Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicion that I have this Windows Command Processor lurking


  • This topic is locked This topic is locked
39 replies to this topic

#1 TCKW

TCKW

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 15 July 2012 - 10:52 AM

Hi anyone. I am looking for someone who can offer me his or her valuable advice and assistance which I thank in advance. Couple of days ago, out of nowhere, the first time in my years of web surfing, immediately after my laptop computer booted up, I was faced with this cmd prompt box indicating a request to allow windows command processor, choice of yes or no. Of course I click NO the first time. But when it repeated, I took very quick same action and I thought I might have click a yes this time, instead of NO.Subsequently I was really unsure did I click a YES the seond time.

I have a ackward feeling of suspicion that my computer is infected. My suspicon is borned out of the fact that this time whenever I execute the TFC to clean up after each session before I log off my computer, this time the computer did not auto log off as it usually does so often.

My computer is a HP laptop running windows home premium 64 bit. I have Eset Nod 32 version 5 uptodate. I used malwarebytes antimalware scanned couple of times but nothing shows up.

If need be, can someone check my HJT log which I can run and have the posted.

Looking forward to hear from kind helpers here.

Thanks.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 PM

Posted 20 July 2012 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not providing accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

===

Include this log also.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 20 July 2012 - 11:59 PM

Oops this may be my second reply. I wonder where is earlier one gone to?

Hi there, thank you very much. Its nice to meet you here, finally. But I have a problem. Due to my travel the next 10 days, I poossibly will not have enough to cooperate and engage you which rather saddens me as I still need assistance.

How can I pend this for the next 10 days after my work travel till then I am more settled to work with you? Well I really do appreciate very much, Basdaq your valuable time taken to help.

Please let me know. Thanks again and I appreciate.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 PM

Posted 21 July 2012 - 10:15 AM

I will try to remember not to close it. Should the topic be closed when you return send me a Personal Message and I will re open it.

#5 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 16 August 2012 - 01:19 AM

HI I am so terribly sorry about resuming this. Please let me know can I still seek assistance? Thank you.

#6 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 16 August 2012 - 01:20 AM

Hi I am so terribly sorry I forgot to come back here. Please let me know can I still seek your assistance? Thank you.

#7 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 17 August 2012 - 04:36 AM

Hi there.

Sorry for being late.

Shall I resume to do as what you instructed in your last post Jul 20th?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 PM

Posted 19 August 2012 - 07:02 AM

Sorry about being late also.

Please post the logs requested in post no 2.

#9 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 19 August 2012 - 09:58 AM

Hi better late than never I believe.

I am unsucessful a few times in getting to d/l both the dds and screen 317 even I dsiabled my ESET security s/w. The dialog showed 'do you want to open or save .....from download.bleeping.....three choices open, save, cancel. I attempted both slections, open and save at separate times for both screen 317 and dds at different times, an alert appeared 'your security settings do not allow you to download'.

Even now after the various unsuccessful attempts, when I crossed OR Canel the the window, I cannot. I have to X to closed my IE 9.

Whats next please?

#10 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 19 August 2012 - 10:02 AM

I did another attempt after I stop my malware bytes from running also failed.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:40 PM

Posted 19 August 2012 - 12:32 PM

Run these tools in normal mode. If unable to be a log run them from Safe mode.
How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#12 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 19 August 2012 - 10:42 PM

Hi there. I suspect something very nasty is happening or has happened all this while, and I think I have a lot to write about in order for you to appreciate more of whats inside and what happened, and therefore enable you to help me easier. Since English is not my native lingo, I might not write clear enough, but I ll try.

As said, I cannot d/l the screen 317 and the dds. Here's the TDSS report. It scanned one time very smoothly, no reboot, no cleaning or any other process as I observed it lasted for a couple of miniutes. As below Part One:

