Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe my pc is infected with the google redirect virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 nopopup

nopopup

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 11 July 2012 - 11:35 AM

For the most of the time, once in every two clicks on the sites I searched using google, the internet explorer creates new tab automatically and every one of the new tabs is an advertisement. This started happening yesterday morning which is about 26 hours ago. I'm writing this with my infected pc I'm just worried if my other computers would get infected from going onto the internet. I already have researched about this issue and tried several solution methods but didn't help. I have scanned the pc with tdsskiller from kaspersky but the only thing it caught was sptd.dll or something but it's explained as only "suspicious". So im currently using ask.com for search engine and it seems it does not cause any redirect virus thing. Oh yea, one more weird thing is that ever since the google redirect virus, one of my games won't run. It's NBA2k12. Other games run perfectly but just this game doesn't.
Please help me
Here is my dds log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Park at 12:16:47 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8191.5683 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Park\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Park\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uStart Page = hxxp://search.avira.com/?q=&o=APN10400&l=dis&qsrc=119&gct=bar&locale=en_US&dc=us
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Akamai NetSession Interface] C:\Users\Park\AppData\Local\Akamai\netsession_win.exe
uRun: [Adobe] rundll32.exe "C:\Users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll",CreateInstance
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
dRun: [Adobe] rundll32.exe "C:\Users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Park\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMStarter.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://c9.hangame.com/common/HanSetup1030.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} - hxxp://www.kiwidisk.com/app/KiwidiskCtrl.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://hancdn.hangame.com/pub/plii/real/PubPlugin.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{44BB822E-7A9B-48F0-B529-33FE1AEA9A9D} : DhcpNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
AppInit_DLLs: ? C:\Windows\SysWOW64\guard32.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
AppInit_DLLs-X64: ? C:\Windows\SysWOW64\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-24 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-24 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-24 465360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-29 517632]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-9-3 130000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-17 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 JRSUKD25;JRSUKD25;\??\C:\Windows\system32\JRSUKD25.SYS --> C:\Windows\system32\JRSUKD25.SYS [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-12 136176]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-16 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-12 136176]
S3 JRSKD24;JRSKD24;\??\C:\Windows\system32\JRSKD24.SYS --> C:\Windows\system32\JRSKD24.SYS [?]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\rakion64.sys [2012-4-14 45176]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-2-25 19952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2011-12-26 677984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-07-11 14:58:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 13:25:06 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-07-11 12:53:49 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-11 12:15:16 -------- d-----w- C:\Backreg
2012-07-11 04:51:50 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 04:14:01 -------- d-----w- C:\ProgramData\RegRun
2012-07-11 04:13:57 2 --shatr- C:\Windows\winstart.bat
2012-07-11 04:13:51 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2012-07-11 04:13:47 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-07-11 03:31:39 -------- d-----w- C:\Users\Park\AppData\Local\AskToolbar
2012-07-11 03:27:43 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-07-11 02:36:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-09 16:59:56 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim - Misha with ADEC bodytexture
2012-07-09 14:21:59 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim - Misha ONLY
2012-07-09 13:24:22 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim - envision face ONLY1
2012-07-08 21:19:38 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-07-05 20:41:29 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim - succubus with other mods
2012-07-03 19:29:56 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim - Tiffany
2012-07-03 12:39:31 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-06-26 20:50:32 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim character save1 naver with other mods
2012-06-24 13:34:22 -------- d-----w- C:\Users\Park\AppData\Roaming\Avira
2012-06-24 13:28:47 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-24 13:28:46 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-24 13:28:42 -------- d-----w- C:\ProgramData\Avira
2012-06-24 13:28:41 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-23 10:06:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 10:06:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 10:05:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 10:05:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 15:38:12 405176 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-15 14:51:20 -------- d-----w- C:\Users\Park\AppData\Local\{EB0295CE-868F-4213-AF2A-2D5CC6E9BD16}
2012-06-14 00:53:22 -------- d-----w- C:\Users\Park\AppData\Local\{EB8A3B37-E226-47F3-8B0B-F49BCF31C938}
2012-06-14 00:14:12 -------- d-----w- C:\Users\Park\AppData\Local\{2AE9DA38-2777-4BB4-A581-7DD37757B035}
2012-06-13 05:08:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 05:08:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:08:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 05:07:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 05:07:34 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 05:07:33 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 05:07:16 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 12:12:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 12:12:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2011-06-03 20:25:52 625984 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
.
============= FINISH: 12:18:40.11 ===============

Attached Files


Edited by nopopup, 11 July 2012 - 11:53 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 11 July 2012 - 02:31 PM

Greetings nopopup and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please allow me some time to review the information you have provided. I will post back as soon as possible.

In the meantime I would like you to post the TDSSKiller log which was produced at the competion of its run. It is most likely located at C:\TDSSKiller.txt. Please copy and paste the contents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 11 July 2012 - 02:57 PM

This log is from the TDSSkiller. I have scanned 3 times today and this one is the most recent one. The results were all the same.
It was sptd.sys. NOT sptd.dll sorry about that.



