:04.0898 5308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:52:04.0899 5308 CmBatt - ok
12:52:04.0920 5308 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
12:52:04.0921 5308 cmdide - ok
12:52:05.0003 5308 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
12:52:05.0008 5308 CNG - ok
12:52:05.0078 5308 CnxtHdAudService (b9d6ba3c570c7c3dbcccdbab4081b1c6) C:\windows\system32\drivers\CHDRT64.sys
12:52:05.0086 5308 CnxtHdAudService - ok
12:52:05.0102 5308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
12:52:05.0103 5308 Compbatt - ok
12:52:05.0120 5308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
12:52:05.0121 5308 CompositeBus - ok
12:52:05.0125 5308 COMSysApp - ok
12:52:05.0147 5308 cpuz135 - ok
12:52:05.0166 5308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
12:52:05.0167 5308 crcdisk - ok
12:52:05.0227 5308 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll
12:52:05.0230 5308 CryptSvc - ok
12:52:05.0370 5308 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:52:05.0379 5308 cvhsvc - ok
12:52:05.0436 5308 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
12:52:05.0444 5308 DcomLaunch - ok
12:52:05.0498 5308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
12:52:05.0503 5308 defragsvc - ok
12:52:05.0580 5308 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
12:52:05.0582 5308 DfsC - ok
12:52:05.0618 5308 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
12:52:05.0623 5308 Dhcp - ok
12:52:05.0662 5308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:52:05.0664 5308 discache - ok
12:52:05.0683 5308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
12:52:05.0685 5308 Disk - ok
12:52:05.0743 5308 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
12:52:05.0746 5308 Dnscache - ok
12:52:05.0808 5308 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
12:52:05.0812 5308 dot3svc - ok
12:52:05.0864 5308 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
12:52:05.0868 5308 DPS - ok
12:52:05.0882 5308 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:52:05.0883 5308 drmkaud - ok
12:52:05.0989 5308 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
12:52:06.0002 5308 DXGKrnl - ok
12:52:06.0036 5308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
12:52:06.0038 5308 EapHost - ok
12:52:06.0252 5308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
12:52:06.0336 5308 ebdrv - ok
12:52:06.0460 5308 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
12:52:06.0460 5308 EFS - ok
12:52:06.0570 5308 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
12:52:06.0590 5308 ehRecvr - ok
12:52:06.0630 5308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
12:52:06.0630 5308 ehSched - ok
12:52:06.0720 5308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
12:52:06.0730 5308 elxstor - ok
12:52:06.0750 5308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
12:52:06.0760 5308 ErrDev - ok
12:52:06.0800 5308 ETD (fb558cebea17a6b63205985dff39e662) C:\windows\system32\DRIVERS\ETD.sys
12:52:06.0820 5308 ETD - ok
12:52:06.0890 5308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
12:52:06.0910 5308 EventSystem - ok
12:52:06.0940 5308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:52:06.0950 5308 exfat - ok
12:52:06.0980 5308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:52:06.0990 5308 fastfat - ok
12:52:07.0070 5308 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
12:52:07.0090 5308 Fax - ok
12:52:07.0110 5308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
12:52:07.0110 5308 fdc - ok
12:52:07.0130 5308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
12:52:07.0140 5308 fdPHost - ok
12:52:07.0150 5308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
12:52:07.0150 5308 FDResPub - ok
12:52:07.0170 5308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:52:07.0170 5308 FileInfo - ok
12:52:07.0200 5308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:52:07.0200 5308 Filetrace - ok
12:52:07.0210 5308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
12:52:07.0210 5308 flpydisk - ok
12:52:07.0250 5308 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
12:52:07.0270 5308 FltMgr - ok
12:52:07.0390 5308 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\windows\system32\FntCache.dll
12:52:07.0410 5308 FontCache - ok
12:52:07.0460 5308 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:52:07.0470 5308 FontCache3.0.0.0 - ok
12:52:07.0520 5308 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:52:07.0520 5308 FsDepends - ok
12:52:07.0570 5308 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
12:52:07.0570 5308 Fs_Rec - ok
12:52:07.0630 5308 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
12:52:07.0660 5308 fvevol - ok
12:52:07.0690 5308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
12:52:07.0690 5308 gagp30kx - ok
12:52:07.0740 5308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:52:07.0740 5308 GEARAspiWDM - ok
12:52:07.0838 5308 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
12:52:07.0855 5308 gpsvc - ok
12:52:07.0976 5308 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:07.0979 5308 gupdate - ok
12:52:07.0986 5308 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:52:07.0988 5308 gupdatem - ok
12:52:08.0027 5308 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:52:08.0030 5308 gusvc - ok
12:52:08.0070 5308 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
12:52:08.0072 5308 hamachi - ok
12:52:08.0282 5308 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:52:08.0343 5308 Hamachi2Svc - ok
12:52:08.0477 5308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:52:08.0479 5308 hcw85cir - ok
12:52:08.0515 5308 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
12:52:08.0522 5308 HdAudAddService - ok
12:52:08.0563 5308 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:52:08.0566 5308 HDAudBus - ok
12:52:08.0601 5308 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
12:52:08.0604 5308 HECIx64 - ok
12:52:08.0622 5308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
12:52:08.0624 5308 HidBatt - ok
12:52:08.0643 5308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
12:52:08.0646 5308 HidBth - ok
12:52:08.0671 5308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
12:52:08.0673 5308 HidIr - ok
12:52:08.0713 5308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
12:52:08.0716 5308 hidserv - ok
12:52:08.0737 5308 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
12:52:08.0739 5308 HidUsb - ok
12:52:08.0767 5308 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