01:51:11.0015 4752 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
01:51:11.0602 4752 ============================================================
01:51:11.0602 4752 Current date / time: 2012/08/20 01:51:11.0602
01:51:11.0602 4752 SystemInfo:
01:51:11.0602 4752
01:51:11.0603 4752 OS Version: 6.1.7601 ServicePack: 1.0
01:51:11.0603 4752 Product type: Workstation
01:51:11.0603 4752 ComputerName: TERENCEHPENVY14
01:51:11.0603 4752 UserName: Terence
01:51:11.0603 4752 Windows directory: C:\Windows
01:51:11.0603 4752 System windows directory: C:\Windows
01:51:11.0603 4752 Running under WOW64
01:51:11.0603 4752 Processor architecture: Intel x64
01:51:11.0603 4752 Number of processors: 4
01:51:11.0603 4752 Page size: 0x1000
01:51:11.0603 4752 Boot type: Normal boot
01:51:11.0603 4752 ============================================================
01:51:12.0117 4752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:51:12.0128 4752 Drive \Device\Harddisk1\DR1 - Size: 0x7449FF6000 (465.16 Gb), SectorSize: 0x200, Cylinders: 0xED32, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:51:12.0137 4752 ============================================================
01:51:12.0137 4752 \Device\Harddisk0\DR0:
01:51:12.0137 4752 MBR partitions:
01:51:12.0138 4752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:51:12.0138 4752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD73C000
01:51:12.0138 4752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD76E800, BlocksNum 0xB98C000
01:51:12.0138 4752 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x190FA800, BlocksNum 0xC333800
01:51:12.0138 4752 ============================================================
01:51:12.0179 4752 C: <-> \Device\Harddisk0\DR0\Partition2
01:51:12.0221 4752 D: <-> \Device\Harddisk0\DR0\Partition3
01:51:12.0247 4752 E: <-> \Device\Harddisk0\DR0\Partition4
01:51:12.0294 4752 ============================================================
01:51:12.0294 4752 Initialize success
01:51:12.0294 4752 ============================================================
01:56:19.0113 7152 ============================================================
01:56:19.0113 7152 Scan started
01:56:19.0113 7152 Mode: Manual;
01:56:19.0113 7152 ============================================================
01:56:21.0480 7152 ================ Scan services =============================
01:56:21.0644 7152 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:56:21.0647 7152 1394ohci - ok
01:56:21.0698 7152 [ 5c368f4b04ed2a923e6afca2d37baff5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
01:56:21.0699 7152 Accelerometer - ok
01:56:21.0739 7152 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:56:21.0742 7152 ACPI - ok
01:56:21.0770 7152 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:56:21.0771 7152 AcpiPmi - ok
01:56:21.0895 7152 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:56:21.0896 7152 AdobeFlashPlayerUpdateSvc - ok
01:56:21.0936 7152 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:56:21.0942 7152 adp94xx - ok
01:56:21.0969 7152 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:56:21.0972 7152 adpahci - ok
01:56:21.0997 7152 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:56:21.0999 7152 adpu320 - ok
01:56:22.0025 7152 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:56:22.0026 7152 AeLookupSvc - ok
01:56:22.0127 7152 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
01:56:22.0132 7152 AESTFilters - ok
01:56:22.0195 7152 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:56:22.0200 7152 AFD - ok
01:56:22.0229 7152 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:56:22.0230 7152 agp440 - ok
01:56:22.0253 7152 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
01:56:22.0255 7152 ALG - ok
01:56:22.0274 7152 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
01:56:22.0275 7152 aliide - ok
01:56:22.0306 7152 [ 48619a29f9c9c3cfeb66718dd03d8057 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:56:22.0309 7152 AMD External Events Utility - ok
01:56:22.0324 7152 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
01:56:22.0325 7152 amdide - ok
01:56:22.0346 7152 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:56:22.0347 7152 AmdK8 - ok
01:56:22.0532 7152 [ 06bf0785de714637eba9bb1084b28626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:56:22.0665 7152 amdkmdag - ok
01:56:22.0707 7152 [ 2dec3274589ff6889ab05adceeb0f642 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:56:22.0710 7152 amdkmdap - ok
01:56:22.0716 7152 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:56:22.0717 7152 AmdPPM - ok
01:56:22.0738 7152 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
01:56:22.0740 7152 amdsata - ok
01:56:22.0754 7152 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:56:22.0757 7152 amdsbs - ok
01:56:22.0773 7152 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:56:22.0774 7152 amdxata - ok
01:56:22.0837 7152 [ 37ea167782af19301af9c05804948bb2 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
01:56:22.0838 7152 AmUStor - ok
01:56:22.0862 7152 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
01:56:22.0864 7152 AppID - ok
01:56:22.0889 7152 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:56:22.0890 7152 AppIDSvc - ok
01:56:22.0915 7152 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:56:22.0916 7152 Appinfo - ok
01:56:22.0935 7152 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
01:56:22.0936 7152 arc - ok
01:56:22.0943 7152 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:56:22.0944 7152 arcsas - ok
01:56:22.0970 7152 Aspi32 - ok
01:56:22.0997 7152 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:56:22.0998 7152 AsyncMac - ok
01:56:23.0042 7152 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
01:56:23.0043 7152 atapi - ok
01:56:23.0079 7152 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:56:23.0081 7152 AtiHDAudioService - ok
01:56:23.0115 7152 [ 2d648572ba9a610952fcafba1e119c2d ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
01:56:23.0116 7152 AtiHdmiService - ok
01:56:23.0150 7152 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:56:23.0164 7152 AudioEndpointBuilder - ok
01:56:23.0174 7152 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:56:23.0177 7152 AudioSrv - ok
01:56:23.0203 7152 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:56:23.0205 7152 AxInstSV - ok
01:56:23.0232 7152 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:56:23.0237 7152 b06bdrv - ok
01:56:23.0264 7152 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:56:23.0267 7152 b57nd60a - ok
01:56:23.0302 7152 [ 702b5e70b13b406e00f1b591f302053b ] bautpw64 C:\Windows\system32\drivers\bautpw64.sys
01:56:23.0303 7152 bautpw64 - ok
01:56:23.0412 7152 [ b5d54119ce0bb77872c33a717cb76386 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
01:56:23.0499 7152 BCM43XX - ok
01:56:23.0599 7152 [ 2e552b658273b90251e0441631de2ca3 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
01:56:23.0602 7152 BcmSqlStartupSvc - ok
01:56:23.0627 7152 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:56:23.0628 7152 BDESVC - ok
01:56:23.0665 7152 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:56:23.0666 7152 Beep - ok
01:56:23.0700 7152 BFBackupUtilityService - ok
01:56:23.0706 7152 BFBackupUtilityVSSService - ok
01:56:23.0746 7152 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
01:56:23.0757 7152 BFE - ok
01:56:23.0800 7152 [ 3cc634f7bb138bf67bbca49ec8513f35 ] BFRD4G C:\Windows\system32\DRIVERS\BFRD4G.sys
01:56:23.0802 7152 BFRD4G - ok
01:56:23.0825 7152 [ 880b5ab95a773fe7214cb9bcd2544934 ] bftpdskc64 C:\Windows\system32\drivers\bftpdskc64.sys
01:56:23.0826 7152 bftpdskc64 - ok
01:56:23.0837 7152 [ 63f262d09c41888d5d60fd313d0203cf ] bftpusbx64 C:\Windows\system32\drivers\bftpusbx64.sys
01:56:23.0838 7152 bftpusbx64 - ok
01:56:23.0902 7152 [ 1b63f2b7ca6b5290cc124cdd07520bc9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
01:56:23.0903 7152 BingDesktopUpdate - ok
01:56:23.0945 7152 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
01:56:23.0987 7152 BITS - ok
01:56:24.0038 7152 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:56:24.0039 7152 blbdrive - ok
01:56:24.0092 7152 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:56:24.0094 7152 bowser - ok
01:56:24.0122 7152 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:56:24.0124 7152 BrFiltLo - ok
01:56:24.0130 7152 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:56:24.0131 7152 BrFiltUp - ok
01:56:24.0159 7152 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:56:24.0160 7152 BridgeMP - ok
01:56:24.0197 7152 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
01:56:24.0199 7152 Browser - ok
01:56:24.0216 7152 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:56:24.0219 7152 Brserid - ok
01:56:24.0226 7152 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:56:24.0227 7152 BrSerWdm - ok
01:56:24.0234 7152 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:56:24.0235 7152 BrUsbMdm - ok
01:56:24.0242 7152 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:56:24.0243 7152 BrUsbSer - ok
01:56:24.0285 7152 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:56:24.0286 7152 BthEnum - ok
01:56:24.0325 7152 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:56:24.0327 7152 BTHMODEM - ok