00:21:47.0276 7072 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
00:21:49.0304 7072 ============================================================
00:21:49.0304 7072 Current date / time: 2012/07/11 00:21:49.0304
00:21:49.0304 7072 SystemInfo:
00:21:49.0304 7072
00:21:50.0006 7072 OS Version: 6.1.7601 ServicePack: 1.0
00:21:50.0006 7072 Product type: Workstation
00:21:50.0006 7072 ComputerName: PARK-PC
00:21:50.0006 7072 UserName: Park
00:21:50.0006 7072 Windows directory: C:\Windows
00:21:50.0006 7072 System windows directory: C:\Windows
00:21:50.0006 7072 Running under WOW64
00:21:50.0006 7072 Processor architecture: Intel x64
00:21:50.0006 7072 Number of processors: 4
00:21:50.0006 7072 Page size: 0x1000
00:21:50.0006 7072 Boot type: Normal boot
00:21:50.0006 7072 ============================================================
00:21:52.0471 7072 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:21:52.0565 7072 ============================================================
00:21:52.0565 7072 \Device\Harddisk0\DR0:
00:21:52.0565 7072 MBR partitions:
00:21:52.0565 7072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48C9FCB1
00:21:52.0565 7072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48C9FCF0, BlocksNum 0x1BB71D1
00:21:52.0565 7072 ============================================================
00:21:52.0596 7072 C: <-> \Device\Harddisk0\DR0\Partition0
00:21:52.0658 7072 D: <-> \Device\Harddisk0\DR0\Partition1
00:21:52.0658 7072 ============================================================
00:21:52.0658 7072 Initialize success
00:21:52.0658 7072 ============================================================
00:22:01.0238 5664 ============================================================
00:22:01.0238 5664 Scan started
00:22:01.0238 5664 Mode: Manual;
00:22:01.0238 5664 ============================================================
00:22:02.0673 5664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:22:02.0673 5664 1394ohci - ok
00:22:02.0751 5664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:22:02.0751 5664 ACPI - ok
00:22:02.0814 5664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:22:02.0814 5664 AcpiPmi - ok
00:22:03.0001 5664 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:22:03.0001 5664 AdobeARMservice - ok
00:22:03.0126 5664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:22:03.0126 5664 adp94xx - ok
00:22:03.0188 5664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:22:03.0188 5664 adpahci - ok
00:22:03.0204 5664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:22:03.0219 5664 adpu320 - ok
00:22:03.0329 5664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:22:03.0344 5664 AeLookupSvc - ok
00:22:03.0516 5664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:22:03.0531 5664 AFD - ok
00:22:03.0547 5664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:22:03.0547 5664 agp440 - ok
00:22:03.0578 5664 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:22:03.0594 5664 ALG - ok
00:22:03.0609 5664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:22:03.0609 5664 aliide - ok
00:22:03.0625 5664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:22:03.0625 5664 amdide - ok
00:22:03.0641 5664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:22:03.0656 5664 AmdK8 - ok
00:22:03.0672 5664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:22:03.0672 5664 AmdPPM - ok
00:22:03.0703 5664 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
00:22:03.0703 5664 amdsata - ok
00:22:03.0734 5664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:22:03.0734 5664 amdsbs - ok
00:22:03.0750 5664 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
00:22:03.0750 5664 amdxata - ok
00:22:03.0875 5664 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:22:03.0875 5664 AntiVirSchedulerService - ok
00:22:03.0921 5664 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:22:03.0921 5664 AntiVirService - ok
00:22:04.0031 5664 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:22:04.0031 5664 AntiVirWebService - ok
00:22:04.0109 5664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:22:04.0109 5664 AppID - ok
00:22:04.0155 5664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:22:04.0155 5664 AppIDSvc - ok
00:22:04.0218 5664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:22:04.0218 5664 Appinfo - ok
00:22:04.0343 5664 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:22:04.0343 5664 Apple Mobile Device - ok
00:22:04.0405 5664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:22:04.0405 5664 arc - ok
00:22:04.0421 5664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:22:04.0421 5664 arcsas - ok
00:22:04.0545 5664 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:22:04.0545 5664 aspnet_state - ok
00:22:04.0577 5664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:22:04.0577 5664 AsyncMac - ok
00:22:04.0639 5664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:22:04.0639 5664 atapi - ok
00:22:04.0701 5664 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
00:22:04.0701 5664 atksgt - ok
00:22:04.0842 5664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:22:04.0842 5664 AudioEndpointBuilder - ok
00:22:04.0857 5664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:22:04.0857 5664 AudioSrv - ok
00:22:04.0967 5664 Autodesk Licensing Service (95e684e3f80c1e22bde3b96a20b03831) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
00:22:04.0967 5664 Autodesk Licensing Service - ok
00:22:04.0998 5664 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:04.0998 5664 avgntflt - ok
00:22:05.0029 5664 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
00:22:05.0045 5664 avipbb - ok
00:22:05.0045 5664 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:22:05.0045 5664 avkmgr - ok
00:22:05.0138 5664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:22:05.0138 5664 AxInstSV - ok
00:22:05.0263 5664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:22:05.0279 5664 b06bdrv - ok
00:22:05.0357 5664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:22:05.0357 5664 b57nd60a - ok
00:22:05.0435 5664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:22:05.0435 5664 BDESVC - ok
00:22:05.0450 5664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:22:05.0450 5664 Beep - ok
00:22:05.0575 5664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:22:05.0591 5664 BFE - ok
00:22:05.0747 5664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:22:05.0762 5664 BITS - ok
00:22:05.0809 5664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:05.0809 5664 blbdrive - ok
00:22:05.0981 5664 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:22:05.0981 5664 Bonjour Service - ok
00:22:06.0043 5664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:22:06.0043 5664 bowser - ok
00:22:06.0074 5664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:06.0074 5664 BrFiltLo - ok
00:22:06.0090 5664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:06.0090 5664 BrFiltUp - ok
00:22:06.0152 5664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:22:06.0152 5664 Browser - ok
00:22:06.0183 5664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:22:06.0199 5664 Brserid - ok
00:22:06.0215 5664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:06.0215 5664 BrSerWdm - ok
00:22:06.0230 5664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:06.0230 5664 BrUsbMdm - ok
00:22:06.0230 5664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:06.0230 5664 BrUsbSer - ok
00:22:06.0293 5664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:06.0293 5664 BTHMODEM - ok
00:22:06.0371 5664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:22:06.0371 5664 bthserv - ok
00:22:06.0417 5664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:22:06.0417 5664 cdfs - ok
00:22:06.0511 5664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:22:06.0511 5664 cdrom - ok
00:22:06.0573 5664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:22:06.0573 5664 CertPropSvc - ok
00:22:06.0589 5664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:22:06.0589 5664 circlass - ok
00:22:06.0651 5664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:22:06.0651 5664 CLFS - ok
00:22:06.0745 5664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:22:06.0745 5664 clr_optimization_v2.0.50727_32 - ok
00:22:06.0823 5664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:22:06.0823 5664 clr_optimization_v2.0.50727_64 - ok
00:22:06.0901 5664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:22:06.0901 5664 clr_optimization_v4.0.30319_32 - ok
00:22:06.0948 5664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:22:06.0948 5664 clr_optimization_v4.0.30319_64 - ok
00:22:06.0979 5664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:06.0995 5664 CmBatt - ok
00:22:07.0447 5664 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
00:22:07.0463 5664 cmdAgent - ok
00:22:07.0665 5664 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
00:22:07.0665 5664 cmdGuard - ok
00:22:07.0681 5664 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
00:22:07.0681 5664 cmdHlp - ok
00:22:07.0728 5664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:22:07.0728 5664 cmdide - ok
00:22:07.0821 5664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:22:07.0821 5664 CNG - ok
00:22:07.0899 5664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:22:07.0899 5664 Compbatt - ok
00:22:07.0931 5664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:22:07.0931 5664 CompositeBus - ok
00:22:07.0977 5664 COMSysApp - ok
00:22:08.0040 5664 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
00:22:08.0040 5664 cpuz133 - ok
00:22:08.0102 5664 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
00:22:08.0102 5664 cpuz135 - ok
00:22:08.0118 5664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:08.0118 5664 crcdisk - ok
00:22:08.0211 5664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:22:08.0211 5664 CryptSvc - ok
00:22:08.0321 5664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:22:08.0336 5664 DcomLaunch - ok
00:22:08.0399 5664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:22:08.0399 5664 defragsvc - ok
00:22:08.0633 5664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:22:08.0633 5664 DfsC - ok
00:22:08.0851 5664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:22:08.0851 5664 Dhcp - ok
00:22:08.0882 5664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:22:08.0882 5664 discache - ok
00:22:08.0913 5664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:22:08.0929 5664 Disk - ok
00:22:08.0991 5664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:22:09.0007 5664 Dnscache - ok
00:22:09.0069 5664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:22:09.0069 5664 dot3svc - ok
00:22:09.0132 5664 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:22:09.0132 5664 Dot4 - ok
00:22:09.0179 5664 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:22:09.0179 5664 Dot4Print - ok
00:22:09.0210 5664 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:22:09.0210 5664 dot4usb - ok
00:22:09.0288 5664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:22:09.0288 5664 DPS - ok
00:22:09.0350 5664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:22:09.0350 5664 drmkaud - ok
00:22:09.0397 5664 dump_wmimmc - ok
00:22:09.0522 5664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:22:09.0537 5664 DXGKrnl - ok
00:22:09.0553 5664 EagleX64 - ok
00:22:09.0631 5664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:22:09.0631 5664 EapHost - ok
00:22:10.0021 5664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:22:10.0068 5664 ebdrv - ok
00:22:10.0239 5664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:22:10.0239 5664 EFS - ok
00:22:10.0411 5664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:22:10.0411 5664 ehRecvr - ok
00:22:10.0473 5664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:22:10.0473 5664 ehSched - ok
00:22:10.0598 5664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:22:10.0598 5664 elxstor - ok
00:22:10.0645 5664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:22:10.0645 5664 ErrDev - ok
00:22:10.0754 5664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:22:10.0754 5664 EventSystem - ok
00:22:10.0801 5664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:22:10.0801 5664 exfat - ok
00:22:10.0848 5664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:22:10.0848 5664 fastfat - ok
00:22:10.0973 5664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:22:10.0988 5664 Fax - ok
00:22:11.0004 5664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:22:11.0004 5664 fdc - ok
00:22:11.0004 5664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:22:11.0019 5664 fdPHost - ok
00:22:11.0035 5664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:22:11.0035 5664 FDResPub - ok
00:22:11.0035 5664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:22:11.0051 5664 FileInfo - ok
00:22:11.0066 5664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:22:11.0066 5664 Filetrace - ok
00:22:11.0222 5664 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:22:11.0222 5664 FLEXnet Licensing Service - ok
00:22:11.0721 5664 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:22:11.0737 5664 FLEXnet Licensing Service 64 - ok
00:22:11.0940 5664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:11.0940 5664 flpydisk - ok
00:22:12.0033 5664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:22:12.0049 5664 FltMgr - ok
00:22:12.0174 5664 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
00:22:12.0189 5664 FontCache - ok
00:22:12.0283 5664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:22:12.0283 5664 FontCache3.0.0.0 - ok
00:22:12.0330 5664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:22:12.0330 5664 FsDepends - ok
00:22:12.0377 5664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:22:12.0392 5664 Fs_Rec - ok
00:22:12.0470 5664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:22:12.0470 5664 fvevol - ok
00:22:12.0501 5664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:12.0501 5664 gagp30kx - ok
00:22:12.0579 5664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:22:12.0579 5664 GEARAspiWDM - ok
00:22:12.0642 5664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:22:12.0642 5664 gpsvc - ok
00:22:12.0829 5664 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:12.0829 5664 gupdate - ok
00:22:12.0845 5664 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:12.0845 5664 gupdatem - ok
00:22:12.0923 5664 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:22:12.0923 5664 gusvc - ok
00:22:12.0938 5664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:22:12.0938 5664 hcw85cir - ok
00:22:13.0032 5664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:22:13.0047 5664 HdAudAddService - ok
00:22:13.0079 5664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:22:13.0079 5664 HDAudBus - ok
00:22:13.0094 5664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:13.0094 5664 HidBatt - ok
00:22:13.0110 5664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:22:13.0110 5664 HidBth - ok
00:22:13.0125 5664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:22:13.0125 5664 HidIr - ok
00:22:13.0172 5664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:22:13.0172 5664 hidserv - ok
00:22:13.0203 5664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:22:13.0203 5664 HidUsb - ok
00:22:13.0250 5664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:22:13.0250 5664 hkmsvc - ok
00:22:13.0359 5664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:22:13.0359 5664 HomeGroupListener - ok
00:22:13.0422 5664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:22:13.0437 5664 HomeGroupProvider - ok
00:22:13.0578 5664 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:22:13.0578 5664 HP Health Check Service - ok
00:22:13.0593 5664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:22:13.0593 5664 HpSAMD - ok
00:22:13.0703 5664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:22:13.0703 5664 HTTP - ok
00:22:13.0749 5664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:22:13.0749 5664 hwpolicy - ok
00:22:13.0796 5664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:22:13.0796 5664 i8042prt - ok
00:22:13.0827 5664 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
00:22:13.0827 5664 iaStorV - ok
00:22:14.0030 5664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:22:14.0046 5664 idsvc - ok
00:22:14.0186 5664 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
00:22:14.0186 5664 IHA_MessageCenter - ok
00:22:14.0389 5664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:22:14.0405 5664 iirsp - ok
00:22:14.0670 5664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:22:14.0685 5664 IKEEXT - ok
00:22:14.0763 5664 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
00:22:14.0763 5664 inspect - ok
00:22:14.0997 5664 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
00:22:15.0013 5664 IntcAzAudAddService - ok
00:22:15.0185 5664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:22:15.0185 5664 intelide - ok
00:22:15.0231 5664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:15.0231 5664 intelppm - ok
00:22:15.0278 5664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:22:15.0278 5664 IPBusEnum - ok
00:22:15.0341 5664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:15.0341 5664 IpFilterDriver - ok
00:22:15.0434 5664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:22:15.0434 5664 iphlpsvc - ok
00:22:15.0512 5664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:22:15.0512 5664 IPMIDRV - ok
00:22:15.0543 5664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:22:15.0559 5664 IPNAT - ok
00:22:15.0731 5664 iPod Service (844b87302d856f8eb32a38c35969734a) C:\Program Files\iPod\bin\iPodService.exe
00:22:15.0746 5664 iPod Service - ok
00:22:15.0777 5664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:22:15.0777 5664 IRENUM - ok
00:22:15.0793 5664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:22:15.0793 5664 isapnp - ok
00:22:15.0887 5664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:22:15.0887 5664 iScsiPrt - ok
00:22:15.0918 5664 JRSKD24 (2b9b87269b1d31f261990049a5f5bfa5) C:\Windows\system32\JRSKD24.SYS
00:22:15.0918 5664 JRSKD24 - ok
00:22:15.0949 5664 JRSUKD25 (6d15a689c9ef15041ce876ff662db6e1) C:\Windows\system32\JRSUKD25.SYS
00:22:15.0965 5664 JRSUKD25 - ok
00:22:15.0996 5664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:15.0996 5664 kbdclass - ok
00:22:16.0043 5664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:22:16.0043 5664 kbdhid - ok
00:22:16.0105 5664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:16.0105 5664 KeyIso - ok
00:22:16.0121 5664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:22:16.0121 5664 KSecDD - ok
00:22:16.0152 5664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:22:16.0152 5664 KSecPkg - ok
00:22:16.0167 5664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:22:16.0167 5664 ksthunk - ok
00:22:16.0245 5664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:22:16.0261 5664 KtmRm - ok
00:22:16.0355 5664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:22:16.0355 5664 LanmanServer - ok
00:22:16.0433 5664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:22:16.0433 5664 LanmanWorkstation - ok
00:22:16.0542 5664 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:22:16.0542 5664 LBTServ - ok
00:22:16.0620 5664 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
00:22:16.0635 5664 LEqdUsb - ok
00:22:16.0698 5664 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