12:52:08.0767 5308 hkmsvc - ok
12:52:08.0797 5308 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
12:52:08.0824 5308 HomeGroupListener - ok
12:52:08.0866 5308 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
12:52:08.0878 5308 HomeGroupProvider - ok
12:52:08.0894 5308 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
12:52:08.0896 5308 HpSAMD - ok
12:52:08.0973 5308 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
12:52:08.0989 5308 HTTP - ok
12:52:09.0008 5308 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
12:52:09.0010 5308 hwpolicy - ok
12:52:09.0036 5308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:52:09.0039 5308 i8042prt - ok
12:52:09.0112 5308 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
12:52:09.0127 5308 iaStor - ok
12:52:09.0197 5308 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:52:09.0199 5308 IAStorDataMgrSvc - ok
12:52:09.0269 5308 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
12:52:09.0289 5308 iaStorV - ok
12:52:09.0414 5308 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:52:09.0431 5308 idsvc - ok
12:52:10.0223 5308 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
12:52:10.0485 5308 igfx - ok
12:52:10.0633 5308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
12:52:10.0635 5308 iirsp - ok
12:52:10.0718 5308 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
12:52:10.0740 5308 IKEEXT - ok
12:52:10.0769 5308 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
12:52:10.0773 5308 Impcd - ok
12:52:10.0823 5308 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
12:52:10.0841 5308 IntcDAud - ok
12:52:10.0865 5308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
12:52:10.0865 5308 intelide - ok
12:52:10.0899 5308 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:52:10.0901 5308 intelppm - ok
12:52:10.0925 5308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
12:52:10.0929 5308 IPBusEnum - ok
12:52:10.0947 5308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:52:10.0949 5308 IpFilterDriver - ok
12:52:11.0010 5308 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
12:52:11.0022 5308 iphlpsvc - ok
12:52:11.0047 5308 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
12:52:11.0049 5308 IPMIDRV - ok
12:52:11.0076 5308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:52:11.0080 5308 IPNAT - ok
12:52:11.0205 5308 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
12:52:11.0222 5308 iPod Service - ok
12:52:11.0245 5308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:52:11.0246 5308 IRENUM - ok
12:52:11.0257 5308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
12:52:11.0259 5308 isapnp - ok
12:52:11.0299 5308 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
12:52:11.0308 5308 iScsiPrt - ok
12:52:11.0349 5308 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
12:52:11.0354 5308 k57nd60a - ok
12:52:11.0394 5308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:52:11.0396 5308 kbdclass - ok
12:52:11.0420 5308 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
12:52:11.0422 5308 kbdhid - ok
12:52:11.0467 5308 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:52:11.0469 5308 KeyIso - ok
12:52:11.0521 5308 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
12:52:11.0524 5308 KSecDD - ok
12:52:11.0554 5308 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
12:52:11.0567 5308 KSecPkg - ok
12:52:11.0582 5308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:52:11.0584 5308 ksthunk - ok
12:52:11.0639 5308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
12:52:11.0683 5308 KtmRm - ok
12:52:11.0726 5308 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
12:52:11.0745 5308 LanmanServer - ok
12:52:11.0775 5308 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
12:52:11.0781 5308 LanmanWorkstation - ok
12:52:11.0798 5308 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:52:11.0800 5308 lltdio - ok
12:52:11.0853 5308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
12:52:11.0869 5308 lltdsvc - ok
12:52:11.0888 5308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
12:52:11.0891 5308 lmhosts - ok
12:52:11.0999 5308 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:52:12.0039 5308 LMS - ok
12:52:12.0088 5308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
12:52:12.0091 5308 LSI_FC - ok
12:52:12.0104 5308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
12:52:12.0107 5308 LSI_SAS - ok
12:52:12.0118 5308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:52:12.0120 5308 LSI_SAS2 - ok
12:52:12.0133 5308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:52:12.0136 5308 LSI_SCSI - ok
12:52:12.0164 5308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:52:12.0168 5308 luafv - ok
12:52:12.0230 5308 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
12:52:12.0237 5308 mcdbus - ok
12:52:12.0263 5308 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
12:52:12.0267 5308 Mcx2Svc - ok
12:52:12.0293 5308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
12:52:12.0295 5308 megasas - ok
12:52:12.0331 5308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
12:52:12.0347 5308 MegaSR - ok
12:52:12.0376 5308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:52:12.0379 5308 MMCSS - ok
12:52:12.0399 5308 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:52:12.0401 5308 Modem - ok
12:52:12.0425 5308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:52:12.0427 5308 monitor - ok
12:52:12.0442 5308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:52:12.0444 5308 mouclass - ok
12:52:12.0459 5308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:52:12.0461 5308 mouhid - ok
12:52:12.0481 5308 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
12:52:12.0483 5308 mountmgr - ok
12:52:12.0544 5308 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:52:12.0544 5308 MozillaMaintenance - ok
12:52:12.0564 5308 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
12:52:12.0564 5308 mpio - ok
12:52:12.0607 5308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:52:12.0609 5308 mpsdrv - ok
12:52:12.0696 5308 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
12:52:12.0717 5308 MpsSvc - ok
12:52:12.0747 5308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
12:52:12.0751 5308 MRxDAV - ok
12:52:12.0796 5308 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
12:52:12.0808 5308 mrxsmb - ok
12:52:12.0865 5308 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:52:12.0882 5308 mrxsmb10 - ok
12:52:12.0915 5308 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:52:12.0918 5308 mrxsmb20 - ok