01:56:24.0363 7152 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:56:24.0365 7152 BthPan - ok
01:56:24.0397 7152 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:56:24.0408 7152 BTHPORT - ok
01:56:24.0441 7152 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
01:56:24.0443 7152 bthserv - ok
01:56:24.0474 7152 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:56:24.0476 7152 BTHUSB - ok
01:56:24.0501 7152 [ 7a2ce8c1bf4daa1f2766e21e9ca11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
01:56:24.0505 7152 btwampfl - ok
01:56:24.0531 7152 [ a75bf6802a967f5aacecc3c67febdf55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
01:56:24.0533 7152 btwaudio - ok
01:56:24.0568 7152 [ d895dc213edbda5fcc53aad1f1e0e63b ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
01:56:24.0570 7152 btwavdt - ok
01:56:24.0635 7152 [ 692f8648d7686d91e34a65ac698019d8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:56:24.0659 7152 btwdins - ok
01:56:24.0696 7152 [ 07096d2bc22ccb6cea5a532df0be8a75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
01:56:24.0697 7152 btwl2cap - ok
01:56:24.0732 7152 [ 6d7aa2bde0135599c5f230d69db3b420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
01:56:24.0734 7152 btwrchid - ok
01:56:24.0785 7152 [ bde21a60bbf5a290a1528c05decf995f ] bufssvr C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
01:56:24.0786 7152 bufssvr - ok
01:56:24.0822 7152 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:56:24.0824 7152 cdfs - ok
01:56:24.0847 7152 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:56:24.0850 7152 cdrom - ok
01:56:24.0877 7152 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
01:56:24.0879 7152 CertPropSvc - ok
01:56:24.0893 7152 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:56:24.0894 7152 circlass - ok
01:56:24.0927 7152 [ ff60401f1c659ca2ed4bae85d3fd14da ] CISVC C:\Windows\system32\CISVC.EXE
01:56:24.0928 7152 CISVC - ok
01:56:24.0975 7152 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
01:56:24.0979 7152 CLFS - ok
01:56:25.0053 7152 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:56:25.0054 7152 clr_optimization_v2.0.50727_32 - ok
01:56:25.0095 7152 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:56:25.0097 7152 clr_optimization_v2.0.50727_64 - ok
01:56:25.0130 7152 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:56:25.0142 7152 clr_optimization_v4.0.30319_32 - ok
01:56:25.0177 7152 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:56:25.0179 7152 clr_optimization_v4.0.30319_64 - ok
01:56:25.0201 7152 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:56:25.0202 7152 CmBatt - ok
01:56:25.0226 7152 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
01:56:25.0227 7152 cmdide - ok
01:56:25.0249 7152 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
01:56:25.0253 7152 CNG - ok
01:56:25.0286 7152 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:56:25.0287 7152 Compbatt - ok
01:56:25.0316 7152 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:56:25.0318 7152 CompositeBus - ok
01:56:25.0326 7152 COMSysApp - ok
01:56:25.0351 7152 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:56:25.0352 7152 crcdisk - ok
01:56:25.0397 7152 [ d03466c36ef0e5c7694ff38b45271d9d ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
01:56:25.0398 7152 Creative Media Toolbox 6 Licensing Service - ok
01:56:25.0419 7152 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:56:25.0422 7152 CryptSvc - ok
01:56:25.0451 7152 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:56:25.0463 7152 DcomLaunch - ok
01:56:25.0500 7152 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
01:56:25.0505 7152 defragsvc - ok
01:56:25.0536 7152 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:56:25.0538 7152 DfsC - ok
01:56:25.0552 7152 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
01:56:25.0555 7152 Dhcp - ok
01:56:25.0561 7152 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
01:56:25.0561 7152 discache - ok
01:56:25.0588 7152 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:56:25.0589 7152 Disk - ok
01:56:25.0619 7152 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:56:25.0622 7152 Dnscache - ok
01:56:25.0646 7152 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:56:25.0650 7152 dot3svc - ok
01:56:25.0674 7152 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
01:56:25.0676 7152 DPS - ok
01:56:25.0713 7152 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:56:25.0714 7152 drmkaud - ok
01:56:25.0792 7152 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:56:25.0817 7152 DXGKrnl - ok
01:56:25.0882 7152 [ d00eae9c735a7dee8049e50d73d25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
01:56:25.0884 7152 eamonm - ok
01:56:25.0908 7152 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:56:25.0910 7152 EapHost - ok
01:56:25.0994 7152 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:56:26.0061 7152 ebdrv - ok
01:56:26.0107 7152 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
01:56:26.0108 7152 EFS - ok
01:56:26.0145 7152 [ e5edde3c8158dd0cbc5812f201dcded0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
01:56:26.0147 7152 ehdrv - ok
01:56:26.0184 7152 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:56:26.0187 7152 ehRecvr - ok
01:56:26.0204 7152 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
01:56:26.0205 7152 ehSched - ok
01:56:26.0305 7152 [ ad4faade819e0da9933bea7c01d2c763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
01:56:26.0334 7152 ekrn - ok
01:56:26.0375 7152 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:56:26.0386 7152 elxstor - ok
01:56:26.0402 7152 [ 587f0f4145a1536a6e37efd769b7665f ] epfw C:\Windows\system32\DRIVERS\epfw.sys
01:56:26.0405 7152 epfw - ok
01:56:26.0432 7152 [ d2f812358ee8ee23cbb5c4daffb5b819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
01:56:26.0434 7152 EpfwLWF - ok
01:56:26.0471 7152 [ 34bf55d69ab74d14c7e7a17259cb7df8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
01:56:26.0472 7152 epfwwfp - ok
01:56:26.0484 7152 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:56:26.0485 7152 ErrDev - ok
01:56:26.0529 7152 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
01:56:26.0534 7152 EventSystem - ok
01:56:26.0558 7152 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
01:56:26.0561 7152 exfat - ok
01:56:26.0579 7152 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:56:26.0582 7152 fastfat - ok
01:56:26.0613 7152 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
01:56:26.0626 7152 Fax - ok
01:56:26.0630 7152 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:56:26.0631 7152 fdc - ok
01:56:26.0664 7152 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:56:26.0665 7152 fdPHost - ok
01:56:26.0675 7152 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:56:26.0676 7152 FDResPub - ok
01:56:26.0713 7152 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:56:26.0714 7152 FileInfo - ok
01:56:26.0729 7152 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:56:26.0730 7152 Filetrace - ok
01:56:26.0753 7152 [ f76d04f7413b07daa029f6520b64b4e8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:56:26.0765 7152 FLEXnet Licensing Service - ok
01:56:26.0769 7152 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:56:26.0770 7152 flpydisk - ok
01:56:26.0811 7152 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:56:26.0814 7152 FltMgr - ok
01:56:26.0866 7152 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
01:56:26.0892 7152 FontCache - ok
01:56:26.0941 7152 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:56:26.0942 7152 FontCache3.0.0.0 - ok
01:56:26.0957 7152 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:56:26.0959 7152 FsDepends - ok
01:56:26.0977 7152 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:56:26.0978 7152 Fs_Rec - ok
01:56:27.0003 7152 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:56:27.0006 7152 fvevol - ok
01:56:27.0018 7152 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:56:27.0020 7152 gagp30kx - ok
01:56:27.0055 7152 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
01:56:27.0071 7152 gpsvc - ok
01:56:27.0129 7152 [ 506708142bc63daba64f2d3ad1dcd5bf ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:56:27.0129 7152 gupdate - ok
01:56:27.0133 7152 [ 506708142bc63daba64f2d3ad1dcd5bf ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:56:27.0135 7152 gupdatem - ok
01:56:27.0140 7152 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:56:27.0141 7152 hcw85cir - ok
01:56:27.0167 7152 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:56:27.0171 7152 HdAudAddService - ok
01:56:27.0205 7152 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:56:27.0207 7152 HDAudBus - ok
01:56:27.0232 7152 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:56:27.0233 7152 HECIx64 - ok
01:56:27.0238 7152 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:56:27.0239 7152 HidBatt - ok
01:56:27.0270 7152 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:56:27.0272 7152 HidBth - ok
01:56:27.0286 7152 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:56:27.0288 7152 HidIr - ok
01:56:27.0302 7152 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
01:56:27.0304 7152 hidserv - ok
01:56:27.0328 7152 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:56:27.0329 7152 HidUsb - ok