00:22:16.0698 5664 LGBusEnum - ok
00:22:16.0760 5664 LGSHidFilt (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
00:22:16.0760 5664 LGSHidFilt - ok
00:22:16.0791 5664 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
00:22:16.0791 5664 LGVirHid - ok
00:22:16.0823 5664 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
00:22:16.0823 5664 LHidEqd - ok
00:22:16.0869 5664 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:22:16.0869 5664 LHidFilt - ok
00:22:17.0010 5664 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:22:17.0010 5664 LightScribeService - ok
00:22:17.0041 5664 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
00:22:17.0041 5664 lirsgt - ok
00:22:17.0103 5664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:22:17.0103 5664 lltdio - ok
00:22:17.0197 5664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:22:17.0197 5664 lltdsvc - ok
00:22:17.0244 5664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:22:17.0244 5664 lmhosts - ok
00:22:17.0275 5664 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:22:17.0275 5664 LMouFilt - ok
00:22:17.0306 5664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:17.0306 5664 LSI_FC - ok
00:22:17.0337 5664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:17.0337 5664 LSI_SAS - ok
00:22:17.0369 5664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:17.0369 5664 LSI_SAS2 - ok
00:22:17.0384 5664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:17.0400 5664 LSI_SCSI - ok
00:22:17.0431 5664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:22:17.0431 5664 luafv - ok
00:22:17.0525 5664 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
00:22:17.0540 5664 McciCMService - ok
00:22:17.0618 5664 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
00:22:17.0618 5664 McciCMService64 - ok
00:22:17.0681 5664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:22:17.0681 5664 Mcx2Svc - ok
00:22:17.0712 5664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:22:17.0712 5664 megasas - ok
00:22:17.0759 5664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:17.0759 5664 MegaSR - ok
00:22:17.0946 5664 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
00:22:17.0946 5664 mi-raysat_3dsmax2012_64 - ok
00:22:18.0055 5664 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
00:22:18.0055 5664 mi-raysat_3dsmax9_32 - ok
00:22:18.0102 5664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:22:18.0102 5664 MMCSS - ok
00:22:18.0133 5664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:22:18.0133 5664 Modem - ok
00:22:18.0367 5664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:22:18.0367 5664 monitor - ok
00:22:18.0585 5664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:22:18.0585 5664 mouclass - ok
00:22:18.0632 5664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:22:18.0648 5664 mouhid - ok
00:22:18.0819 5664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:22:18.0819 5664 mountmgr - ok
00:22:18.0944 5664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:22:18.0960 5664 mpio - ok
00:22:18.0975 5664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:22:18.0975 5664 mpsdrv - ok
00:22:19.0085 5664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:22:19.0100 5664 MpsSvc - ok
00:22:19.0225 5664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:22:19.0225 5664 MRxDAV - ok
00:22:19.0287 5664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:19.0287 5664 mrxsmb - ok
00:22:19.0553 5664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:19.0568 5664 mrxsmb10 - ok
00:22:19.0740 5664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:19.0740 5664 mrxsmb20 - ok
00:22:19.0802 5664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:22:19.0802 5664 msahci - ok
00:22:19.0865 5664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:22:19.0865 5664 msdsm - ok
00:22:19.0989 5664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:22:19.0989 5664 MSDTC - ok
00:22:20.0052 5664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:22:20.0052 5664 Msfs - ok
00:22:20.0067 5664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:22:20.0067 5664 mshidkmdf - ok
00:22:20.0083 5664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:22:20.0083 5664 msisadrv - ok
00:22:20.0145 5664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:22:20.0161 5664 MSiSCSI - ok
00:22:20.0161 5664 msiserver - ok
00:22:20.0192 5664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:22:20.0192 5664 MSKSSRV - ok
00:22:20.0208 5664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:20.0208 5664 MSPCLOCK - ok
00:22:20.0208 5664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:22:20.0208 5664 MSPQM - ok
00:22:20.0270 5664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:22:20.0286 5664 MsRPC - ok
00:22:20.0301 5664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:22:20.0301 5664 mssmbios - ok
00:22:20.0411 5664 MSSQL$SQLEXPRESS - ok
00:22:20.0535 5664 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:22:20.0535 5664 MSSQLServerADHelper100 - ok
00:22:20.0551 5664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:22:20.0551 5664 MSTEE - ok
00:22:20.0582 5664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:20.0582 5664 MTConfig - ok
00:22:20.0598 5664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:22:20.0598 5664 Mup - ok
00:22:20.0660 5664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:22:20.0676 5664 napagent - ok
00:22:20.0707 5664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:22:20.0723 5664 NativeWifiP - ok
00:22:20.0974 5664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:22:20.0989 5664 NDIS - ok
00:22:21.0011 5664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:21.0014 5664 NdisCap - ok
00:22:21.0039 5664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:21.0039 5664 NdisTapi - ok
00:22:21.0104 5664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:21.0106 5664 Ndisuio - ok
00:22:21.0176 5664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:21.0179 5664 NdisWan - ok
00:22:21.0231 5664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:22:21.0234 5664 NDProxy - ok
00:22:21.0316 5664 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
00:22:21.0321 5664 Net Driver HPZ12 - ok
00:22:21.0341 5664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:22:21.0349 5664 NetBIOS - ok
00:22:21.0426 5664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:22:21.0436 5664 NetBT - ok
00:22:21.0491 5664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:21.0494 5664 Netlogon - ok
00:22:21.0574 5664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:22:21.0576 5664 Netman - ok
00:22:21.0672 5664 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:21.0672 5664 NetMsmqActivator - ok
00:22:21.0687 5664 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:21.0687 5664 NetPipeActivator - ok
00:22:21.0750 5664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:22:21.0765 5664 netprofm - ok
00:22:21.0765 5664 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:21.0765 5664 NetTcpActivator - ok
00:22:21.0781 5664 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:21.0781 5664 NetTcpPortSharing - ok
00:22:21.0828 5664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:21.0828 5664 nfrd960 - ok
00:22:21.0890 5664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:22:21.0890 5664 NlaSvc - ok
00:22:22.0031 5664 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
00:22:22.0031 5664 nmservice - ok
00:22:22.0046 5664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:22:22.0046 5664 Npfs - ok
00:22:22.0077 5664 npggsvc - ok
00:22:22.0077 5664 NPPTNT2 - ok
00:22:22.0109 5664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:22:22.0109 5664 nsi - ok
00:22:22.0124 5664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:22:22.0124 5664 nsiproxy - ok
00:22:22.0202 5664 NSL (18654d5e0dc33b7f0f895264a5de80da) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
00:22:22.0202 5664 NSL - ok
00:22:22.0405 5664 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
00:22:22.0421 5664 Ntfs - ok
00:22:22.0561 5664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:22:22.0561 5664 Null - ok
00:22:22.0655 5664 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
00:22:22.0655 5664 NVENETFD - ok
00:22:22.0701 5664 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
00:22:22.0701 5664 NVHDA - ok
00:22:23.0856 5664 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:22:23.0981 5664 nvlddmkm - ok
00:22:24.0152 5664 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
00:22:24.0152 5664 NVNET - ok
00:22:24.0215 5664 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
00:22:24.0215 5664 nvraid - ok
00:22:24.0246 5664 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
00:22:24.0261 5664 nvrd64 - ok
00:22:24.0324 5664 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
00:22:24.0324 5664 nvsmu - ok
00:22:24.0339 5664 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
00:22:24.0355 5664 nvstor - ok
00:22:24.0371 5664 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
00:22:24.0371 5664 nvstor64 - ok
00:22:24.0542 5664 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
00:22:24.0558 5664 nvsvc - ok
00:22:24.0979 5664 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:22:24.0979 5664 nvUpdatusService - ok
00:22:25.0135 5664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:22:25.0135 5664 nv_agp - ok
00:22:25.0322 5664 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:22:25.0338 5664 odserv - ok
00:22:25.0400 5664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:22:25.0400 5664 ohci1394 - ok
00:22:25.0463 5664 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:22:25.0463 5664 ose - ok
00:22:25.0541 5664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:22:25.0541 5664 p2pimsvc - ok
00:22:25.0634 5664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:22:25.0634 5664 p2psvc - ok
00:22:25.0712 5664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:22:25.0712 5664 Parport - ok
00:22:25.0728 5664 Partizan - ok
00:22:25.0790 5664 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:22:25.0790 5664 partmgr - ok
00:22:25.0837 5664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:22:25.0837 5664 PcaSvc - ok
00:22:25.0868 5664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:22:25.0868 5664 pci - ok
00:22:25.0884 5664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:22:25.0884 5664 pciide - ok
00:22:25.0915 5664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:25.0915 5664 pcmcia - ok
00:22:25.0931 5664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:22:25.0931 5664 pcw - ok
00:22:26.0024 5664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:22:26.0024 5664 PEAUTH - ok
00:22:26.0180 5664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:22:26.0180 5664 PerfHost - ok
00:22:26.0523 5664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:22:26.0539 5664 pla - ok
00:22:26.0757 5664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:22:26.0773 5664 PlugPlay - ok
00:22:26.0851 5664 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
00:22:26.0851 5664 Pml Driver HPZ12 - ok
00:22:26.0898 5664 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
00:22:26.0913 5664 pnarp - ok
00:22:26.0960 5664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:22:26.0960 5664 PNRPAutoReg - ok
00:22:27.0007 5664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:22:27.0007 5664 PNRPsvc - ok
00:22:27.0069 5664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:22:27.0069 5664 PolicyAgent - ok
00:22:27.0163 5664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:22:27.0163 5664 Power - ok
00:22:27.0257 5664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:22:27.0257 5664 PptpMiniport - ok
00:22:27.0319 5664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:22:27.0319 5664 Processor - ok
00:22:27.0366 5664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:22:27.0366 5664 ProfSvc - ok
00:22:27.0428 5664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:27.0428 5664 ProtectedStorage - ok
00:22:27.0506 5664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:22:27.0522 5664 Psched - ok
00:22:27.0569 5664 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
00:22:27.0569 5664 purendis - ok
00:22:27.0756 5664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:22:27.0771 5664 ql2300 - ok
00:22:27.0943 5664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:27.0943 5664 ql40xx - ok
00:22:28.0021 5664 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:22:28.0021 5664 QWAVE - ok
00:22:28.0052 5664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:22:28.0052 5664 QWAVEdrv - ok
00:22:28.0161 5664 rak (bf87969494ff4c9068f0d8b4a0a43711) C:\Game\SoftnyxGame\RakionIS\Bin\rakion64.sys
00:22:28.0161 5664 rak - ok
00:22:28.0177 5664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:22:28.0177 5664 RasAcd - ok
00:22:28.0239 5664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:28.0239 5664 RasAgileVpn - ok
00:22:28.0271 5664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:22:28.0286 5664 RasAuto - ok
00:22:28.0333 5664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:28.0349 5664 Rasl2tp - ok
00:22:28.0411 5664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:22:28.0411 5664 RasMan - ok
00:22:28.0442 5664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:28.0442 5664 RasPppoe - ok
00:22:28.0442 5664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:22:28.0458 5664 RasSstp - ok
00:22:28.0520 5664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:22:28.0520 5664 rdbss - ok
00:22:28.0536 5664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:28.0536 5664 rdpbus - ok
00:22:28.0551 5664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:28.0551 5664 RDPCDD - ok
00:22:28.0583 5664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:22:28.0583 5664 RDPENCDD - ok
00:22:28.0598 5664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:22:28.0598 5664 RDPREFMP - ok
00:22:28.0645 5664 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:22:28.0645 5664 RDPWD - ok
00:22:28.0723 5664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:22:28.0723 5664 rdyboost - ok
00:22:28.0785 5664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:22:28.0785 5664 RemoteAccess - ok
00:22:28.0817 5664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:22:28.0832 5664 RemoteRegistry - ok
00:22:28.0941 5664 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
00:22:28.0941 5664 RivaTuner64 - ok
00:22:28.0957 5664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:22:28.0957 5664 RpcEptMapper - ok
00:22:29.0019 5664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:22:29.0019 5664 RpcLocator - ok
00:22:29.0144 5664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:22:29.0160 5664 RpcSs - ok
00:22:29.0269 5664 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:22:29.0269 5664 RsFx0103 - ok
00:22:29.0300 5664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:22:29.0300 5664 rspndr - ok
00:22:29.0363 5664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:29.0363 5664 SamSs - ok
00:22:29.0425 5664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:22:29.0425 5664 sbp2port - ok
00:22:29.0441 5664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:22:29.0456 5664 SCardSvr - ok
00:22:29.0503 5664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:22:29.0503 5664 scfilter - ok
00:22:29.0675 5664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:22:29.0690 5664 Schedule - ok
00:22:29.0737 5664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:22:29.0753 5664 SCPolicySvc - ok
00:22:29.0815 5664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:22:29.0815 5664 SDRSVC - ok
00:22:29.0862 5664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:22:29.0862 5664 secdrv - ok
00:22:29.0940 5664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:22:29.0955 5664 seclogon - ok
00:22:30.0033 5664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:22:30.0033 5664 SENS - ok
00:22:30.0049 5664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:22:30.0049 5664 SensrSvc - ok
00:22:30.0065 5664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:22:30.0065 5664 Serenum - ok
00:22:30.0096 5664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:22:30.0096 5664 Serial - ok
00:22:30.0111 5664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:22:30.0111 5664 sermouse - ok
00:22:30.0189 5664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:22:30.0189 5664 SessionEnv - ok
00:22:30.0252 5664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:22:30.0252 5664 sffdisk - ok
00:22:30.0267 5664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:22:30.0267 5664 sffp_mmc - ok
00:22:30.0283 5664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:22:30.0283 5664 sffp_sd - ok
00:22:30.0299 5664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:30.0299 5664 sfloppy - ok
00:22:30.0392 5664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:22:30.0392 5664 SharedAccess - ok
00:22:30.0501 5664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:22:30.0501 5664 ShellHWDetection - ok
00:22:30.0533 5664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:30.0533 5664 SiSRaid2 - ok
00:22:30.0548 5664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:30.0548 5664 SiSRaid4 - ok
00:22:30.0579 5664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:22:30.0595 5664 Smb - ok
00:22:30.0673 5664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:22:30.0673 5664 SNMPTRAP - ok
00:22:30.0689 5664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:22:30.0689 5664 spldr - ok
00:22:30.0751 5664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:22:30.0767 5664 Spooler - ok
00:22:31.0172 5664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:22:31.0219 5664 sppsvc - ok
00:22:31.0375 5664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:22:31.0375 5664 sppuinotify - ok
00:22:31.0531 5664 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
00:22:31.0531 5664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
00:22:31.0531 5664 sptd ( LockedFile.Multi.Generic ) - warning
00:22:31.0531 5664 sptd - detected LockedFile.Multi.Generic (1)
00:22:31.0687 5664 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:22:31.0687 5664 SQLAgent$SQLEXPRESS - ok
00:22:31.0827 5664 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:22:31.0827 5664 SQLBrowser - ok
00:22:31.0968 5664 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:22:31.0968 5664 SQLWriter - ok
00:22:32.0202 5664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:22:32.0202 5664 srv - ok
00:22:32.0264 5664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:22:32.0280 5664 srv2 - ok
00:22:32.0311 5664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:22:32.0311 5664 srvnet - ok
00:22:32.0389 5664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:22:32.0389 5664 SSDPSRV - ok
00:22:32.0405 5664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:22:32.0405 5664 SstpSvc - ok
00:22:32.0576 5664 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:22:32.0576 5664 Stereo Service - ok
00:22:32.0639 5664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:22:32.0639 5664 stexstor - ok
00:22:32.0763 5664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:22:32.0779 5664 stisvc - ok
00:22:32.0841 5664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:22:32.0841 5664 swenum - ok