12:52:12.0935 5308 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
12:52:12.0938 5308 msahci - ok
12:52:12.0963 5308 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
12:52:12.0966 5308 msdsm - ok
12:52:12.0996 5308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
12:52:12.0996 5308 MSDTC - ok
12:52:13.0026 5308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:52:13.0026 5308 Msfs - ok
12:52:13.0050 5308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:52:13.0051 5308 mshidkmdf - ok
12:52:13.0058 5308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
12:52:13.0058 5308 msisadrv - ok
12:52:13.0108 5308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
12:52:13.0118 5308 MSiSCSI - ok
12:52:13.0118 5308 msiserver - ok
12:52:13.0138 5308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:52:13.0148 5308 MSKSSRV - ok
12:52:13.0148 5308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:52:13.0158 5308 MSPCLOCK - ok
12:52:13.0168 5308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:52:13.0168 5308 MSPQM - ok
12:52:13.0210 5308 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
12:52:13.0230 5308 MsRPC - ok
12:52:13.0250 5308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:52:13.0250 5308 mssmbios - ok
12:52:13.0260 5308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:52:13.0260 5308 MSTEE - ok
12:52:13.0290 5308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
12:52:13.0290 5308 MTConfig - ok
12:52:13.0310 5308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:52:13.0310 5308 Mup - ok
12:52:13.0384 5308 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
12:52:13.0403 5308 napagent - ok
12:52:13.0437 5308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:52:13.0452 5308 NativeWifiP - ok
12:52:13.0532 5308 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
12:52:13.0548 5308 NDIS - ok
12:52:13.0571 5308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:52:13.0573 5308 NdisCap - ok
12:52:13.0594 5308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:52:13.0596 5308 NdisTapi - ok
12:52:13.0615 5308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
12:52:13.0617 5308 Ndisuio - ok
12:52:13.0646 5308 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
12:52:13.0651 5308 NdisWan - ok
12:52:13.0688 5308 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
12:52:13.0691 5308 NDProxy - ok
12:52:13.0712 5308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:52:13.0714 5308 NetBIOS - ok
12:52:13.0752 5308 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
12:52:13.0769 5308 NetBT - ok
12:52:13.0823 5308 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:52:13.0825 5308 Netlogon - ok
12:52:13.0893 5308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
12:52:13.0924 5308 Netman - ok
12:52:14.0080 5308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:14.0083 5308 NetMsmqActivator - ok
12:52:14.0090 5308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:14.0093 5308 NetPipeActivator - ok
12:52:14.0136 5308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
12:52:14.0145 5308 netprofm - ok
12:52:14.0154 5308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:14.0156 5308 NetTcpActivator - ok
12:52:14.0167 5308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:52:14.0169 5308 NetTcpPortSharing - ok
12:52:14.0588 5308 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
12:52:14.0728 5308 netw5v64 - ok
12:52:14.0832 5308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
12:52:14.0835 5308 nfrd960 - ok
12:52:14.0898 5308 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
12:52:14.0913 5308 NlaSvc - ok
12:52:14.0931 5308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:52:14.0933 5308 Npfs - ok
12:52:14.0952 5308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
12:52:14.0955 5308 nsi - ok
12:52:14.0963 5308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:52:14.0964 5308 nsiproxy - ok
12:52:15.0128 5308 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
12:52:15.0177 5308 Ntfs - ok
12:52:15.0315 5308 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:52:15.0316 5308 Null - ok
12:52:15.0373 5308 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
12:52:15.0376 5308 nvraid - ok
12:52:15.0423 5308 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
12:52:15.0435 5308 nvstor - ok
12:52:15.0461 5308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
12:52:15.0465 5308 nv_agp - ok
12:52:15.0527 5308 Oasis2Service (f5a3015dafc7ae80fc43f36558a19ba5) C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
12:52:15.0529 5308 Oasis2Service - ok
12:52:15.0545 5308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
12:52:15.0548 5308 ohci1394 - ok
12:52:15.0584 5308 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:52:15.0588 5308 ose - ok
12:52:15.0954 5308 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:52:16.0131 5308 osppsvc - ok
12:52:16.0274 5308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:52:16.0288 5308 p2pimsvc - ok
12:52:16.0337 5308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
12:52:16.0357 5308 p2psvc - ok
12:52:16.0400 5308 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
12:52:16.0403 5308 Parport - ok
12:52:16.0459 5308 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
12:52:16.0462 5308 partmgr - ok
12:52:16.0481 5308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
12:52:16.0486 5308 PcaSvc - ok
12:52:16.0517 5308 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
12:52:16.0528 5308 pci - ok
12:52:16.0543 5308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:52:16.0545 5308 pciide - ok
12:52:16.0578 5308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
12:52:16.0587 5308 pcmcia - ok
12:52:16.0608 5308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:52:16.0610 5308 pcw - ok
12:52:16.0667 5308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:52:16.0689 5308 PEAUTH - ok
12:52:16.0791 5308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
12:52:16.0794 5308 PerfHost - ok
12:52:16.0998 5308 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
12:52:17.0043 5308 pla - ok
12:52:17.0113 5308 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
12:52:17.0134 5308 PlugPlay - ok
12:52:17.0156 5308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
12:52:17.0160 5308 PNRPAutoReg - ok
12:52:17.0197 5308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:52:17.0203 5308 PNRPsvc - ok
12:52:17.0259 5308 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