PART TWO:
01:56:27.0328 7152 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:56:27.0329 7152 HidUsb - ok
01:56:27.0352 7152 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:56:27.0355 7152 hkmsvc - ok
01:56:27.0379 7152 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:56:27.0383 7152 HomeGroupListener - ok
01:56:27.0407 7152 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:56:27.0411 7152 HomeGroupProvider - ok
01:56:27.0474 7152 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:56:27.0476 7152 HP Support Assistant Service - ok
01:56:27.0516 7152 [ b19ff523b533a3f198b9239e1749c940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:56:27.0518 7152 HPDrvMntSvc.exe - ok
01:56:27.0552 7152 [ 4e0bec0f78096ffd6d3314b497fc49d3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
01:56:27.0553 7152 hpdskflt - ok
01:56:27.0598 7152 [ 01091b900e15878b4434f9c726c4541d ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:56:27.0623 7152 hpqwmiex - ok
01:56:27.0659 7152 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
01:56:27.0661 7152 HpSAMD - ok
01:56:27.0677 7152 [ fc7c13b5a9e9be23b7ae72bbc7fdb278 ] hpsrv C:\Windows\system32\Hpservice.exe
01:56:27.0679 7152 hpsrv - ok
01:56:27.0705 7152 [ 491ce9b6321fb74e4b37af2c47f98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
01:56:27.0706 7152 HPWMISVC - ok
01:56:27.0747 7152 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:56:27.0758 7152 HTTP - ok
01:56:27.0776 7152 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:56:27.0777 7152 hwpolicy - ok
01:56:27.0802 7152 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:56:27.0803 7152 i8042prt - ok
01:56:27.0835 7152 [ 5e60dd5f090ab4a563c7204c289c4650 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:56:27.0838 7152 iaStor - ok
01:56:27.0876 7152 [ 3aa361a727be3b01b6b909eefd26788a ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:56:27.0877 7152 IAStorDataMgrSvc - ok
01:56:27.0900 7152 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
01:56:27.0904 7152 iaStorV - ok
01:56:27.0981 7152 [ daf66902f08796f9c694901660e5a64a ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:56:27.0983 7152 IDriverT - ok
01:56:28.0014 7152 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:56:28.0030 7152 idsvc - ok
01:56:28.0244 7152 [ 1be8d9ca4f2363b8e8015621878e0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:56:28.0454 7152 igfx - ok
01:56:28.0487 7152 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:56:28.0489 7152 iirsp - ok
01:56:28.0524 7152 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
01:56:28.0539 7152 IKEEXT - ok
01:56:28.0570 7152 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
01:56:28.0572 7152 Impcd - ok
01:56:28.0586 7152 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
01:56:28.0587 7152 intelide - ok
01:56:28.0791 7152 [ 1be8d9ca4f2363b8e8015621878e0043 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
01:56:28.0972 7152 intelkmd - ok
01:56:29.0002 7152 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:56:29.0003 7152 intelppm - ok
01:56:29.0051 7152 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:56:29.0053 7152 IPBusEnum - ok
01:56:29.0079 7152 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:56:29.0080 7152 IpFilterDriver - ok
01:56:29.0109 7152 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:56:29.0122 7152 iphlpsvc - ok
01:56:29.0151 7152 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:56:29.0153 7152 IPMIDRV - ok
01:56:29.0167 7152 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:56:29.0169 7152 IPNAT - ok
01:56:29.0179 7152 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:56:29.0180 7152 IRENUM - ok
01:56:29.0195 7152 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
01:56:29.0196 7152 isapnp - ok
01:56:29.0215 7152 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:56:29.0218 7152 iScsiPrt - ok
01:56:29.0249 7152 [ c2edee04b348b06a9e1da1521a33c1bc ] Jukebox3_x64 C:\Windows\system32\DRIVERS\ctpdusbx.sys
01:56:29.0250 7152 Jukebox3_x64 - ok
01:56:29.0293 7152 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:56:29.0295 7152 kbdclass - ok
01:56:29.0310 7152 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:56:29.0311 7152 kbdhid - ok
01:56:29.0326 7152 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
01:56:29.0328 7152 KeyIso - ok
01:56:29.0369 7152 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:56:29.0371 7152 KSecDD - ok
01:56:29.0395 7152 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:56:29.0398 7152 KSecPkg - ok
01:56:29.0408 7152 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:56:29.0409 7152 ksthunk - ok
01:56:29.0437 7152 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
01:56:29.0442 7152 KtmRm - ok
01:56:29.0461 7152 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:56:29.0465 7152 LanmanServer - ok
01:56:29.0487 7152 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:56:29.0491 7152 LanmanWorkstation - ok
01:56:29.0529 7152 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:56:29.0531 7152 lltdio - ok
01:56:29.0559 7152 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:56:29.0565 7152 lltdsvc - ok
01:56:29.0578 7152 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:56:29.0579 7152 lmhosts - ok
01:56:29.0597 7152 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:56:29.0599 7152 LSI_FC - ok
01:56:29.0604 7152 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:56:29.0606 7152 LSI_SAS - ok
01:56:29.0611 7152 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:56:29.0613 7152 LSI_SAS2 - ok
01:56:29.0620 7152 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:56:29.0622 7152 LSI_SCSI - ok
01:56:29.0638 7152 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
01:56:29.0639 7152 luafv - ok
01:56:29.0676 7152 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:56:29.0677 7152 MBAMProtector - ok
01:56:29.0736 7152 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:56:29.0748 7152 MBAMService - ok
01:56:29.0780 7152 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:56:29.0782 7152 Mcx2Svc - ok
01:56:29.0787 7152 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:56:29.0788 7152 megasas - ok
01:56:29.0806 7152 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:56:29.0809 7152 MegaSR - ok
01:56:29.0838 7152 Microsoft SharePoint Workspace Audit Service - ok
01:56:29.0851 7152 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
01:56:29.0853 7152 MMCSS - ok
01:56:29.0866 7152 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:56:29.0867 7152 Modem - ok
01:56:29.0897 7152 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:56:29.0898 7152 monitor - ok
01:56:29.0923 7152 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:56:29.0924 7152 mouclass - ok
01:56:29.0932 7152 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:56:29.0933 7152 mouhid - ok
01:56:29.0965 7152 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:56:29.0967 7152 mountmgr - ok
01:56:29.0986 7152 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
01:56:29.0988 7152 mpio - ok
01:56:30.0000 7152 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:56:30.0002 7152 mpsdrv - ok
01:56:30.0042 7152 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:56:30.0055 7152 MpsSvc - ok
01:56:30.0080 7152 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:56:30.0083 7152 MRxDAV - ok
01:56:30.0116 7152 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:56:30.0119 7152 mrxsmb - ok
01:56:30.0148 7152 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:56:30.0151 7152 mrxsmb10 - ok
01:56:30.0174 7152 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:56:30.0176 7152 mrxsmb20 - ok
01:56:30.0202 7152 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:56:30.0203 7152 msahci - ok
01:56:30.0229 7152 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
01:56:30.0231 7152 msdsm - ok
01:56:30.0249 7152 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
01:56:30.0252 7152 MSDTC - ok
01:56:30.0270 7152 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:56:30.0272 7152 Msfs - ok
01:56:30.0287 7152 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:56:30.0288 7152 mshidkmdf - ok
01:56:30.0303 7152 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:56:30.0304 7152 msisadrv - ok
01:56:30.0329 7152 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:56:30.0331 7152 MSiSCSI - ok
01:56:30.0339 7152 msiserver - ok
01:56:30.0374 7152 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:56:30.0376 7152 MSKSSRV - ok
01:56:30.0406 7152 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:56:30.0407 7152 MSPCLOCK - ok
01:56:30.0420 7152 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:56:30.0421 7152 MSPQM - ok
01:56:30.0445 7152 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:56:30.0449 7152 MsRPC - ok
01:56:30.0460 7152 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:56:30.0461 7152 mssmbios - ok
01:56:30.0529 7152 MSSQL$MSSMLBIZ - ok
01:56:30.0604 7152 [ f1761c8fb2b25a32c6d63e36bb88c3ae ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:56:30.0605 7152 MSSQLServerADHelper100 - ok
01:56:30.0617 7152 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:56:30.0618 7152 MSTEE - ok
01:56:30.0633 7152 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:56:30.0634 7152 MTConfig - ok
01:56:30.0652 7152 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:56:30.0654 7152 Mup - ok
01:56:30.0686 7152 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
01:56:30.0700 7152 napagent - ok
01:56:30.0739 7152 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:56:30.0743 7152 NativeWifiP - ok
01:56:30.0823 7152 [ 934bb0d23a25c8c136570800a5a149b6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
01:56:30.0835 7152 NAUpdate - ok
01:56:30.0860 7152 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
01:56:30.0885 7152 NDIS - ok
01:56:30.0909 7152 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:56:30.0910 7152 NdisCap - ok
01:56:30.0921 7152 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:56:30.0922 7152 NdisTapi - ok
01:56:30.0951 7152 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:56:30.0952 7152 Ndisuio - ok
01:56:30.0980 7152 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:56:30.0982 7152 NdisWan - ok
01:56:31.0007 7152 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:56:31.0008 7152 NDProxy - ok
01:56:31.0025 7152 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:56:31.0026 7152 NetBIOS - ok
01:56:31.0039 7152 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:56:31.0042 7152 NetBT - ok
01:56:31.0057 7152 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
01:56:31.0058 7152 Netlogon - ok
01:56:31.0082 7152 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
01:56:31.0087 7152 Netman - ok
01:56:31.0131 7152 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
01:56:31.0136 7152 netprofm - ok
01:56:31.0162 7152 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:56:31.0163 7152 NetTcpPortSharing - ok
01:56:31.0174 7152 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:56:31.0176 7152 nfrd960 - ok
01:56:31.0203 7152 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:56:31.0206 7152 NlaSvc - ok