00:22:32.0904 5664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:22:32.0919 5664 swprv - ok
00:22:33.0169 5664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:22:33.0185 5664 SysMain - ok
00:22:33.0419 5664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:22:33.0419 5664 TabletInputService - ok
00:22:33.0512 5664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:22:33.0512 5664 TapiSrv - ok
00:22:33.0559 5664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:22:33.0559 5664 TBS - ok
00:22:33.0871 5664 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:22:33.0887 5664 Tcpip - ok
00:22:34.0245 5664 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:22:34.0261 5664 TCPIP6 - ok
00:22:34.0401 5664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:22:34.0401 5664 tcpipreg - ok
00:22:34.0464 5664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:22:34.0464 5664 TDPIPE - ok
00:22:34.0526 5664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:22:34.0526 5664 TDTCP - ok
00:22:34.0589 5664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:22:34.0589 5664 tdx - ok
00:22:34.0651 5664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:22:34.0651 5664 TermDD - ok
00:22:34.0713 5664 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:22:34.0729 5664 TermService - ok
00:22:34.0791 5664 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:22:34.0791 5664 Themes - ok
00:22:34.0838 5664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:22:34.0854 5664 THREADORDER - ok
00:22:34.0869 5664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:22:34.0869 5664 TrkWks - ok
00:22:34.0947 5664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:22:34.0947 5664 TrustedInstaller - ok
00:22:35.0010 5664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:35.0010 5664 tssecsrv - ok
00:22:35.0213 5664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:22:35.0213 5664 TsUsbFlt - ok
00:22:35.0353 5664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:22:35.0353 5664 tunnel - ok
00:22:35.0415 5664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:22:35.0415 5664 uagp35 - ok
00:22:35.0462 5664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:22:35.0478 5664 udfs - ok
00:22:35.0509 5664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:22:35.0509 5664 UI0Detect - ok
00:22:35.0587 5664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:22:35.0587 5664 uliagpkx - ok
00:22:35.0649 5664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:22:35.0649 5664 umbus - ok
00:22:35.0665 5664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:22:35.0665 5664 UmPass - ok
00:22:35.0712 5664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:22:35.0727 5664 upnphost - ok
00:22:35.0805 5664 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
00:22:35.0805 5664 USBAAPL64 - ok
00:22:35.0883 5664 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
00:22:35.0883 5664 usbccgp - ok
00:22:35.0961 5664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:22:35.0977 5664 usbcir - ok
00:22:36.0008 5664 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
00:22:36.0008 5664 usbehci - ok
00:22:36.0039 5664 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
00:22:36.0055 5664 usbhub - ok
00:22:36.0071 5664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:22:36.0071 5664 usbohci - ok
00:22:36.0102 5664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:22:36.0102 5664 usbprint - ok
00:22:36.0133 5664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:22:36.0133 5664 usbscan - ok
00:22:36.0164 5664 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
00:22:36.0164 5664 USBSTOR - ok
00:22:36.0180 5664 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:22:36.0180 5664 usbuhci - ok
00:22:36.0195 5664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:22:36.0211 5664 UxSms - ok
00:22:36.0320 5664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:36.0336 5664 VaultSvc - ok
00:22:36.0351 5664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:22:36.0351 5664 vdrvroot - ok
00:22:36.0476 5664 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:22:36.0476 5664 vds - ok
00:22:36.0492 5664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:36.0492 5664 vga - ok
00:22:36.0507 5664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:22:36.0507 5664 VgaSave - ok
00:22:36.0539 5664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:22:36.0554 5664 vhdmp - ok
00:22:36.0570 5664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:22:36.0570 5664 viaide - ok
00:22:36.0617 5664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:22:36.0617 5664 volmgr - ok
00:22:36.0695 5664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:22:36.0695 5664 volmgrx - ok
00:22:36.0741 5664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:22:36.0757 5664 volsnap - ok
00:22:36.0804 5664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:36.0804 5664 vsmraid - ok
00:22:37.0022 5664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:22:37.0053 5664 VSS - ok
00:22:37.0100 5664 vtany - ok
00:22:37.0256 5664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:22:37.0256 5664 vwifibus - ok
00:22:37.0350 5664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:22:37.0365 5664 W32Time - ok
00:22:37.0412 5664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:22:37.0412 5664 WacomPen - ok
00:22:37.0490 5664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:37.0490 5664 WANARP - ok
00:22:37.0553 5664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:37.0553 5664 Wanarpv6 - ok
00:22:37.0787 5664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:22:37.0802 5664 WatAdminSvc - ok
00:22:38.0005 5664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:22:38.0036 5664 wbengine - ok
00:22:38.0255 5664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:22:38.0255 5664 WbioSrvc - ok
00:22:38.0364 5664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:22:38.0379 5664 wcncsvc - ok
00:22:38.0395 5664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:22:38.0395 5664 WcsPlugInService - ok
00:22:38.0457 5664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:22:38.0457 5664 Wd - ok
00:22:38.0520 5664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:22:38.0535 5664 Wdf01000 - ok
00:22:38.0551 5664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:22:38.0551 5664 WdiServiceHost - ok
00:22:38.0567 5664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:22:38.0567 5664 WdiSystemHost - ok
00:22:38.0629 5664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:22:38.0645 5664 WebClient - ok
00:22:38.0676 5664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:22:38.0676 5664 Wecsvc - ok
00:22:38.0707 5664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:22:38.0707 5664 wercplsupport - ok
00:22:38.0738 5664 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:22:38.0754 5664 WerSvc - ok
00:22:38.0785 5664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:38.0785 5664 WfpLwf - ok
00:22:38.0801 5664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:22:38.0801 5664 WIMMount - ok
00:22:38.0832 5664 WinDefend - ok
00:22:38.0847 5664 WinHttpAutoProxySvc - ok
00:22:38.0941 5664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:22:38.0941 5664 Winmgmt - ok
00:22:39.0269 5664 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:22:39.0284 5664 WinRM - ok
00:22:39.0581 5664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:39.0581 5664 WinUsb - ok
00:22:39.0752 5664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:22:39.0768 5664 Wlansvc - ok
00:22:40.0142 5664 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:22:40.0173 5664 wlidsvc - ok
00:22:40.0345 5664 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
00:22:40.0345 5664 WmBEnum - ok
00:22:40.0439 5664 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
00:22:40.0439 5664 WmFilter - ok
00:22:40.0501 5664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:22:40.0501 5664 WmiAcpi - ok
00:22:40.0610 5664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:22:40.0610 5664 wmiApSrv - ok
00:22:40.0657 5664 WMPNetworkSvc - ok
00:22:40.0688 5664 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
00:22:40.0688 5664 WmVirHid - ok
00:22:40.0735 5664 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
00:22:40.0735 5664 WmXlCore - ok
00:22:40.0797 5664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:22:40.0797 5664 WPCSvc - ok
00:22:40.0860 5664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:22:40.0860 5664 WPDBusEnum - ok
00:22:40.0922 5664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:22:40.0922 5664 ws2ifsl - ok
00:22:40.0938 5664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:22:40.0938 5664 wscsvc - ok
00:22:40.0953 5664 WSearch - ok
00:22:41.0265 5664 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:22:41.0297 5664 wuauserv - ok
00:22:41.0515 5664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:22:41.0515 5664 WudfPf - ok
00:22:41.0546 5664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:41.0546 5664 WUDFRd - ok
00:22:41.0609 5664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:22:41.0624 5664 wudfsvc - ok
00:22:41.0655 5664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:22:41.0655 5664 WwanSvc - ok
00:22:41.0874 5664 X6va002 - ok
00:22:41.0905 5664 X6va003 - ok
00:22:41.0936 5664 X6va005 - ok
00:22:42.0186 5664 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
00:22:42.0201 5664 xnacc - ok
00:22:42.0217 5664 xsherlock - ok
00:22:42.0233 5664 xspirit - ok
00:22:42.0264 5664 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
00:22:42.0716 5664 \Device\Harddisk0\DR0 - ok
00:22:42.0716 5664 Boot (0x1200) (2264c9eca02c23f84845ff12bf997f3b) \Device\Harddisk0\DR0\Partition0
00:22:42.0732 5664 \Device\Harddisk0\DR0\Partition0 - ok
00:22:42.0732 5664 Boot (0x1200) (a93ac739b8f05a63e47fb097e8408048) \Device\Harddisk0\DR0\Partition1
00:22:42.0732 5664 \Device\Harddisk0\DR0\Partition1 - ok
00:22:42.0732 5664 ============================================================
00:22:42.0732 5664 Scan finished
00:22:42.0732 5664 ============================================================
00:22:42.0747 5784 Detected object count: 1
00:22:42.0747 5784 Actual detected object count: 1
00:24:25.0247 5784 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:24:25.0247 5784 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:25:45.0962 6944 ============================================================
00:25:45.0962 6944 Scan started
00:25:45.0962 6944 Mode: Manual;
00:25:45.0962 6944 ============================================================
00:25:47.0881 6944 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:25:47.0881 6944 1394ohci - ok
00:25:47.0927 6944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:25:47.0943 6944 ACPI - ok
00:25:47.0990 6944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:25:47.0990 6944 AcpiPmi - ok
00:25:48.0161 6944 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:25:48.0161 6944 AdobeARMservice - ok
00:25:48.0271 6944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:25:48.0271 6944 adp94xx - ok
00:25:48.0317 6944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:25:48.0317 6944 adpahci - ok
00:25:48.0349 6944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:25:48.0349 6944 adpu320 - ok
00:25:48.0411 6944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:25:48.0411 6944 AeLookupSvc - ok
00:25:48.0505 6944 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:25:48.0505 6944 AFD - ok
00:25:48.0520 6944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:25:48.0520 6944 agp440 - ok
00:25:48.0536 6944 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:25:48.0536 6944 ALG - ok
00:25:48.0551 6944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:25:48.0551 6944 aliide - ok
00:25:48.0567 6944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:25:48.0567 6944 amdide - ok
00:25:48.0583 6944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:25:48.0583 6944 AmdK8 - ok
00:25:48.0598 6944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:25:48.0598 6944 AmdPPM - ok
00:25:48.0614 6944 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
00:25:48.0614 6944 amdsata - ok
00:25:48.0645 6944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:25:48.0645 6944 amdsbs - ok
00:25:48.0645 6944 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
00:25:48.0661 6944 amdxata - ok
00:25:48.0754 6944 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:25:48.0754 6944 AntiVirSchedulerService - ok
00:25:48.0785 6944 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:25:48.0785 6944 AntiVirService - ok
00:25:48.0863 6944 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:25:48.0879 6944 AntiVirWebService - ok
00:25:48.0941 6944 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:25:48.0941 6944 AppID - ok
00:25:48.0957 6944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:25:48.0957 6944 AppIDSvc - ok
00:25:49.0004 6944 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:25:49.0004 6944 Appinfo - ok
00:25:49.0066 6944 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:25:49.0082 6944 Apple Mobile Device - ok
00:25:49.0097 6944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:25:49.0097 6944 arc - ok
00:25:49.0113 6944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:25:49.0129 6944 arcsas - ok
00:25:49.0269 6944 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:25:49.0269 6944 aspnet_state - ok
00:25:49.0285 6944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:25:49.0285 6944 AsyncMac - ok
00:25:49.0331 6944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:25:49.0331 6944 atapi - ok
00:25:49.0394 6944 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
00:25:49.0394 6944 atksgt - ok
00:25:49.0503 6944 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:25:49.0519 6944 AudioEndpointBuilder - ok
00:25:49.0534 6944 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:25:49.0534 6944 AudioSrv - ok
00:25:49.0612 6944 Autodesk Licensing Service (95e684e3f80c1e22bde3b96a20b03831) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
00:25:49.0612 6944 Autodesk Licensing Service - ok
00:25:49.0643 6944 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
00:25:49.0643 6944 avgntflt - ok
00:25:49.0675 6944 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
00:25:49.0690 6944 avipbb - ok
00:25:49.0706 6944 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:25:49.0706 6944 avkmgr - ok
00:25:49.0768 6944 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:25:49.0768 6944 AxInstSV - ok
00:25:49.0846 6944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:25:49.0846 6944 b06bdrv - ok
00:25:49.0893 6944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:25:49.0893 6944 b57nd60a - ok
00:25:49.0971 6944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:25:49.0971 6944 BDESVC - ok
00:25:49.0987 6944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:25:49.0987 6944 Beep - ok
00:25:50.0127 6944 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:25:50.0143 6944 BFE - ok
00:25:50.0267 6944 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:25:50.0283 6944 BITS - ok
00:25:50.0330 6944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:25:50.0330 6944 blbdrive - ok
00:25:50.0470 6944 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:25:50.0470 6944 Bonjour Service - ok
00:25:50.0533 6944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:25:50.0533 6944 bowser - ok
00:25:50.0533 6944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:25:50.0533 6944 BrFiltLo - ok
00:25:50.0564 6944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:25:50.0564 6944 BrFiltUp - ok
00:25:50.0626 6944 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:25:50.0642 6944 Browser - ok
00:25:50.0689 6944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:25:50.0689 6944 Brserid - ok
00:25:50.0704 6944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:25:50.0704 6944 BrSerWdm - ok
00:25:50.0720 6944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:25:50.0720 6944 BrUsbMdm - ok
00:25:50.0735 6944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:25:50.0735 6944 BrUsbSer - ok
00:25:50.0767 6944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:25:50.0767 6944 BTHMODEM - ok
00:25:50.0829 6944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:25:50.0829 6944 bthserv - ok
00:25:50.0845 6944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:25:50.0845 6944 cdfs - ok
00:25:50.0923 6944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:25:50.0923 6944 cdrom - ok
00:25:50.0985 6944 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:25:50.0985 6944 CertPropSvc - ok
00:25:51.0001 6944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:25:51.0001 6944 circlass - ok
00:25:51.0047 6944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:25:51.0063 6944 CLFS - ok
00:25:51.0172 6944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:25:51.0172 6944 clr_optimization_v2.0.50727_32 - ok
00:25:51.0250 6944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:25:51.0250 6944 clr_optimization_v2.0.50727_64 - ok
00:25:51.0313 6944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:25:51.0313 6944 clr_optimization_v4.0.30319_32 - ok
00:25:51.0359 6944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:25:51.0359 6944 clr_optimization_v4.0.30319_64 - ok
00:25:51.0406 6944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:25:51.0406 6944 CmBatt - ok
00:25:51.0812 6944 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
00:25:51.0843 6944 cmdAgent - ok
00:25:52.0030 6944 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
00:25:52.0030 6944 cmdGuard - ok
00:25:52.0061 6944 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
00:25:52.0061 6944 cmdHlp - ok
00:25:52.0108 6944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:25:52.0108 6944 cmdide - ok
00:25:52.0217 6944 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:25:52.0217 6944 CNG - ok
00:25:52.0233 6944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:25:52.0233 6944 Compbatt - ok
00:25:52.0264 6944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:25:52.0264 6944 CompositeBus - ok
00:25:52.0280 6944 COMSysApp - ok
00:25:52.0311 6944 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
00:25:52.0311 6944 cpuz133 - ok
00:25:52.0358 6944 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
00:25:52.0358 6944 cpuz135 - ok
00:25:52.0373 6944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:25:52.0373 6944 crcdisk - ok
00:25:52.0451 6944 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:25:52.0451 6944 CryptSvc - ok
00:25:52.0545 6944 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:25:52.0545 6944 DcomLaunch - ok
00:25:52.0623 6944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:25:52.0639 6944 defragsvc - ok
00:25:52.0701 6944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:25:52.0717 6944 DfsC - ok
00:25:52.0795 6944 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:25:52.0795 6944 Dhcp - ok
00:25:52.0826 6944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:25:52.0826 6944 discache - ok
00:25:52.0841 6944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:25:52.0841 6944 Disk - ok
00:25:52.0904 6944 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:25:52.0904 6944 Dnscache - ok
00:25:52.0982 6944 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:25:52.0982 6944 dot3svc - ok