12:52:17.0277 5308 PolicyAgent - ok
12:52:17.0320 5308 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
12:52:17.0332 5308 Power - ok
12:52:17.0386 5308 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
12:52:17.0389 5308 PptpMiniport - ok
12:52:17.0436 5308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
12:52:17.0438 5308 Processor - ok
12:52:17.0488 5308 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll
12:52:17.0498 5308 ProfSvc - ok
12:52:17.0544 5308 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:52:17.0547 5308 ProtectedStorage - ok
12:52:17.0576 5308 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
12:52:17.0580 5308 Psched - ok
12:52:17.0710 5308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
12:52:17.0751 5308 ql2300 - ok
12:52:17.0849 5308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
12:52:17.0859 5308 ql40xx - ok
12:52:17.0899 5308 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
12:52:17.0917 5308 QWAVE - ok
12:52:17.0938 5308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:52:17.0941 5308 QWAVEdrv - ok
12:52:17.0958 5308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:52:17.0981 5308 RasAcd - ok
12:52:18.0010 5308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:52:18.0012 5308 RasAgileVpn - ok
12:52:18.0033 5308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
12:52:18.0037 5308 RasAuto - ok
12:52:18.0062 5308 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
12:52:18.0065 5308 Rasl2tp - ok
12:52:18.0103 5308 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
12:52:18.0117 5308 RasMan - ok
12:52:18.0142 5308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:52:18.0145 5308 RasPppoe - ok
12:52:18.0180 5308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:52:18.0183 5308 RasSstp - ok
12:52:18.0218 5308 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
12:52:18.0233 5308 rdbss - ok
12:52:18.0255 5308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
12:52:18.0256 5308 rdpbus - ok
12:52:18.0277 5308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:52:18.0279 5308 RDPCDD - ok
12:52:18.0300 5308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:52:18.0302 5308 RDPENCDD - ok
12:52:18.0314 5308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:52:18.0316 5308 RDPREFMP - ok
12:52:18.0375 5308 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys
12:52:18.0385 5308 RDPWD - ok
12:52:18.0433 5308 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
12:52:18.0443 5308 rdyboost - ok
12:52:18.0489 5308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
12:52:18.0493 5308 RemoteAccess - ok
12:52:18.0534 5308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
12:52:18.0546 5308 RemoteRegistry - ok
12:52:18.0574 5308 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
12:52:18.0587 5308 RFCOMM - ok
12:52:18.0611 5308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
12:52:18.0615 5308 RpcEptMapper - ok
12:52:18.0637 5308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
12:52:18.0640 5308 RpcLocator - ok
12:52:18.0692 5308 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
12:52:18.0702 5308 RpcSs - ok
12:52:18.0742 5308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:52:18.0744 5308 rspndr - ok
12:52:18.0797 5308 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
12:52:18.0805 5308 RSUSBSTOR - ok
12:52:18.0839 5308 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
12:52:18.0847 5308 RTL8167 - ok
12:52:18.0867 5308 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:52:18.0870 5308 SamSs - ok
12:52:18.0921 5308 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
12:52:18.0933 5308 Samsung UPD Service - ok
12:52:18.0968 5308 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
12:52:18.0971 5308 sbp2port - ok
12:52:19.0009 5308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
12:52:19.0019 5308 SCardSvr - ok
12:52:19.0055 5308 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
12:52:19.0056 5308 scfilter - ok
12:52:19.0155 5308 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
12:52:19.0185 5308 Schedule - ok
12:52:19.0224 5308 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
12:52:19.0226 5308 SCPolicySvc - ok
12:52:19.0252 5308 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
12:52:19.0258 5308 SDRSVC - ok
12:52:19.0314 5308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:52:19.0316 5308 secdrv - ok
12:52:19.0335 5308 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
12:52:19.0338 5308 seclogon - ok
12:52:19.0360 5308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
12:52:19.0364 5308 SENS - ok
12:52:19.0374 5308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
12:52:19.0378 5308 SensrSvc - ok
12:52:19.0397 5308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
12:52:19.0398 5308 Serenum - ok
12:52:19.0417 5308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
12:52:19.0420 5308 Serial - ok
12:52:19.0429 5308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
12:52:19.0431 5308 sermouse - ok
12:52:19.0466 5308 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
12:52:19.0471 5308 SessionEnv - ok
12:52:19.0499 5308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
12:52:19.0501 5308 sffdisk - ok
12:52:19.0525 5308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
12:52:19.0527 5308 sffp_mmc - ok
12:52:19.0553 5308 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
12:52:19.0555 5308 sffp_sd - ok
12:52:19.0562 5308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
12:52:19.0564 5308 sfloppy - ok
12:52:19.0663 5308 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
12:52:19.0681 5308 Sftfs - ok
12:52:19.0834 5308 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:52:19.0867 5308 sftlist - ok
12:52:19.0938 5308 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
12:52:19.0957 5308 Sftplay - ok
12:52:19.0980 5308 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
12:52:19.0982 5308 Sftredir - ok
12:52:20.0002 5308 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
12:52:20.0005 5308 Sftvol - ok
12:52:20.0036 5308 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:52:20.0044 5308 sftvsa - ok
12:52:20.0121 5308 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
12:52:20.0132 5308 SharedAccess - ok
12:52:20.0186 5308 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
12:52:20.0196 5308 ShellHWDetection - ok
12:52:20.0227 5308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:52:20.0229 5308 SiSRaid2 - ok