PART Three:

01:56:31.0203 7152 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:56:31.0206 7152 NlaSvc - ok
01:56:31.0215 7152 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:56:31.0216 7152 Npfs - ok
01:56:31.0243 7152 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:56:31.0245 7152 nsi - ok
01:56:31.0253 7152 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:56:31.0254 7152 nsiproxy - ok
01:56:31.0304 7152 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:56:31.0338 7152 Ntfs - ok
01:56:31.0352 7152 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
01:56:31.0353 7152 Null - ok
01:56:31.0378 7152 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
01:56:31.0380 7152 nvraid - ok
01:56:31.0399 7152 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
01:56:31.0402 7152 nvstor - ok
01:56:31.0430 7152 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:56:31.0432 7152 nv_agp - ok
01:56:31.0449 7152 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:56:31.0451 7152 ohci1394 - ok
01:56:31.0488 7152 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:56:31.0490 7152 ose - ok
01:56:31.0604 7152 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:56:31.0628 7152 osppsvc - ok
01:56:31.0661 7152 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:56:31.0665 7152 p2pimsvc - ok
01:56:31.0683 7152 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:56:31.0695 7152 p2psvc - ok
01:56:31.0715 7152 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:56:31.0716 7152 Parport - ok
01:56:31.0749 7152 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:56:31.0750 7152 partmgr - ok
01:56:31.0762 7152 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:56:31.0766 7152 PcaSvc - ok
01:56:31.0795 7152 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
01:56:31.0797 7152 pci - ok
01:56:31.0814 7152 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
01:56:31.0815 7152 pciide - ok
01:56:31.0828 7152 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:56:31.0831 7152 pcmcia - ok
01:56:31.0864 7152 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:56:31.0865 7152 pcw - ok
01:56:31.0882 7152 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:56:31.0894 7152 PEAUTH - ok
01:56:31.0959 7152 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:56:31.0960 7152 PerfHost - ok
01:56:32.0003 7152 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
01:56:32.0028 7152 pla - ok
01:56:32.0072 7152 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:56:32.0077 7152 PlugPlay - ok
01:56:32.0090 7152 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:56:32.0091 7152 PNRPAutoReg - ok
01:56:32.0110 7152 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:56:32.0113 7152 PNRPsvc - ok
01:56:32.0144 7152 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:56:32.0157 7152 PolicyAgent - ok
01:56:32.0185 7152 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
01:56:32.0188 7152 Power - ok
01:56:32.0214 7152 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:56:32.0215 7152 PptpMiniport - ok
01:56:32.0237 7152 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:56:32.0239 7152 Processor - ok
01:56:32.0268 7152 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:56:32.0272 7152 ProfSvc - ok
01:56:32.0280 7152 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:56:32.0281 7152 ProtectedStorage - ok
01:56:32.0323 7152 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:56:32.0325 7152 Psched - ok
01:56:32.0364 7152 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:56:32.0398 7152 ql2300 - ok
01:56:32.0406 7152 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:56:32.0408 7152 ql40xx - ok
01:56:32.0423 7152 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
01:56:32.0427 7152 QWAVE - ok
01:56:32.0442 7152 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:56:32.0443 7152 QWAVEdrv - ok
01:56:32.0448 7152 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:56:32.0449 7152 RasAcd - ok
01:56:32.0479 7152 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:56:32.0480 7152 RasAgileVpn - ok
01:56:32.0497 7152 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
01:56:32.0500 7152 RasAuto - ok
01:56:32.0518 7152 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:56:32.0520 7152 Rasl2tp - ok
01:56:32.0548 7152 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
01:56:32.0553 7152 RasMan - ok
01:56:32.0568 7152 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:56:32.0570 7152 RasPppoe - ok
01:56:32.0579 7152 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:56:32.0581 7152 RasSstp - ok
01:56:32.0611 7152 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:56:32.0615 7152 rdbss - ok
01:56:32.0629 7152 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:56:32.0631 7152 rdpbus - ok
01:56:32.0648 7152 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:56:32.0649 7152 RDPCDD - ok
01:56:32.0658 7152 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:56:32.0659 7152 RDPENCDD - ok
01:56:32.0668 7152 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:56:32.0669 7152 RDPREFMP - ok
01:56:32.0693 7152 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:56:32.0696 7152 RDPWD - ok
01:56:32.0733 7152 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:56:32.0735 7152 rdyboost - ok
01:56:32.0768 7152 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:56:32.0771 7152 RemoteAccess - ok
01:56:32.0788 7152 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:56:32.0791 7152 RemoteRegistry - ok
01:56:32.0833 7152 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:56:32.0836 7152 RFCOMM - ok
01:56:32.0860 7152 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:56:32.0862 7152 RpcEptMapper - ok
01:56:32.0889 7152 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
01:56:32.0890 7152 RpcLocator - ok
01:56:32.0914 7152 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
01:56:32.0917 7152 RpcSs - ok
01:56:32.0949 7152 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:56:32.0951 7152 rspndr - ok
01:56:32.0977 7152 [ 6074829c74c5c72ab65ad2cee9c1bb47 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:56:32.0981 7152 RTL8167 - ok
01:56:33.0004 7152 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
01:56:33.0005 7152 SamSs - ok
01:56:33.0032 7152 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
01:56:33.0034 7152 sbp2port - ok
01:56:33.0136 7152 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
01:56:33.0161 7152 SBSDWSCService - ok
01:56:33.0199 7152 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:56:33.0202 7152 SCardSvr - ok
01:56:33.0226 7152 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:56:33.0227 7152 scfilter - ok
01:56:33.0269 7152 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
01:56:33.0295 7152 Schedule - ok
01:56:33.0322 7152 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
01:56:33.0323 7152 SCPolicySvc - ok
01:56:33.0340 7152 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:56:33.0343 7152 SDRSVC - ok
01:56:33.0382 7152 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:56:33.0383 7152 secdrv - ok
01:56:33.0400 7152 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
01:56:33.0402 7152 seclogon - ok
01:56:33.0417 7152 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
01:56:33.0420 7152 SENS - ok
01:56:33.0430 7152 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:56:33.0432 7152 SensrSvc - ok
01:56:33.0448 7152 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:56:33.0449 7152 Serenum - ok