00:25:53.0013 6944 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:25:53.0013 6944 Dot4 - ok
00:25:53.0060 6944 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:25:53.0060 6944 Dot4Print - ok
00:25:53.0075 6944 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:25:53.0075 6944 dot4usb - ok
00:25:53.0153 6944 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:25:53.0153 6944 DPS - ok
00:25:53.0216 6944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:25:53.0231 6944 drmkaud - ok
00:25:53.0263 6944 dump_wmimmc - ok
00:25:53.0419 6944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:25:53.0434 6944 DXGKrnl - ok
00:25:53.0450 6944 EagleX64 - ok
00:25:53.0481 6944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:25:53.0481 6944 EapHost - ok
00:25:53.0855 6944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:25:53.0887 6944 ebdrv - ok
00:25:54.0074 6944 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:25:54.0074 6944 EFS - ok
00:25:54.0230 6944 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:25:54.0230 6944 ehRecvr - ok
00:25:54.0292 6944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:25:54.0292 6944 ehSched - ok
00:25:54.0401 6944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:25:54.0401 6944 elxstor - ok
00:25:54.0448 6944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:25:54.0448 6944 ErrDev - ok
00:25:54.0557 6944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:25:54.0557 6944 EventSystem - ok
00:25:54.0589 6944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:25:54.0589 6944 exfat - ok
00:25:54.0620 6944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:25:54.0620 6944 fastfat - ok
00:25:54.0745 6944 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:25:54.0760 6944 Fax - ok
00:25:54.0776 6944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:25:54.0776 6944 fdc - ok
00:25:54.0776 6944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:25:54.0791 6944 fdPHost - ok
00:25:54.0807 6944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:25:54.0807 6944 FDResPub - ok
00:25:54.0823 6944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:25:54.0823 6944 FileInfo - ok
00:25:54.0838 6944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:25:54.0838 6944 Filetrace - ok
00:25:54.0979 6944 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:25:54.0994 6944 FLEXnet Licensing Service - ok
00:25:55.0244 6944 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:25:55.0259 6944 FLEXnet Licensing Service 64 - ok
00:25:55.0431 6944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:25:55.0431 6944 flpydisk - ok
00:25:55.0509 6944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:25:55.0509 6944 FltMgr - ok
00:25:55.0649 6944 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
00:25:55.0665 6944 FontCache - ok
00:25:55.0759 6944 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:25:55.0759 6944 FontCache3.0.0.0 - ok
00:25:55.0790 6944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:25:55.0790 6944 FsDepends - ok
00:25:55.0852 6944 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:25:55.0852 6944 Fs_Rec - ok
00:25:55.0930 6944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:25:55.0930 6944 fvevol - ok
00:25:55.0946 6944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:25:55.0946 6944 gagp30kx - ok
00:25:56.0024 6944 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:25:56.0024 6944 GEARAspiWDM - ok
00:25:56.0258 6944 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:25:56.0273 6944 gpsvc - ok
00:25:56.0461 6944 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:25:56.0461 6944 gupdate - ok
00:25:56.0461 6944 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:25:56.0461 6944 gupdatem - ok
00:25:56.0539 6944 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:25:56.0539 6944 gusvc - ok
00:25:56.0570 6944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:25:56.0570 6944 hcw85cir - ok
00:25:56.0663 6944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:25:56.0663 6944 HdAudAddService - ok
00:25:56.0695 6944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:25:56.0695 6944 HDAudBus - ok
00:25:56.0710 6944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:25:56.0710 6944 HidBatt - ok
00:25:56.0726 6944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:25:56.0726 6944 HidBth - ok
00:25:56.0741 6944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:25:56.0757 6944 HidIr - ok
00:25:56.0804 6944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:25:56.0804 6944 hidserv - ok
00:25:56.0819 6944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:25:56.0819 6944 HidUsb - ok
00:25:56.0866 6944 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:25:56.0882 6944 hkmsvc - ok
00:25:56.0960 6944 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:25:56.0975 6944 HomeGroupListener - ok
00:25:57.0038 6944 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:25:57.0053 6944 HomeGroupProvider - ok
00:25:57.0178 6944 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:25:57.0178 6944 HP Health Check Service - ok
00:25:57.0209 6944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:25:57.0209 6944 HpSAMD - ok
00:25:57.0350 6944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:25:57.0365 6944 HTTP - ok
00:25:57.0412 6944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:25:57.0412 6944 hwpolicy - ok
00:25:57.0428 6944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:25:57.0428 6944 i8042prt - ok
00:25:57.0490 6944 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
00:25:57.0506 6944 iaStorV - ok
00:25:57.0631 6944 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:25:57.0646 6944 idsvc - ok
00:25:57.0771 6944 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
00:25:57.0771 6944 IHA_MessageCenter - ok
00:25:57.0943 6944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:25:57.0958 6944 iirsp - ok
00:25:58.0099 6944 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:25:58.0114 6944 IKEEXT - ok
00:25:58.0161 6944 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
00:25:58.0161 6944 inspect - ok
00:25:58.0426 6944 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
00:25:58.0442 6944 IntcAzAudAddService - ok
00:25:58.0551 6944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:25:58.0551 6944 intelide - ok
00:25:58.0567 6944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:25:58.0567 6944 intelppm - ok
00:25:58.0613 6944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:25:58.0613 6944 IPBusEnum - ok
00:25:58.0676 6944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:25:58.0676 6944 IpFilterDriver - ok
00:25:58.0754 6944 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:25:58.0754 6944 iphlpsvc - ok
00:25:58.0894 6944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:25:58.0894 6944 IPMIDRV - ok
00:25:58.0910 6944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:25:58.0910 6944 IPNAT - ok
00:25:59.0035 6944 iPod Service (844b87302d856f8eb32a38c35969734a) C:\Program Files\iPod\bin\iPodService.exe
00:25:59.0050 6944 iPod Service - ok
00:25:59.0066 6944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:25:59.0066 6944 IRENUM - ok
00:25:59.0081 6944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:25:59.0081 6944 isapnp - ok
00:25:59.0159 6944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:25:59.0159 6944 iScsiPrt - ok
00:25:59.0191 6944 JRSKD24 (2b9b87269b1d31f261990049a5f5bfa5) C:\Windows\system32\JRSKD24.SYS
00:25:59.0191 6944 JRSKD24 - ok
00:25:59.0206 6944 JRSUKD25 (6d15a689c9ef15041ce876ff662db6e1) C:\Windows\system32\JRSUKD25.SYS
00:25:59.0206 6944 JRSUKD25 - ok
00:25:59.0222 6944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:25:59.0222 6944 kbdclass - ok
00:25:59.0284 6944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:25:59.0284 6944 kbdhid - ok
00:25:59.0315 6944 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:25:59.0315 6944 KeyIso - ok
00:25:59.0362 6944 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:25:59.0362 6944 KSecDD - ok
00:25:59.0409 6944 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:25:59.0409 6944 KSecPkg - ok
00:25:59.0425 6944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:25:59.0425 6944 ksthunk - ok
00:25:59.0503 6944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:25:59.0518 6944 KtmRm - ok
00:25:59.0581 6944 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:25:59.0596 6944 LanmanServer - ok
00:25:59.0643 6944 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:25:59.0643 6944 LanmanWorkstation - ok
00:25:59.0752 6944 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:25:59.0752 6944 LBTServ - ok
00:25:59.0815 6944 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
00:25:59.0815 6944 LEqdUsb - ok
00:25:59.0877 6944 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
00:25:59.0877 6944 LGBusEnum - ok
00:25:59.0939 6944 LGSHidFilt (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
00:25:59.0939 6944 LGSHidFilt - ok
00:25:59.0971 6944 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
00:25:59.0971 6944 LGVirHid - ok
00:25:59.0971 6944 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
00:25:59.0971 6944 LHidEqd - ok
00:26:00.0033 6944 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:26:00.0033 6944 LHidFilt - ok
00:26:00.0142 6944 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:26:00.0142 6944 LightScribeService - ok
00:26:00.0173 6944 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
00:26:00.0173 6944 lirsgt - ok
00:26:00.0220 6944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:26:00.0220 6944 lltdio - ok
00:26:00.0298 6944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:26:00.0298 6944 lltdsvc - ok
00:26:00.0314 6944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:26:00.0329 6944 lmhosts - ok
00:26:00.0329 6944 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:26:00.0345 6944 LMouFilt - ok
00:26:00.0361 6944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:26:00.0376 6944 LSI_FC - ok
00:26:00.0392 6944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:26:00.0392 6944 LSI_SAS - ok
00:26:00.0423 6944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:26:00.0423 6944 LSI_SAS2 - ok
00:26:00.0439 6944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:26:00.0439 6944 LSI_SCSI - ok
00:26:00.0470 6944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:26:00.0470 6944 luafv - ok
00:26:00.0579 6944 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
00:26:00.0579 6944 McciCMService - ok
00:26:00.0673 6944 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
00:26:00.0673 6944 McciCMService64 - ok
00:26:00.0719 6944 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:26:00.0735 6944 Mcx2Svc - ok
00:26:00.0751 6944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:26:00.0751 6944 megasas - ok
00:26:00.0797 6944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:26:00.0813 6944 MegaSR - ok
00:26:00.0985 6944 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
00:26:00.0985 6944 mi-raysat_3dsmax2012_64 - ok
00:26:01.0109 6944 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
00:26:01.0109 6944 mi-raysat_3dsmax9_32 - ok
00:26:01.0172 6944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:26:01.0172 6944 MMCSS - ok
00:26:01.0234 6944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:26:01.0234 6944 Modem - ok
00:26:01.0328 6944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:26:01.0343 6944 monitor - ok
00:26:01.0406 6944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:26:01.0421 6944 mouclass - ok
00:26:01.0421 6944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:26:01.0421 6944 mouhid - ok
00:26:01.0499 6944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:26:01.0499 6944 mountmgr - ok
00:26:01.0562 6944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:26:01.0562 6944 mpio - ok
00:26:01.0577 6944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:26:01.0577 6944 mpsdrv - ok
00:26:01.0702 6944 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:26:01.0718 6944 MpsSvc - ok
00:26:01.0796 6944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:26:01.0796 6944 MRxDAV - ok
00:26:01.0858 6944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:26:01.0858 6944 mrxsmb - ok
00:26:01.0936 6944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:26:01.0952 6944 mrxsmb10 - ok
00:26:01.0967 6944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:26:01.0967 6944 mrxsmb20 - ok
00:26:01.0983 6944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:26:01.0983 6944 msahci - ok
00:26:02.0061 6944 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:26:02.0061 6944 msdsm - ok
00:26:02.0092 6944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:26:02.0092 6944 MSDTC - ok
00:26:02.0139 6944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:26:02.0139 6944 Msfs - ok
00:26:02.0139 6944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:26:02.0155 6944 mshidkmdf - ok
00:26:02.0155 6944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:26:02.0155 6944 msisadrv - ok
00:26:02.0233 6944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:26:02.0233 6944 MSiSCSI - ok
00:26:02.0248 6944 msiserver - ok
00:26:02.0264 6944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:26:02.0264 6944 MSKSSRV - ok
00:26:02.0264 6944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:26:02.0264 6944 MSPCLOCK - ok
00:26:02.0279 6944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:26:02.0279 6944 MSPQM - ok
00:26:02.0373 6944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:26:02.0373 6944 MsRPC - ok
00:26:02.0404 6944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:26:02.0404 6944 mssmbios - ok
00:26:02.0482 6944 MSSQL$SQLEXPRESS - ok
00:26:02.0638 6944 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:26:02.0638 6944 MSSQLServerADHelper100 - ok
00:26:02.0654 6944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:26:02.0654 6944 MSTEE - ok
00:26:02.0669 6944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:26:02.0669 6944 MTConfig - ok
00:26:02.0685 6944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:26:02.0685 6944 Mup - ok
00:26:02.0794 6944 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:26:02.0794 6944 napagent - ok
00:26:02.0841 6944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:26:02.0841 6944 NativeWifiP - ok
00:26:02.0966 6944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:26:02.0981 6944 NDIS - ok
00:26:02.0997 6944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:26:02.0997 6944 NdisCap - ok
00:26:03.0013 6944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:26:03.0013 6944 NdisTapi - ok
00:26:03.0075 6944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:26:03.0075 6944 Ndisuio - ok
00:26:03.0153 6944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:26:03.0169 6944 NdisWan - ok
00:26:03.0215 6944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:26:03.0215 6944 NDProxy - ok
00:26:03.0278 6944 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
00:26:03.0278 6944 Net Driver HPZ12 - ok
00:26:03.0309 6944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:26:03.0309 6944 NetBIOS - ok
00:26:03.0387 6944 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:26:03.0387 6944 NetBT - ok
00:26:03.0449 6944 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:26:03.0449 6944 Netlogon - ok
00:26:03.0543 6944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:26:03.0543 6944 Netman - ok
00:26:03.0652 6944 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:26:03.0652 6944 NetMsmqActivator - ok
00:26:03.0652 6944 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:26:03.0652 6944 NetPipeActivator - ok
00:26:03.0715 6944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:26:03.0715 6944 netprofm - ok
00:26:03.0730 6944 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:26:03.0730 6944 NetTcpActivator - ok
00:26:03.0746 6944 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:26:03.0746 6944 NetTcpPortSharing - ok
00:26:03.0777 6944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:26:03.0777 6944 nfrd960 - ok
00:26:03.0855 6944 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:26:03.0871 6944 NlaSvc - ok
00:26:04.0027 6944 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
00:26:04.0042 6944 nmservice - ok
00:26:04.0058 6944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:26:04.0058 6944 Npfs - ok
00:26:04.0058 6944 npggsvc - ok
00:26:04.0073 6944 NPPTNT2 - ok
00:26:04.0089 6944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:26:04.0089 6944 nsi - ok
00:26:04.0105 6944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:26:04.0105 6944 nsiproxy - ok
00:26:04.0167 6944 NSL (18654d5e0dc33b7f0f895264a5de80da) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
00:26:04.0167 6944 NSL - ok
00:26:04.0401 6944 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
00:26:04.0417 6944 Ntfs - ok
00:26:04.0557 6944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:26:04.0557 6944 Null - ok
00:26:04.0651 6944 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
00:26:04.0666 6944 NVENETFD - ok
00:26:04.0713 6944 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
00:26:04.0713 6944 NVHDA - ok
00:26:06.0273 6944 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:26:06.0382 6944 nvlddmkm - ok
00:26:06.0819 6944 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
00:26:06.0835 6944 NVNET - ok
00:26:06.0897 6944 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
00:26:06.0897 6944 nvraid - ok
00:26:06.0928 6944 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
00:26:06.0928 6944 nvrd64 - ok
00:26:06.0991 6944 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
00:26:06.0991 6944 nvsmu - ok
00:26:07.0022 6944 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
00:26:07.0022 6944 nvstor - ok
00:26:07.0053 6944 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
00:26:07.0053 6944 nvstor64 - ok
00:26:07.0209 6944 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
00:26:07.0225 6944 nvsvc - ok
00:26:07.0568 6944 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:26:07.0599 6944 nvUpdatusService - ok
00:26:07.0802 6944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:26:07.0802 6944 nv_agp - ok
00:26:07.0942 6944 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:26:07.0958 6944 odserv - ok
00:26:08.0005 6944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:26:08.0020 6944 ohci1394 - ok
00:26:08.0051 6944 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:26:08.0051 6944 ose - ok
00:26:08.0145 6944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:26:08.0145 6944 p2pimsvc - ok
00:26:08.0239 6944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:26:08.0254 6944 p2psvc - ok
00:26:08.0317 6944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:26:08.0332 6944 Parport - ok
00:26:08.0332 6944 Partizan - ok
00:26:08.0410 6944 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:26:08.0410 6944 partmgr - ok
00:26:08.0441 6944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:26:08.0441 6944 PcaSvc - ok
00:26:08.0473 6944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:26:08.0473 6944 pci - ok
00:26:08.0488 6944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:26:08.0488 6944 pciide - ok
00:26:08.0504 6944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:26:08.0504 6944 pcmcia - ok