12:52:20.0247 5308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
12:52:20.0249 5308 SiSRaid4 - ok
12:52:20.0324 5308 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:52:20.0336 5308 SkypeUpdate - ok
12:52:20.0349 5308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:52:20.0352 5308 Smb - ok
12:52:20.0388 5308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
12:52:20.0391 5308 SNMPTRAP - ok
12:52:20.0439 5308 Soluto (f9369327409492097b0bb7ce86bd29de) C:\windows\system32\DRIVERS\Soluto.sys
12:52:20.0441 5308 Soluto - ok
12:52:20.0605 5308 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
12:52:20.0625 5308 SolutoService - ok
12:52:20.0644 5308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:52:20.0646 5308 spldr - ok
12:52:20.0727 5308 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
12:52:20.0747 5308 Spooler - ok
12:52:20.0971 5308 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
12:52:21.0076 5308 sppsvc - ok
12:52:21.0183 5308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
12:52:21.0187 5308 sppuinotify - ok
12:52:21.0278 5308 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
12:52:21.0299 5308 srv - ok
12:52:21.0351 5308 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
12:52:21.0362 5308 srv2 - ok
12:52:21.0405 5308 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
12:52:21.0418 5308 srvnet - ok
12:52:21.0457 5308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
12:52:21.0465 5308 SSDPSRV - ok
12:52:21.0500 5308 ssmirrdr (1100066057fbf612b573efd3b21383f1) C:\windows\system32\DRIVERS\ssmirrdr.sys
12:52:21.0502 5308 ssmirrdr - ok
12:52:21.0516 5308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
12:52:21.0520 5308 SstpSvc - ok
12:52:21.0550 5308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
12:52:21.0552 5308 stexstor - ok
12:52:21.0616 5308 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
12:52:21.0632 5308 stisvc - ok
12:52:21.0656 5308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:52:21.0658 5308 swenum - ok
12:52:21.0715 5308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
12:52:21.0739 5308 swprv - ok
12:52:21.0873 5308 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
12:52:21.0932 5308 SysMain - ok
12:52:22.0041 5308 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
12:52:22.0046 5308 TabletInputService - ok
12:52:22.0088 5308 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
12:52:22.0103 5308 TapiSrv - ok
12:52:22.0135 5308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
12:52:22.0139 5308 TBS - ok
12:52:22.0322 5308 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
12:52:22.0382 5308 Tcpip - ok
12:52:22.0634 5308 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
12:52:22.0654 5308 TCPIP6 - ok
12:52:22.0734 5308 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
12:52:22.0734 5308 tcpipreg - ok
12:52:22.0754 5308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:52:22.0764 5308 TDPIPE - ok
12:52:22.0814 5308 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
12:52:22.0814 5308 TDTCP - ok
12:52:22.0834 5308 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
12:52:22.0844 5308 tdx - ok
12:52:23.0114 5308 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:52:23.0205 5308 TeamViewer7 - ok
12:52:23.0375 5308 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
12:52:23.0377 5308 TermDD - ok
12:52:23.0481 5308 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
12:52:23.0507 5308 TermService - ok
12:52:23.0531 5308 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
12:52:23.0535 5308 Themes - ok
12:52:23.0566 5308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:52:23.0568 5308 THREADORDER - ok
12:52:23.0599 5308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
12:52:23.0604 5308 TrkWks - ok
12:52:23.0647 5308 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
12:52:23.0651 5308 TrustedInstaller - ok
12:52:23.0697 5308 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
12:52:23.0699 5308 tssecsrv - ok
12:52:23.0732 5308 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
12:52:23.0755 5308 tunnel - ok
12:52:23.0808 5308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
12:52:23.0816 5308 uagp35 - ok
12:52:23.0871 5308 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
12:52:23.0884 5308 udfs - ok
12:52:23.0935 5308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
12:52:23.0941 5308 UI0Detect - ok
12:52:23.0970 5308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
12:52:23.0972 5308 uliagpkx - ok
12:52:24.0000 5308 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
12:52:24.0002 5308 umbus - ok
12:52:24.0033 5308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
12:52:24.0034 5308 UmPass - ok
12:52:24.0309 5308 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:52:24.0374 5308 UNS - ok
12:52:24.0524 5308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
12:52:24.0534 5308 upnphost - ok
12:52:24.0584 5308 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
12:52:24.0584 5308 USBAAPL64 - ok
12:52:24.0634 5308 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
12:52:24.0634 5308 usbaudio - ok
12:52:24.0684 5308 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
12:52:24.0684 5308 usbccgp - ok
12:52:24.0724 5308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
12:52:24.0724 5308 usbcir - ok
12:52:24.0754 5308 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
12:52:24.0754 5308 usbehci - ok
12:52:24.0804 5308 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
12:52:24.0814 5308 usbhub - ok
12:52:24.0854 5308 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
12:52:24.0854 5308 usbohci - ok
12:52:24.0874 5308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:52:24.0874 5308 usbprint - ok
12:52:24.0924 5308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:52:24.0924 5308 usbscan - ok
12:52:24.0984 5308 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:52:24.0994 5308 USBSTOR - ok
12:52:25.0014 5308 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
12:52:25.0014 5308 usbuhci - ok
12:52:25.0064 5308 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
12:52:25.0074 5308 usbvideo - ok
12:52:25.0094 5308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
12:52:25.0094 5308 UxSms - ok
12:52:25.0154 5308 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
12:52:25.0154 5308 VaultSvc - ok
12:52:25.0214 5308 VBoxDrv (0480981ebec902c763f83007274496ca) C:\windows\system32\DRIVERS\VBoxDrv.sys
12:52:25.0224 5308 VBoxDrv - ok