01:56:33.0459 7152 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:56:33.0461 7152 Serial - ok
01:56:33.0481 7152 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:56:33.0482 7152 sermouse - ok
01:56:33.0517 7152 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:56:33.0520 7152 SessionEnv - ok
01:56:33.0550 7152 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:56:33.0551 7152 sffdisk - ok
01:56:33.0563 7152 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:56:33.0565 7152 sffp_mmc - ok
01:56:33.0581 7152 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:56:33.0582 7152 sffp_sd - ok
01:56:33.0587 7152 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:56:33.0588 7152 sfloppy - ok
01:56:33.0632 7152 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:56:33.0636 7152 SharedAccess - ok
01:56:33.0680 7152 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:56:33.0685 7152 ShellHWDetection - ok
01:56:33.0689 7152 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:56:33.0690 7152 SiSRaid2 - ok
01:56:33.0706 7152 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:56:33.0708 7152 SiSRaid4 - ok
01:56:33.0713 7152 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:56:33.0714 7152 Smb - ok
01:56:33.0728 7152 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:56:33.0730 7152 SNMPTRAP - ok
01:56:33.0741 7152 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:56:33.0742 7152 spldr - ok
01:56:33.0817 7152 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:56:33.0830 7152 Spooler - ok
01:56:33.0912 7152 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
01:56:33.0980 7152 sppsvc - ok
01:56:33.0994 7152 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:56:33.0996 7152 sppuinotify - ok
01:56:34.0028 7152 [ a892134c28777978ecde8283dc57ac0f ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
01:56:34.0030 7152 SQLAgent$MSSMLBIZ - ok
01:56:34.0076 7152 [ 10d936dced9eacd1a1b3fcdda6d7a4eb ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:56:34.0078 7152 SQLBrowser - ok
01:56:34.0121 7152 [ f92e5f93be572b512da3c016b675ede0 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:56:34.0124 7152 SQLWriter - ok
01:56:34.0159 7152 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
01:56:34.0164 7152 srv - ok
01:56:34.0187 7152 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:56:34.0192 7152 srv2 - ok
01:56:34.0207 7152 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:56:34.0209 7152 srvnet - ok
01:56:34.0225 7152 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:56:34.0229 7152 SSDPSRV - ok
01:56:34.0250 7152 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:56:34.0253 7152 SstpSvc - ok
01:56:34.0274 7152 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:56:34.0276 7152 stexstor - ok
01:56:34.0311 7152 [ 936a4d05f7a790b8aab3b6be61651e0e ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:56:34.0316 7152 STHDA - ok
01:56:34.0343 7152 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
01:56:34.0355 7152 stisvc - ok
01:56:34.0383 7152 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:56:34.0384 7152 swenum - ok
01:56:34.0446 7152 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:56:34.0458 7152 SwitchBoard - ok
01:56:34.0480 7152 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
01:56:34.0495 7152 swprv - ok
01:56:34.0543 7152 [ ac3cc98b1bdb6540021d3ffb105ac2b9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:56:34.0548 7152 SynTP - ok
01:56:34.0594 7152 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
01:56:34.0628 7152 SysMain - ok
01:56:34.0647 7152 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:56:34.0650 7152 TabletInputService - ok
01:56:34.0664 7152 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:56:34.0669 7152 TapiSrv - ok
01:56:34.0683 7152 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
01:56:34.0685 7152 TBS - ok
01:56:34.0756 7152 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:56:34.0790 7152 Tcpip - ok
01:56:34.0826 7152 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:56:34.0835 7152 TCPIP6 - ok
01:56:34.0866 7152 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:56:34.0867 7152 tcpipreg - ok
01:56:34.0901 7152 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:56:34.0901 7152 TDPIPE - ok
01:56:34.0924 7152 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:56:34.0925 7152 TDTCP - ok
01:56:34.0965 7152 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:56:34.0967 7152 tdx - ok
01:56:34.0991 7152 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:56:34.0993 7152 TermDD - ok
01:56:35.0011 7152 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
01:56:35.0024 7152 TermService - ok
01:56:35.0041 7152 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
01:56:35.0043 7152 Themes - ok
01:56:35.0059 7152 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
01:56:35.0061 7152 THREADORDER - ok
01:56:35.0077 7152 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
01:56:35.0080 7152 TrkWks - ok
01:56:35.0123 7152 [ 370a6907ddf79532a39319492b1fa38a ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
01:56:35.0126 7152 truecrypt - ok
01:56:35.0176 7152 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:56:35.0179 7152 TrustedInstaller - ok
01:56:35.0206 7152 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:56:35.0207 7152 tssecsrv - ok
01:56:35.0230 7152 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:56:35.0231 7152 TsUsbFlt - ok
01:56:35.0259 7152 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:56:35.0261 7152 tunnel - ok
01:56:35.0285 7152 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:56:35.0286 7152 uagp35 - ok
01:56:35.0323 7152 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:56:35.0326 7152 udfs - ok
01:56:35.0362 7152 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:56:35.0364 7152 UI0Detect - ok
01:56:35.0376 7152 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:56:35.0377 7152 uliagpkx - ok
01:56:35.0401 7152 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:56:35.0403 7152 umbus - ok
01:56:35.0420 7152 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:56:35.0424 7152 UmPass - ok
01:56:35.0469 7152 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
01:56:35.0474 7152 upnphost - ok
01:56:35.0515 7152 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:56:35.0517 7152 usbaudio - ok
01:56:35.0560 7152 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:56:35.0561 7152 usbccgp - ok
01:56:35.0587 7152 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:56:35.0589 7152 usbcir - ok
01:56:35.0601 7152 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:56:35.0602 7152 usbehci - ok
01:56:35.0640 7152 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:56:35.0644 7152 usbhub - ok
01:56:35.0671 7152 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:56:35.0672 7152 usbohci - ok
01:56:35.0701 7152 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:56:35.0702 7152 usbprint - ok
01:56:35.0731 7152 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:56:35.0733 7152 usbscan - ok
01:56:35.0749 7152 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:56:35.0751 7152 USBSTOR - ok
01:56:35.0767 7152 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:56:35.0768 7152 usbuhci - ok
01:56:35.0787 7152 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:56:35.0789 7152 usbvideo - ok
01:56:35.0805 7152 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
01:56:35.0808 7152 UxSms - ok