00:26:08.0535 6944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:26:08.0535 6944 pcw - ok
00:26:08.0613 6944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:26:08.0613 6944 PEAUTH - ok
00:26:08.0769 6944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:26:08.0769 6944 PerfHost - ok
00:26:09.0065 6944 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:26:09.0097 6944 pla - ok
00:26:09.0299 6944 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:26:09.0315 6944 PlugPlay - ok
00:26:09.0362 6944 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
00:26:09.0362 6944 Pml Driver HPZ12 - ok
00:26:09.0409 6944 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
00:26:09.0409 6944 pnarp - ok
00:26:09.0455 6944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:26:09.0471 6944 PNRPAutoReg - ok
00:26:09.0502 6944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:26:09.0518 6944 PNRPsvc - ok
00:26:09.0565 6944 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:26:09.0580 6944 PolicyAgent - ok
00:26:09.0643 6944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:26:09.0658 6944 Power - ok
00:26:09.0721 6944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:26:09.0736 6944 PptpMiniport - ok
00:26:09.0783 6944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:26:09.0783 6944 Processor - ok
00:26:09.0830 6944 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:26:09.0830 6944 ProfSvc - ok
00:26:09.0877 6944 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:26:09.0892 6944 ProtectedStorage - ok
00:26:09.0955 6944 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:26:09.0955 6944 Psched - ok
00:26:09.0970 6944 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
00:26:09.0970 6944 purendis - ok
00:26:10.0142 6944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:26:10.0157 6944 ql2300 - ok
00:26:10.0329 6944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:26:10.0329 6944 ql40xx - ok
00:26:10.0407 6944 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:26:10.0407 6944 QWAVE - ok
00:26:10.0423 6944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:26:10.0423 6944 QWAVEdrv - ok
00:26:10.0532 6944 rak (bf87969494ff4c9068f0d8b4a0a43711) C:\Game\SoftnyxGame\RakionIS\Bin\rakion64.sys
00:26:10.0532 6944 rak - ok
00:26:10.0547 6944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:26:10.0547 6944 RasAcd - ok
00:26:10.0610 6944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:26:10.0610 6944 RasAgileVpn - ok
00:26:10.0625 6944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:26:10.0625 6944 RasAuto - ok
00:26:10.0688 6944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:26:10.0688 6944 Rasl2tp - ok
00:26:10.0781 6944 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:26:10.0781 6944 RasMan - ok
00:26:10.0813 6944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:26:10.0813 6944 RasPppoe - ok
00:26:10.0828 6944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:26:10.0828 6944 RasSstp - ok
00:26:10.0891 6944 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:26:10.0891 6944 rdbss - ok
00:26:10.0906 6944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:26:10.0906 6944 rdpbus - ok
00:26:10.0922 6944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:26:10.0922 6944 RDPCDD - ok
00:26:10.0937 6944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:26:10.0937 6944 RDPENCDD - ok
00:26:10.0953 6944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:26:10.0953 6944 RDPREFMP - ok
00:26:11.0031 6944 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:26:11.0031 6944 RDPWD - ok
00:26:11.0093 6944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:26:11.0093 6944 rdyboost - ok
00:26:11.0156 6944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:26:11.0156 6944 RemoteAccess - ok
00:26:11.0203 6944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:26:11.0203 6944 RemoteRegistry - ok
00:26:11.0312 6944 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
00:26:11.0312 6944 RivaTuner64 - ok
00:26:11.0343 6944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:26:11.0343 6944 RpcEptMapper - ok
00:26:11.0390 6944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:26:11.0390 6944 RpcLocator - ok
00:26:11.0515 6944 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:26:11.0530 6944 RpcSs - ok
00:26:11.0624 6944 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:26:11.0624 6944 RsFx0103 - ok
00:26:11.0655 6944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:26:11.0655 6944 rspndr - ok
00:26:11.0717 6944 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:26:11.0717 6944 SamSs - ok
00:26:11.0889 6944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:26:11.0889 6944 sbp2port - ok
00:26:11.0936 6944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:26:11.0936 6944 SCardSvr - ok
00:26:11.0983 6944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:26:11.0983 6944 scfilter - ok
00:26:12.0170 6944 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:26:12.0185 6944 Schedule - ok
00:26:12.0248 6944 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:26:12.0248 6944 SCPolicySvc - ok
00:26:12.0279 6944 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:26:12.0279 6944 SDRSVC - ok
00:26:12.0295 6944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:26:12.0295 6944 secdrv - ok
00:26:12.0357 6944 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:26:12.0357 6944 seclogon - ok
00:26:12.0373 6944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:26:12.0373 6944 SENS - ok
00:26:12.0388 6944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:26:12.0388 6944 SensrSvc - ok
00:26:12.0404 6944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:26:12.0404 6944 Serenum - ok
00:26:12.0435 6944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:26:12.0435 6944 Serial - ok
00:26:12.0451 6944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:26:12.0451 6944 sermouse - ok
00:26:12.0513 6944 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:26:12.0513 6944 SessionEnv - ok
00:26:12.0560 6944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:26:12.0560 6944 sffdisk - ok
00:26:12.0575 6944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:26:12.0575 6944 sffp_mmc - ok
00:26:12.0591 6944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:26:12.0591 6944 sffp_sd - ok
00:26:12.0607 6944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:26:12.0607 6944 sfloppy - ok
00:26:12.0700 6944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:26:12.0700 6944 SharedAccess - ok
00:26:12.0794 6944 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:26:12.0794 6944 ShellHWDetection - ok
00:26:12.0825 6944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:26:12.0825 6944 SiSRaid2 - ok
00:26:12.0841 6944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:26:12.0841 6944 SiSRaid4 - ok
00:26:12.0856 6944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:26:12.0856 6944 Smb - ok
00:26:12.0934 6944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:26:12.0934 6944 SNMPTRAP - ok
00:26:12.0950 6944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:26:12.0950 6944 spldr - ok
00:26:13.0012 6944 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:26:13.0028 6944 Spooler - ok
00:26:13.0511 6944 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:26:13.0558 6944 sppsvc - ok
00:26:13.0730 6944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:26:13.0730 6944 sppuinotify - ok
00:26:13.0839 6944 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
00:26:13.0839 6944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
00:26:13.0839 6944 sptd ( LockedFile.Multi.Generic ) - warning
00:26:13.0839 6944 sptd - detected LockedFile.Multi.Generic (1)
00:26:14.0011 6944 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:26:14.0011 6944 SQLAgent$SQLEXPRESS - ok
00:26:14.0167 6944 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:26:14.0167 6944 SQLBrowser - ok
00:26:14.0291 6944 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:26:14.0291 6944 SQLWriter - ok
00:26:14.0510 6944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:26:14.0510 6944 srv - ok
00:26:14.0572 6944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:26:14.0572 6944 srv2 - ok
00:26:14.0603 6944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:26:14.0603 6944 srvnet - ok
00:26:14.0681 6944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:26:14.0697 6944 SSDPSRV - ok
00:26:14.0713 6944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:26:14.0728 6944 SstpSvc - ok
00:26:14.0853 6944 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:26:14.0869 6944 Stereo Service - ok
00:26:14.0915 6944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:26:14.0915 6944 stexstor - ok
00:26:15.0025 6944 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:26:15.0040 6944 stisvc - ok
00:26:15.0087 6944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:26:15.0103 6944 swenum - ok
00:26:15.0165 6944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:26:15.0165 6944 swprv - ok
00:26:15.0430 6944 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:26:15.0446 6944 SysMain - ok
00:26:15.0633 6944 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:26:15.0633 6944 TabletInputService - ok
00:26:15.0727 6944 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:26:15.0727 6944 TapiSrv - ok
00:26:15.0805 6944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:26:15.0805 6944 TBS - ok
00:26:16.0085 6944 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:26:16.0101 6944 Tcpip - ok
00:26:16.0429 6944 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:26:16.0444 6944 TCPIP6 - ok
00:26:16.0600 6944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:26:16.0600 6944 tcpipreg - ok
00:26:16.0663 6944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:26:16.0663 6944 TDPIPE - ok
00:26:16.0725 6944 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:26:16.0725 6944 TDTCP - ok
00:26:16.0787 6944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:26:16.0787 6944 tdx - ok
00:26:16.0834 6944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:26:16.0834 6944 TermDD - ok
00:26:16.0975 6944 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:26:16.0990 6944 TermService - ok
00:26:17.0037 6944 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:26:17.0053 6944 Themes - ok
00:26:17.0099 6944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:26:17.0099 6944 THREADORDER - ok
00:26:17.0131 6944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:26:17.0131 6944 TrkWks - ok
00:26:17.0209 6944 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:26:17.0209 6944 TrustedInstaller - ok
00:26:17.0271 6944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:26:17.0271 6944 tssecsrv - ok
00:26:17.0333 6944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:26:17.0333 6944 TsUsbFlt - ok
00:26:17.0396 6944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:26:17.0396 6944 tunnel - ok
00:26:17.0411 6944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:26:17.0411 6944 uagp35 - ok
00:26:17.0474 6944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:26:17.0474 6944 udfs - ok
00:26:17.0505 6944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:26:17.0505 6944 UI0Detect - ok
00:26:17.0521 6944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:26:17.0521 6944 uliagpkx - ok
00:26:17.0583 6944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:26:17.0583 6944 umbus - ok
00:26:17.0614 6944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:26:17.0614 6944 UmPass - ok
00:26:17.0661 6944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:26:17.0677 6944 upnphost - ok
00:26:17.0755 6944 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
00:26:17.0755 6944 USBAAPL64 - ok
00:26:17.0817 6944 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
00:26:17.0817 6944 usbccgp - ok
00:26:17.0895 6944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:26:17.0895 6944 usbcir - ok
00:26:17.0926 6944 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
00:26:17.0926 6944 usbehci - ok
00:26:17.0973 6944 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
00:26:17.0973 6944 usbhub - ok
00:26:18.0004 6944 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:26:18.0004 6944 usbohci - ok
00:26:18.0020 6944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:26:18.0020 6944 usbprint - ok
00:26:18.0035 6944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:26:18.0051 6944 usbscan - ok
00:26:18.0067 6944 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
00:26:18.0067 6944 USBSTOR - ok
00:26:18.0082 6944 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:26:18.0082 6944 usbuhci - ok
00:26:18.0098 6944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:26:18.0113 6944 UxSms - ok
00:26:18.0160 6944 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:26:18.0160 6944 VaultSvc - ok
00:26:18.0176 6944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:26:18.0176 6944 vdrvroot - ok
00:26:18.0254 6944 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:26:18.0269 6944 vds - ok
00:26:18.0301 6944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:26:18.0301 6944 vga - ok
00:26:18.0301 6944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:26:18.0301 6944 VgaSave - ok
00:26:18.0332 6944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:26:18.0347 6944 vhdmp - ok
00:26:18.0347 6944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:26:18.0347 6944 viaide - ok
00:26:18.0410 6944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:26:18.0410 6944 volmgr - ok
00:26:18.0503 6944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:26:18.0503 6944 volmgrx - ok
00:26:18.0550 6944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:26:18.0550 6944 volsnap - ok
00:26:18.0581 6944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:26:18.0581 6944 vsmraid - ok
00:26:18.0831 6944 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:26:18.0862 6944 VSS - ok
00:26:18.0893 6944 vtany - ok
00:26:19.0018 6944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:26:19.0018 6944 vwifibus - ok
00:26:19.0112 6944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:26:19.0127 6944 W32Time - ok
00:26:19.0159 6944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:26:19.0159 6944 WacomPen - ok
00:26:19.0174 6944 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:26:19.0174 6944 WANARP - ok
00:26:19.0174 6944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:26:19.0174 6944 Wanarpv6 - ok
00:26:19.0361 6944 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:26:19.0361 6944 WatAdminSvc - ok
00:26:19.0642 6944 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:26:19.0658 6944 wbengine - ok
00:26:19.0861 6944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:26:19.0861 6944 WbioSrvc - ok
00:26:19.0954 6944 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:26:19.0954 6944 wcncsvc - ok
00:26:19.0970 6944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:26:19.0970 6944 WcsPlugInService - ok
00:26:20.0032 6944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:26:20.0032 6944 Wd - ok
00:26:20.0095 6944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:26:20.0095 6944 Wdf01000 - ok
00:26:20.0126 6944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:26:20.0126 6944 WdiServiceHost - ok
00:26:20.0141 6944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:26:20.0141 6944 WdiSystemHost - ok
00:26:20.0219 6944 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:26:20.0219 6944 WebClient - ok
00:26:20.0266 6944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:26:20.0266 6944 Wecsvc - ok
00:26:20.0297 6944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:26:20.0297 6944 wercplsupport - ok
00:26:20.0313 6944 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:26:20.0313 6944 WerSvc - ok
00:26:20.0344 6944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:26:20.0344 6944 WfpLwf - ok
00:26:20.0360 6944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:26:20.0360 6944 WIMMount - ok
00:26:20.0391 6944 WinDefend - ok
00:26:20.0407 6944 WinHttpAutoProxySvc - ok
00:26:20.0485 6944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:26:20.0500 6944 Winmgmt - ok
00:26:20.0750 6944 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:26:20.0781 6944 WinRM - ok
00:26:20.0984 6944 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:26:20.0984 6944 WinUsb - ok
00:26:21.0155 6944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:26:21.0171 6944 Wlansvc - ok
00:26:21.0530 6944 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:26:21.0545 6944 wlidsvc - ok
00:26:21.0717 6944 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
00:26:21.0717 6944 WmBEnum - ok
00:26:21.0779 6944 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
00:26:21.0779 6944 WmFilter - ok
00:26:21.0826 6944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:26:21.0826 6944 WmiAcpi - ok
00:26:22.0045 6944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:26:22.0045 6944 wmiApSrv - ok
00:26:22.0091 6944 WMPNetworkSvc - ok
00:26:22.0107 6944 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
00:26:22.0107 6944 WmVirHid - ok
00:26:22.0138 6944 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
00:26:22.0138 6944 WmXlCore - ok
00:26:22.0201 6944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:26:22.0216 6944 WPCSvc - ok
00:26:22.0263 6944 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:26:22.0279 6944 WPDBusEnum - ok
00:26:22.0325 6944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:26:22.0325 6944 ws2ifsl - ok
00:26:22.0341 6944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:26:22.0341 6944 wscsvc - ok
00:26:22.0357 6944 WSearch - ok
00:26:22.0700 6944 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:26:22.0715 6944 wuauserv - ok
00:26:22.0918 6944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:26:22.0918 6944 WudfPf - ok
00:26:22.0949 6944 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:26:22.0949 6944 WUDFRd - ok
00:26:22.0996 6944 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:26:23.0012 6944 wudfsvc - ok
00:26:23.0059 6944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:26:23.0059 6944 WwanSvc - ok
00:26:23.0277 6944 X6va002 - ok
00:26:23.0293 6944 X6va003 - ok
00:26:23.0293 6944 X6va005 - ok
00:26:23.0511 6944 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
00:26:23.0527 6944 xnacc - ok
00:26:23.0527 6944 xsherlock - ok
00:26:23.0542 6944 xspirit - ok
00:26:23.0558 6944 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
00:26:23.0995 6944 \Device\Harddisk0\DR0 - ok
00:26:23.0995 6944 Boot (0x1200) (2264c9eca02c23f84845ff12bf997f3b) \Device\Harddisk0\DR0\Partition0
00:26:23.0995 6944 \Device\Harddisk0\DR0\Partition0 - ok
00:26:24.0010 6944 Boot (0x1200) (a93ac739b8f05a63e47fb097e8408048) \Device\Harddisk0\DR0\Partition1
00:26:24.0010 6944 \Device\Harddisk0\DR0\Partition1 - ok
00:26:24.0010 6944 ============================================================
00:26:24.0010 6944 Scan finished
00:26:24.0010 6944 ============================================================
00:26:24.0041 2864 Detected object count: 1
00:26:24.0041 2864 Actual detected object count: 1
00:40:24.0525 2864 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:40:24.0525 2864 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:40:26.0928 0808 Deinitialize success