12:52:25.0273 5308 VBoxUSBMon (8908bb024508e71413b807ab3715ad97) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
12:52:25.0274 5308 VBoxUSBMon - ok
12:52:25.0294 5308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
12:52:25.0294 5308 vdrvroot - ok
12:52:25.0334 5308 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
12:52:25.0354 5308 vds - ok
12:52:25.0374 5308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:52:25.0374 5308 vga - ok
12:52:25.0394 5308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:52:25.0394 5308 VgaSave - ok
12:52:25.0424 5308 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
12:52:25.0424 5308 vhdmp - ok
12:52:25.0444 5308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
12:52:25.0444 5308 viaide - ok
12:52:25.0474 5308 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
12:52:25.0474 5308 volmgr - ok
12:52:25.0514 5308 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
12:52:25.0524 5308 volmgrx - ok
12:52:25.0554 5308 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
12:52:25.0564 5308 volsnap - ok
12:52:25.0584 5308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
12:52:25.0604 5308 vsmraid - ok
12:52:25.0804 5308 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
12:52:25.0854 5308 VSS - ok
12:52:25.0964 5308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:52:25.0974 5308 vwifibus - ok
12:52:25.0984 5308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:52:25.0994 5308 vwififlt - ok
12:52:26.0014 5308 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:52:26.0014 5308 vwifimp - ok
12:52:26.0054 5308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
12:52:26.0064 5308 W32Time - ok
12:52:26.0097 5308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
12:52:26.0099 5308 WacomPen - ok
12:52:26.0126 5308 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:52:26.0126 5308 WANARP - ok
12:52:26.0126 5308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:52:26.0136 5308 Wanarpv6 - ok
12:52:26.0276 5308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
12:52:26.0306 5308 WatAdminSvc - ok
12:52:26.0426 5308 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
12:52:26.0466 5308 wbengine - ok
12:52:26.0588 5308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
12:52:26.0598 5308 WbioSrvc - ok
12:52:26.0668 5308 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
12:52:26.0688 5308 wcncsvc - ok
12:52:26.0708 5308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
12:52:26.0718 5308 WcsPlugInService - ok
12:52:26.0758 5308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
12:52:26.0758 5308 Wd - ok
12:52:26.0828 5308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:52:26.0838 5308 Wdf01000 - ok
12:52:26.0868 5308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:52:26.0868 5308 WdiServiceHost - ok
12:52:26.0881 5308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:52:26.0885 5308 WdiSystemHost - ok
12:52:26.0940 5308 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
12:52:26.0980 5308 WebClient - ok
12:52:27.0080 5308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
12:52:27.0120 5308 Wecsvc - ok
12:52:27.0170 5308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
12:52:27.0170 5308 wercplsupport - ok
12:52:27.0220 5308 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
12:52:27.0230 5308 WerSvc - ok
12:52:27.0330 5308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:52:27.0330 5308 WfpLwf - ok
12:52:27.0360 5308 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
12:52:27.0370 5308 WimFltr - ok
12:52:27.0400 5308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:52:27.0410 5308 WIMMount - ok
12:52:27.0430 5308 WinDefend - ok
12:52:27.0440 5308 WinHttpAutoProxySvc - ok
12:52:27.0570 5308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
12:52:27.0578 5308 Winmgmt - ok
12:52:27.0760 5308 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
12:52:27.0819 5308 WinRM - ok
12:52:27.0979 5308 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
12:52:27.0981 5308 WinUsb - ok
12:52:28.0087 5308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
12:52:28.0115 5308 Wlansvc - ok
12:52:28.0186 5308 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:52:28.0188 5308 wlcrasvc - ok
12:52:28.0401 5308 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:52:28.0467 5308 wlidsvc - ok
12:52:28.0615 5308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
12:52:28.0615 5308 WmiAcpi - ok
12:52:28.0695 5308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
12:52:28.0705 5308 wmiApSrv - ok
12:52:28.0735 5308 WMPNetworkSvc - ok
12:52:28.0775 5308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
12:52:28.0775 5308 WPCSvc - ok
12:52:28.0805 5308 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
12:52:28.0805 5308 WPDBusEnum - ok
12:52:28.0825 5308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:52:28.0825 5308 ws2ifsl - ok
12:52:28.0875 5308 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
12:52:28.0875 5308 wscsvc - ok
12:52:28.0885 5308 WSearch - ok
12:52:28.0935 5308 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
12:52:28.0935 5308 wsvd - ok
12:52:29.0125 5308 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
12:52:29.0195 5308 wuauserv - ok
12:52:29.0355 5308 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
12:52:29.0365 5308 WudfPf - ok
12:52:29.0395 5308 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
12:52:29.0405 5308 WUDFRd - ok
12:52:29.0468 5308 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
12:52:29.0472 5308 wudfsvc - ok
12:52:29.0506 5308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
12:52:29.0524 5308 WwanSvc - ok
12:52:29.0564 5308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:52:29.0853 5308 \Device\Harddisk0\DR0 - ok
12:52:29.0861 5308 Boot (0x1200) (734ab96d77d4cf2a1869cbf7f43d5f21) \Device\Harddisk0\DR0\Partition0
12:52:29.0863 5308 \Device\Harddisk0\DR0\Partition0 - ok
12:52:29.0889 5308 Boot (0x1200) (705fd9f7b8e2e444a4e439351504e547) \Device\Harddisk0\DR0\Partition1
12:52:29.0892 5308 \Device\Harddisk0\DR0\Partition1 - ok
12:52:29.0927 5308 Boot (0x1200) (58cbdffbc326f0b1effcf175b1e784a1) \Device\Harddisk0\DR0\Partition2
12:52:29.0930 5308 \Device\Harddisk0\DR0\Partition2 - ok
12:52:29.0931 5308 ============================================================
12:52:29.0931 5308 Scan finished
12:52:29.0931 5308 ============================================================
12:52:29.0951 5656 Detected object count: 0
12:52:29.0951 5656 Actual detected object count: 0