01:56:35.0816 7152 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
01:56:35.0817 7152 VaultSvc - ok
01:56:35.0842 7152 [ fd911873c0bb6945fa38c16e9a2b58f9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
01:56:35.0843 7152 VClone - ok
01:56:35.0859 7152 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:56:35.0860 7152 vdrvroot - ok
01:56:35.0897 7152 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
01:56:35.0910 7152 vds - ok
01:56:35.0926 7152 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:56:35.0927 7152 vga - ok
01:56:35.0939 7152 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
01:56:35.0940 7152 VgaSave - ok
01:56:35.0954 7152 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:56:35.0957 7152 vhdmp - ok
01:56:35.0974 7152 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
01:56:35.0975 7152 viaide - ok
01:56:35.0987 7152 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:56:35.0989 7152 volmgr - ok
01:56:36.0015 7152 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:56:36.0019 7152 volmgrx - ok
01:56:36.0037 7152 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:56:36.0041 7152 volsnap - ok
01:56:36.0057 7152 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:56:36.0059 7152 vsmraid - ok
01:56:36.0109 7152 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
01:56:36.0143 7152 VSS - ok
01:56:36.0156 7152 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:56:36.0157 7152 vwifibus - ok
01:56:36.0180 7152 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:56:36.0181 7152 vwififlt - ok
01:56:36.0202 7152 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:56:36.0203 7152 vwifimp - ok
01:56:36.0227 7152 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
01:56:36.0232 7152 W32Time - ok
01:56:36.0242 7152 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:56:36.0243 7152 WacomPen - ok
01:56:36.0260 7152 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:56:36.0262 7152 WANARP - ok
01:56:36.0266 7152 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:56:36.0267 7152 Wanarpv6 - ok
01:56:36.0319 7152 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:56:36.0345 7152 WatAdminSvc - ok
01:56:36.0392 7152 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
01:56:36.0427 7152 wbengine - ok
01:56:36.0450 7152 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:56:36.0458 7152 WbioSrvc - ok
01:56:36.0492 7152 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:56:36.0497 7152 wcncsvc - ok
01:56:36.0524 7152 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:56:36.0527 7152 WcsPlugInService - ok
01:56:36.0531 7152 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:56:36.0533 7152 Wd - ok
01:56:36.0563 7152 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:56:36.0576 7152 Wdf01000 - ok
01:56:36.0588 7152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:56:36.0592 7152 WdiServiceHost - ok
01:56:36.0598 7152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:56:36.0601 7152 WdiSystemHost - ok
01:56:36.0623 7152 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:56:36.0627 7152 WebClient - ok
01:56:36.0653 7152 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:56:36.0657 7152 Wecsvc - ok
01:56:36.0673 7152 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:56:36.0677 7152 wercplsupport - ok
01:56:36.0692 7152 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:56:36.0695 7152 WerSvc - ok
01:56:36.0702 7152 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:56:36.0704 7152 WfpLwf - ok
01:56:36.0713 7152 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:56:36.0714 7152 WIMMount - ok
01:56:36.0729 7152 WinDefend - ok
01:56:36.0783 7152 [ 8258726d076c8fff994f468712ddfbab ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
01:56:36.0787 7152 WindowBlinds - ok
01:56:36.0795 7152 WinHttpAutoProxySvc - ok
01:56:36.0860 7152 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:56:36.0864 7152 Winmgmt - ok
01:56:36.0923 7152 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
01:56:36.0965 7152 WinRM - ok
01:56:37.0020 7152 [ fe88b288356e7b47b74b13372add906d ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
01:56:37.0021 7152 WinUSB - ok
01:56:37.0052 7152 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
01:56:37.0077 7152 Wlansvc - ok
01:56:37.0181 7152 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:56:37.0217 7152 wlidsvc - ok
01:56:37.0255 7152 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:56:37.0256 7152 WmiAcpi - ok
01:56:37.0282 7152 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:56:37.0285 7152 wmiApSrv - ok
01:56:37.0299 7152 WMPNetworkSvc - ok
01:56:37.0311 7152 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:56:37.0313 7152 WPCSvc - ok
01:56:37.0338 7152 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:56:37.0341 7152 WPDBusEnum - ok
01:56:37.0370 7152 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:56:37.0371 7152 ws2ifsl - ok
01:56:37.0402 7152 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
01:56:37.0404 7152 wscsvc - ok
01:56:37.0436 7152 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
01:56:37.0437 7152 WSDPrintDevice - ok
01:56:37.0441 7152 WSearch - ok
01:56:37.0517 7152 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:56:37.0595 7152 wuauserv - ok
01:56:37.0629 7152 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:56:37.0631 7152 WudfPf - ok
01:56:37.0655 7152 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:56:37.0657 7152 WUDFRd - ok
01:56:37.0679 7152 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:56:37.0682 7152 wudfsvc - ok
01:56:37.0731 7152 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
01:56:37.0736 7152 WwanSvc - ok
01:56:37.0815 7152 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:56:37.0827 7152 YahooAUService - ok
01:56:37.0847 7152 ================ Scan global ===============================
01:56:37.0899 7152 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
01:56:37.0930 7152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
01:56:37.0946 7152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
01:56:37.0967 7152 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
01:56:37.0986 7152 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
01:56:37.0991 7152 [Global] - ok
01:56:37.0991 7152 ================ Scan MBR ==================================
01:56:37.0998 7152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:56:38.0166 7152 \Device\Harddisk0\DR0 - ok
01:56:38.0167 7152 ================ Scan VBR ==================================
01:56:38.0169 7152 Boot (0x1200) (7dfd1162de90dec65234b0476e0e9989) \Device\Harddisk0\DR0\Partition1
01:56:38.0170 7152 \Device\Harddisk0\DR0\Partition1 - ok
01:56:38.0182 7152 Boot (0x1200) (1f280ab68ec27ef101b9e2f0a28a04ac) \Device\Harddisk0\DR0\Partition2
01:56:38.0183 7152 \Device\Harddisk0\DR0\Partition2 - ok
01:56:38.0200 7152 Boot (0x1200) (a9f1a5f32f5f07df16919385a791a31f) \Device\Harddisk0\DR0\Partition3
01:56:38.0201 7152 \Device\Harddisk0\DR0\Partition3 - ok
01:56:38.0218 7152 Boot (0x1200) (0396dc49ae130dcb544f670801740028) \Device\Harddisk0\DR0\Partition4
01:56:38.0219 7152 \Device\Harddisk0\DR0\Partition4 - ok
01:56:38.0219 7152 ============================================================
01:56:38.0219 7152 Scan finished
01:56:38.0219 7152 ============================================================
01:56:38.0229 7072 Detected object count: 0
01:56:38.0229 7072 Actual detected object count: 0
02:01:33.0963 7044 Deinitialize success