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 11 July 2012 - 03:17 PM

Greeting nopopup,

Thank you for your prompt response. There is a bit of information to review so please be patient. Let's hold of on running any other programs until you hear back from me. There is always the possibility that a well intended misstep can do more harm than good. Sounds like you have your hands full with enough already!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 12 July 2012 - 05:24 PM

Greetings nopopup,

Thank you for allowing me some time to review all of the information. The TDSSKiller entry you see each time you run the program is a legitimate file. It is related to CD Emulation and the md5 (sort of fingerprint) verifies it is a good file. TDSSKiller is being cautious and as you can notice it did not flag it as malicious software.

There is indeed other evidence of malicious software on your computer causing the redirect issue. However, it is a bit more concerning than that and so I must advise you of the following and then provide an initial step we can take for your consideration.


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • How is your computer behaving now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 12 July 2012 - 10:36 PM

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

= Thank you for your help. i decided to go through with the cleanup, but what is the other option? Reformat?

#7 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 12 July 2012 - 11:34 PM

I ran combofix.exe and it did all the scanning and restarted my computer and then made the log file successfully. But after my computer restarted, i got a message saying
c:\users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll is missing but i just clicked ok and closed it. Also, the internet explorer is loading much faster and I see no more pop-up advertisements!!! YAY! Thank you so much!!!!
But does this mean my computer and my accounts are protected from now on? and do I really have to change my account passwords and everything? and what can i do to prevent this google redirect virus from happening again in the future ? Do you think comodo firewall and avira antivirus are enough?

Also, from the log file, I see a dll file for adobe is removed by combofix and what i heard is that the virus is distributed by the fake adobe update patch. Is that true? If not, what was causing this redirect virus.

Lastly, while I was trying fix this problem before I request for help from you, I found a site that suggests me to disable/stop DNS Client in the Services window in order to fix the problem but apprently it didn't fix it. combofix and you did it. So should i turn the DNS Client back on(Enable it?) ?


Again, thank you so much for fixing this virus.