Edited by SilentScope001, 17 June 2012 - 01:36 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 02:38 PM

Greetings

How is the computer doing at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 03:03 PM

The computer is doing fine, and there has been no redirects when I use Google now. So it looks like this specific problem is fixed.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 03:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

DDS::
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

Firefox::
FF - ProfilePath - c:\users\Tariq Ali\AppData\Roaming\Mozilla\Firefox\Profiles\m6twpxns.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61232

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 04:28 PM

1) Once again, I got the "an illegal operation being attempted on a registery key", and I can confirm this is being related to PalTalk, which was running at the time. However, Paltalk immediately closed, and the computer did restart eventually.

ComboFix 12-06-16.02 - Tariq Ali 06/17/2012 16:02:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1523 [GMT -5:00]
Running from: c:\users\Tariq Ali\Downloads\ComboFix.exe
Command switches used :: c:\users\Tariq Ali\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 21:14 . 2012-06-17 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 19:36 . 2012-06-17 19:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21A81204-084C-4301-96EA-0A3B08B39725}\offreg.dll
2012-06-17 17:43 . 2012-06-17 17:44 -------- d-----w- c:\users\Tariq Ali\AppData\Roaming\Trillian
2012-06-17 17:42 . 2012-06-17 17:43 -------- d-----w- c:\program files (x86)\Trillian
2012-06-15 23:52 . 2012-06-15 23:52 -------- d-----w- c:\users\Tariq Ali\AppData\Local\Unity
2012-06-12 22:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-10 00:55 . 2012-06-10 00:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-10 00:55 . 2012-06-10 00:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-10 00:55 . 2012-06-10 00:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-08 22:38 . 2012-06-08 22:38 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-06-08 22:38 . 2012-06-08 22:38 -------- d-----w- c:\users\Tariq Ali\AppData\Roaming\SystemRequirementsLab
2012-05-22 19:12 . 2012-05-22 19:15 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-22 19:12 . 2012-05-22 19:12 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-22 19:12 . 2012-05-22 19:12 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-22 19:12 . 2012-05-22 19:12 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-22 19:12 . 2012-05-22 19:12 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-22 19:12 . 2012-05-22 19:12 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-05-22 19:12 . 2012-05-22 19:12 144384 ----a-w- c:\windows\system32\cdd.dll
2012-05-22 19:12 . 2012-05-22 19:12 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-05-22 19:12 . 2012-05-22 19:12 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 18:05 . 2012-06-12 15:11 -------- d-----w- c:\users\Tariq Ali\Quran
2012-05-22 05:08 . 2012-05-22 05:08 0 ----a-w- c:\windows\SysWow64\shoD15B.tmp
2012-05-19 20:22 . 2006-07-07 17:40 73728 ------w- c:\windows\SysWow64\BRCrypt.dll
2012-05-19 20:22 . 2008-08-24 00:17 118784 ------w- c:\windows\SysWow64\BrMfNt.dll
2012-05-19 20:22 . 2002-11-26 18:43 106496 ------w- c:\windows\SysWow64\BrMuSNMP.dll
2012-05-19 20:22 . 2008-10-18 01:04 179712 ------w- c:\windows\system32\BrfxDA5b.dll
2012-05-19 20:22 . 2012-05-19 20:37 -------- d-----w- c:\program files (x86)\Brother
2012-05-19 20:22 . 2008-06-17 20:33 167936 ------w- c:\windows\SysWow64\NSSearch.dll
2012-05-19 20:20 . 2012-05-19 20:20 -------- d-----w- c:\programdata\Brother
2012-05-19 18:32 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-05-19 18:31 . 2012-05-19 18:31 -------- d-----w- c:\program files\Common Files\Bullzip
2012-05-19 18:31 . 2010-09-27 13:29 135168 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-05-19 18:31 . 2008-10-30 13:29 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-05-19 18:31 . 2008-07-09 13:29 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-05-19 18:31 . 2012-03-27 13:29 216064 ----a-w- c:\windows\system32\bzpdf.dll
2012-05-19 18:31 . 2012-05-19 18:31 -------- d-----w- c:\program files\Bullzip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 00:13 . 2012-03-07 23:28 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-06 19:39 . 2012-04-06 19:39 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-06 19:39 . 2012-04-06 19:39 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-06 19:39 . 2012-04-06 19:39 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-06 19:39 . 2012-04-06 19:39 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-04 20:56 . 2011-05-23 01:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:09 . 2012-05-11 15:52 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2006-10-12 03:09 94208 --sh--w- c:\windows\SysWOW64\SalaatTime.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-17_15.59.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-17 15:57 . 2012-06-17 15:57 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-06-17 21:14 . 2012-06-17 21:14 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-04 08:31 . 2012-06-17 19:36 72558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-17 21:17 46866 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-04 02:22 . 2012-06-17 21:17 21472 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-657421210-406520831-2180993659-1000_UserData.bin
- 2011-05-01 23:58 . 2012-06-16 19:31 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-01 23:58 . 2012-06-17 16:09 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-01 23:58 . 2012-06-17 16:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-01 23:58 . 2012-06-16 19:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 16:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-16 19:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-14 04:49 . 2012-06-17 18:37 4276 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-05-14 04:49 . 2012-06-16 05:41 4276 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-17 15:58 . 2012-06-17 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 21:15 . 2012-06-17 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 21:15 . 2012-06-17 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-17 15:58 . 2012-06-17 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-17 15:01 688128 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-17 19:33 688128 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 00:50 . 2012-06-17 20:56 297802 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-05-22 19:26 . 2012-06-17 21:14 153816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-22 19:26 . 2012-06-17 15:57 153816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-17 15:57 296576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-17 21:14 296576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-17 15:01 3588096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 19:33 3588096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 19:33 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 15:01 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 20:07 . 2012-06-17 21:14 1586353 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-657421210-406520831-2180993659-1000-8192.dat
- 2011-05-09 20:07 . 2012-06-17 15:57 1586353 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-657421210-406520831-2180993659-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 18:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files (x86)\Salaat Time\SalaatTime.exe" [2010-09-14 15376384]
"Facebook Update"="c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-24 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
.
c:\users\Tariq Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2012-4-30 7968008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-10 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-25 584224]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-657421210-406520831-2180993659-1000Core.job
- c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24 07:15]
.
2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-657421210-406520831-2180993659-1000UA.job
- c:\users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-24 07:15]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 16:59]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 16:59]
.
2012-06-03 c:\windows\Tasks\Norton Security Scan for Tariq Ali.job
- c:\progra~2\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-17 07:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-04-04 09:05 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetUrl.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tariq Ali\AppData\Roaming\Mozilla\Firefox\Profiles\m6twpxns.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-06-17 16:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 21:25
ComboFix2.txt 2012-06-17 16:08
.
Pre-Run: 180,432,269,312 bytes free
Post-Run: 180,199,505,920 bytes free
.
- - End Of File - - 42807A226DABE5E7A053B6408DF5CE53
===
EDIT: New information. While browsing in Google on something unrelated, I was redirected to http://click.findsearchengineresults.com/ads-clicktrack/click/jump1.do?sid=wbJcKIsCLHsGHu74gi3x2qZ34teNcg1QStzU0jM2zqsj5YN5IdCUmw%3D%3D&affiliate=48640&subid=12780&rc=0&terms=san%20fix%20errors%20usb . This didn't actually load anything I could see (luckily)...however, it does indicate that the redirection virus may still on my computer.

Edited by SilentScope001, 17 June 2012 - 05:08 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 06:06 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.0.1
Ask Toolbar
Ask Toolbar Updater
Bing Bar
Bing Rewards Client Installer
Paltalk Messenger
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 17 June 2012 - 11:06 PM

Again, thank you for helping me out with this.

1) I have once again been "Google redirected", which probably is enough confirmation that whatever is causing the Google redirects is still there. Other than that, I have followed every step you have told me. Here are the logs you have requested.
===
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tariq Ali :: TARIQALI-PC [administrator]

6/17/2012 10:36:55 PM
mbam-log-2012-06-17 (22-36-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211647
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:14 PM, on 6/17/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Salaat Time\SalaatTime.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files (x86)\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tariq Ali\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - Startup: Facebook Messenger.lnk = C:\Users\Tariq Ali\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tariq Ali\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13424 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 17 June 2012 - 11:34 PM

Greetings


in which browsers are the redirect happening - please verify all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 18 June 2012 - 09:41 AM

It is only happening in Google Chrome.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 18 June 2012 - 09:51 AM

Greetings


Lets uninstall chrome and if it asks about user data or settings then remove that also


restart the computer and reinstall chrome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 SilentScope001

SilentScope001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 18 June 2012 - 11:40 AM

After uninstalling and reinstalling Google, I have not yet been redirected, though maybe the redirections may happen in the near future. I'll keep you updated.

Anything else?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users