Here is the log file from combofix


ComboFix 12-07-12.02 - Park 2/2012 Thu 23:48:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8191.5742 [GMT -4:00]
Running from: c:\users\Park\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 04:01 . 2012-07-13 04:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 04:01 . 2012-07-13 04:01 -------- d-----w- c:\users\sunghun.Park-PC\AppData\Local\temp
2012-07-13 04:01 . 2012-07-13 04:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 04:01 . 2012-07-13 04:01 -------- d-----w- c:\users\Guest.Park-PC\AppData\Local\temp
2012-07-13 04:01 . 2012-07-13 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 22:43 . 2012-07-12 22:43 -------- d-----w- c:\users\Park\AppData\Roaming\Titanium
2012-07-12 22:42 . 2012-07-12 22:42 -------- d-----w- c:\program files (x86)\PEXD
2012-07-12 15:48 . 2012-07-12 15:54 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - character save1 naver with other mod
2012-07-11 14:58 . 2012-07-11 14:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 13:25 . 2012-07-11 13:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-11 12:53 . 2012-07-11 13:25 -------- d-----w- c:\programdata\HitmanPro
2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- C:\Backreg
2012-07-11 04:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:14 . 2012-07-11 15:34 -------- d-----w- c:\programdata\RegRun
2012-07-11 04:13 . 2012-07-11 04:13 2 --shatr- c:\windows\winstart.bat
2012-07-11 04:13 . 2012-06-27 20:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2012-07-11 04:13 . 2012-07-11 04:14 -------- d-----w- c:\program files (x86)\UnHackMe
2012-07-11 03:31 . 2012-07-11 03:31 -------- d-----w- c:\users\Park\AppData\Local\AskToolbar
2012-07-11 03:27 . 2012-07-11 03:28 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-11 02:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-09 16:59 . 2012-07-09 17:03 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha with ADEC bodytexture
2012-07-09 14:21 . 2012-07-09 14:23 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha ONLY
2012-07-09 13:24 . 2012-07-09 13:24 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - envision face ONLY1
2012-07-08 21:19 . 2012-07-08 21:19 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-05 20:41 . 2012-07-06 00:16 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - succubus with other mods
2012-07-03 19:29 . 2012-07-04 00:36 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Tiffany
2012-07-03 12:39 . 2012-07-09 17:34 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha with ADEC and other mods
2012-06-26 20:50 . 2012-07-12 22:08 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-06-24 13:34 . 2012-06-24 13:34 -------- d-----w- c:\users\Park\AppData\Roaming\Avira
2012-06-24 13:28 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-24 13:28 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-24 13:28 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-24 13:28 . 2012-07-11 03:28 -------- d-----w- c:\programdata\Avira
2012-06-24 13:28 . 2012-06-24 13:28 -------- d-----w- c:\program files (x86)\Avira
2012-06-23 10:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 10:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 10:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 10:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 10:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 10:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 10:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 10:05 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 10:05 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 15:38 . 2012-05-22 19:47 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-13 05:08 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 05:08 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 05:08 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 05:07 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 05:07 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 05:07 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 05:07 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 12:12 . 2012-04-19 20:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 12:12 . 2011-06-04 12:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 20:25 . 2011-08-02 23:16 625984 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 17:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Park\AppData\Local\Akamai\netsession_win.exe" [2011-10-29 3292248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-2-8 1207312]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-16 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-05-02 12824]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\rakion64.sys [2012-04-14 45176]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24\RivaTuner64.sys [2011-11-30 19952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 X6va002;X6va002;c:\users\Park\AppData\Local\Temp\0029A6B.tmp [x]
R3 X6va003;X6va003;c:\users\Park\AppData\Local\Temp\00373A5.tmp [x]
R3 X6va005;X6va005;c:\users\Park\AppData\Local\Temp\005F8F8.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-28 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-05-11 20968]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2010-05-02 15768]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IDSVia64
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SYMDNS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 03:16]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 03:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?q=&o=APN10400&l=dis&qsrc=119&gct=bar&locale=en_US&dc=us
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Park\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMStarter.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://c9.hangame.com/common/HanSetup1030.cab
DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} - hxxp://www.kiwidisk.com/app/KiwidiskCtrl.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://hancdn.hangame.com/pub/plii/real/PubPlugin.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Adobe - c:\users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll
Wow6432Node-HKU-Default-Run-Adobe - c:\users\Park\AppData\Local\Apple\Adobe\pozscblcg.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\0029A6B.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\00373A5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\005F8F8.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\* 5*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\0* %*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* *]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* 3*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3297356788-2914212724-1035185101-1000)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,1c,9e,65,26,c5,6d,69,32,18,f1,35,00,03,8c,68,fb,5f,03,cd,f0,
de,9d,57,4d,c0,e0,53,63,8d,54,c5,ae,f4,f9,53,75,64,06,bf,f3,83,2c,6d,73,f8,\
"rkeysecu"=hex:9b,c4,5a,17,54,71,0d,12,68,6b,c0,51,dd,ab,5c,ad
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2012-07-13 00:15:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 04:15
.
Pre-Run: 60,111,495,168 bytes free
Post-Run: 79,547,871,232 bytes free
.
- - End Of File - - 09C01C87CD73706E124AAADF84CD1F05

Edited by nopopup, 12 July 2012 - 11:43 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 13 July 2012 - 12:05 PM

Greetings nopopup,

Thank you for posting the information. Please allow me just a bit of time to review it.

Yes, the only certain way to be 100% sure is to reformat. If at any time you change your mind, for whatever reason, we can always reformat. Either way, it is never a bad idea to clean the files whether you keep them as is on your machine or back them up to put them on the reformatted hard drive.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 13 July 2012 - 05:33 PM

Thank you for your reply.
So, do you recommend me to reformat? If i don't what's the percentage of my web site accounts getting hacked because of this redirect virus?
Also, I would be so happy if you can answer all of my questions on my previous post. Thank you so much.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 13 July 2012 - 05:43 PM

Greetings nopopups,

I am actually in the process of reviewing your logs and putting together steps for you to take in addition to answering the questions/concerns you have (and have been for the past 2+ hours!) :)

I am just as eager to answer back as you are to receive an answer. As soon as I put together my response for my mentor to review I will send it to him. Due to the time zone difference I can't guarantee an immediate posting subsequent to that but check back periodically. Hopefully something will be posted soon.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 13 July 2012 - 07:40 PM

Greetings nopopup,


I will attempt to answer your questions then I will send you on a malware mission!


The message your received regarding the missing .dll is nothing to worry about. The issue was addressed despite the notice you received.

As far as your accounts being protected, there is always the potential for compromise even if you reformat. If you think about it, your computer system was clean when new, then it got infected. If we are not careful it can happen again. I can not decide for you whether or not to reformat. Most people clean their machine and do not reformat but that is a personal choice.

Malicious software is mostly designed to separate you from your money one way or another. One of the fastest ways to do that is to steal your login and password information for your financial institutions. Obvioulsy if not so nice people wanted to go that route they would strike right away and hit it hard before anyone noticed. If you have not noticed any irregularities with your finances that is a good sign. If you decide against reformatting changing your login and/or passwords is cheap insurance and may provide additional peace of mind. If you are having trouble sleeping at night over the state of your computer then something needs to be changed. If not, then whatever your decision is would be fine. Everyone's comfort zone is different.

Once we have determined your computer is clean I will be giving you extensive information upon which you can act in order to provide greater protection against infection in the future.

Yes in fact that "Adobe" file was the conduit through which your computer became infected.

You may return the DNS Client back to its original setting.

OK, hopefully I have addressed all of your concerns. Now is the time to take some more steps.

There is a suspicious file I would like to have scanned. Also, there are 4 registry keys we need to take a deeper look into. Lastly, I would like you to remove a toolbar.

Please perform the following for me, if you would.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    c:\windows\vtany.sys
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    REGNULL::
    [HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\* 5*]
    [HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\0* %*]
    [HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* *]
    [HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* 3*]
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Uninstalling a Program using Add/Remove Program

--------------------

You have several toolbars installed on your computer. One in particular, Ask, should be removed.

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of programs installed will be displayed
  • Uninstall the following by clicking on the program(s) below and selecting Remove or Uninstall

    Ask Toolbar (or any variation of Ask)

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Virustotal link
  • Combofix.txt
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 13 July 2012 - 10:33 PM

I could NOT find c:\windows\vtany.sys . I even set the folder setting to show the hidden files but could not find it.

So I did the second step but I forgot to turn off Avira antivirus and comodo firewall before I dragged the CFScript.txt file into the ComboFix.exe . Nonetheless, it started doing something in a window and then after it finished a pop-up message showed up that says that I need to turn them off before proceeding. That was when I realized I forgot to turn them off. So, after I turned them off I clicked "OK" and then the blue screen appeared and started doing its thing. Is this ok?

Here is the log file. And why are the Ask.com-related toolbars bad? Do they cause virus? Thank you again for your help.


ComboFix 12-07-12.02 - Park 3/2012 Fri 22:49:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8191.5868 [GMT -4:00]
Running from: c:\users\Park\Desktop\from bleepingcomputer.com\ComboFix.exe
Command switches used :: c:\users\Park\Desktop\from bleepingcomputer.com\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\sunghun\AppData\Local\temp
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\sunghun.Park-PC\AppData\Local\temp
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\Guest.Park-PC\AppData\Local\temp
2012-07-14 03:02 . 2012-07-14 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 22:43 . 2012-07-12 22:43 -------- d-----w- c:\users\Park\AppData\Roaming\Titanium
2012-07-12 22:42 . 2012-07-12 22:42 -------- d-----w- c:\program files (x86)\PEXD
2012-07-12 15:48 . 2012-07-12 15:54 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - character save1 naver with other mod
2012-07-11 14:58 . 2012-07-11 14:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 13:25 . 2012-07-11 13:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-11 12:53 . 2012-07-11 13:25 -------- d-----w- c:\programdata\HitmanPro
2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- C:\Backreg
2012-07-11 04:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:14 . 2012-07-11 15:34 -------- d-----w- c:\programdata\RegRun
2012-07-11 04:13 . 2012-07-11 04:13 2 --shatr- c:\windows\winstart.bat
2012-07-11 04:13 . 2012-07-13 16:03 -------- d-----w- c:\program files (x86)\UnHackMe
2012-07-11 03:31 . 2012-07-11 03:31 -------- d-----w- c:\users\Park\AppData\Local\AskToolbar
2012-07-11 03:27 . 2012-07-11 03:28 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-11 02:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-09 16:59 . 2012-07-09 17:03 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha with ADEC bodytexture
2012-07-09 14:21 . 2012-07-09 14:23 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha ONLY
2012-07-09 13:24 . 2012-07-09 13:24 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - envision face ONLY1
2012-07-08 21:19 . 2012-07-08 21:19 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-05 20:41 . 2012-07-06 00:16 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - succubus with other mods
2012-07-03 19:29 . 2012-07-04 00:36 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Tiffany
2012-07-03 12:39 . 2012-07-09 17:34 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim - Misha with ADEC and other mods
2012-06-26 20:50 . 2012-07-12 22:08 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-06-24 13:34 . 2012-06-24 13:34 -------- d-----w- c:\users\Park\AppData\Roaming\Avira
2012-06-24 13:28 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-24 13:28 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-24 13:28 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-24 13:28 . 2012-07-11 03:28 -------- d-----w- c:\programdata\Avira
2012-06-24 13:28 . 2012-06-24 13:28 -------- d-----w- c:\program files (x86)\Avira
2012-06-23 10:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 10:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 10:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 10:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 10:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 10:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 10:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 10:05 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 10:05 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 15:38 . 2012-05-22 19:47 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 12:12 . 2012-04-19 20:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 12:12 . 2011-06-04 12:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 11:06 . 2012-06-13 05:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 05:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 05:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55 . 2012-06-13 05:07 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 05:08 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 05:08 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 05:08 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2011-06-03 20:25 . 2011-08-02 23:16 625984 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_04.05.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 01:11 . 2012-07-13 11:50 71418 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 11:50 41674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-28 00:53 . 2012-07-13 11:50 24940 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3297356788-2914212724-1035185101-1000_UserData.bin
- 2010-02-27 23:34 . 2012-07-13 03:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 23:34 . 2012-07-14 00:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 23:34 . 2012-07-14 00:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-27 23:34 . 2012-07-13 03:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 00:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 03:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-13 11:51 91568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-28 01:48 . 2012-07-13 05:16 3344 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-13 04:04 . 2012-07-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 11:47 . 2012-07-13 11:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 04:04 . 2012-07-13 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 11:47 . 2012-07-13 11:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-13 04:02 428824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 05:16 428824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-13 11:51 7154547 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-11 12:16 7154547 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-15 06:51 . 2012-07-13 05:16 25208965 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3297356788-2914212724-1035185101-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 17:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Park\AppData\Local\Akamai\netsession_win.exe" [2011-10-29 3292248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-2-8 1207312]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-16 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-05-02 12824]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-05-11 20968]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2010-05-02 15768]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IDSVia64
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SYMDNS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 03:16]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 03:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?q=&o=APN10400&l=dis&qsrc=119&gct=bar&locale=en_US&dc=us
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Park\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMStarter.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://c9.hangame.com/common/HanSetup1030.cab
DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} - hxxp://www.kiwidisk.com/app/KiwidiskCtrl.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://hancdn.hangame.com/pub/plii/real/PubPlugin.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\0029A6B.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\00373A5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Park\AppData\Local\Temp\005F8F8.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\* 5*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\0* %*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* *]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\P* 3*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3297356788-2914212724-1035185101-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3297356788-2914212724-1035185101-1000)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-13 23:06:13
ComboFix-quarantined-files.txt 2012-07-14 03:06
ComboFix2.txt 2012-07-13 04:15
.
Pre-Run: 71,023,607,808 bytes free
Post-Run: 70,971,662,336 bytes free
.
- - End Of File - - 1AEFBDE7B9052241D657490F9569B904

Edited by nopopup, 13 July 2012 - 10:49 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 15 July 2012 - 07:37 AM

Greetings nopopup,

I have not forgotten you. As soon as I receive approval for my next post I will send it your way!

Thank you for your understanding.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 15 July 2012 - 04:20 PM

Greetings nopopup,


Is this ok?

Perfect.

----------

And why are the Ask.com-related toolbars bad? Do they cause virus?

Please return to Post #11 and click on the "Ask" link in the Uninstall Programs section

----------

Let's go looking for the file you were unable to locate.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    vtany.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook information
  • Are you noticing any issues with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 nopopup

nopopup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 15 July 2012 - 04:48 PM

I'm not noticing any issues anymore. But I was wondering how exactly hackers hack my accounts to get passwords. Do they try to take my web browser cookies or such files that I have in my computer over the last few years to steal my password? I'm just assuming the browser cookies or such files contain my ID and password.

Or do they lead me to their own fake sites so that I type-in my password and then they take it?



SystemLook 30.07.11 by jpshortstuff
Log created at 17:37 on 15/07/2012 by Park
Administrator - Elevation successful

========== filefind ==========

Searching for "vtany.*"
No files found.

-= EOF =-

Edited by nopopup, 15 July 2012 - 04:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users