Continue Next post.....

#13 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 19 August 2012 - 11:03 PM

Now this is regarding the aswMBR thing - same as the TDSS d/l I did d/l the s/w in a couple of attempts. The failed attempt to d/l this aswMBR and earlier TDSS d/l were like this, when the choices of open, save, cancel appear in a long rect dialo box running at the bottom from the left to right of the screen, I clicked save it does NOT WORKED, as in 'the security settings of your computer do not allow you to down load. I retry (did the same for TDSS on the 1st attempt), AND it went so I saved it on my external drive from where I clicked to run. Before that however, a small dialo appears something like, Windows is Protecting you ......still I click run, AND BRAVO it ran the scanning.

The scan dialog is about half screen size, black in colour. Almost after couple of minutes, it detected something appearing in RED, like in C root windows, folder, a "hidden" trusted service installer.... It scaned furhter BUT got stuck while scanning Flexnet, a whole about 8 minutes still DID not move when I thought I could possibly have finished, so I clicked the save log. BUT a dialog appeared from the usual system function to indicate that this program has stopped, asking me to close, or asking windows system to find a solution etc etc. I closed it, AND it disappeared. I cannot find the log, I thought even tho it is half completed.

Shall I retry to scan SECOND time? Ok I will rescan. But I had saved the aswMBR in external drive.

NEXT - this I THOUGHT may give u a USEFUL peek into the background. Some 4 weeks ago, theres a peculiar behaviour in my computer. But it is not too deviant that I really wanted to pay attention which is why I indicate as Suspicious lurking of Wind Command Processor inititally. IT WENT on on off not to noticeable UNTIL about 5-8 days AGO.

MY GOD - this minor strange behaviour EXPLODED. Very sharp differences occured till I did MANY things to trouble shoot. What happened while trouble shoot, I discovered my (One), ESET daily auto updates not as usual, (Two), my email inboxes loading got stuck immediately after logging in and happend in both my gmail and yahoo accounts, (Three), my OS WIndows Firewall WAS TURNED off no rhyme or REASON, (Four), ALMOST all of my IE security setting was haywired, ALL set to LOW protectin VALUES, pop up blocker WAS turned off, and there was one pop-up manager was 'ALLOWed' - etc etc.

So this defintely was a Malicious Tsunami in my layman view.


Now I try to rescna with the aswMBR - see if there's any result to post - if you remember I said earlier the scan was stucked.

#14 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 20 August 2012 - 12:34 AM

Hi there. This is on the asmMBR scans. Let me recap a bit as I believe there might be a bit too much info for you to digest. Just a repitition if you wont mind, all of the d/ls are done on a second attempt when the I was warned on the screen after d/l that my comptr security settings do not allowed d/l, and on the second attempt it is not different in that I clicked save.

And also I may be repeating, when I clicked open the TDSS and this aswMBR, the dialo showed windows prevented this type of file to be opened, upon clicking cross X, it stilled allowed me to click and opened.

Ok the TDSS log u have it. These below are the 3 logs of the aswMNR scans. There is no first scan log which was done on my WIN OS on a normal mode. What ccured was when I 2-click to open, the aswMBR updated some definitions, then proceeded. As I said after some minutes it got stucked (sorry NOW I realised it it not stucked, it is in progress). After it got 'stucked' , I did not click any fix or other things, except merely to save a log, but the the screen said the s/w stopped working and gave me options to close or find ask windows to find solutions. BUT I SAW there WAS one scanned result IN RED, like ' C, WIndows, service trusted installer , *Hidden* at the end of the line.

OK, below is the next log in safe mode but without networking, but I believe it is ony partial as I said it got stucked. Here -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:19:25
-----------------------------
12:19:25.007 OS Version: Windows x64 6.1.7601 Service Pack 1
12:19:25.007 Number of processors: 4 586 0x2505
12:19:25.007 ComputerName: TERENCEHPENVY14 UserName: Terence
12:19:25.350 Initialize success
12:19:33.384 AVAST engine defs: 12081900
12:19:42.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:19:42.151 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
12:19:42.151 Disk 0 MBR read successfully
12:19:42.151 Disk 0 MBR scan
12:19:42.182 Disk 0 Windows 7 default MBR code
12:19:42.182 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:42.198 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110200 MB offset 206848
12:19:42.213 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 95000 MB offset 225896448
12:19:42.229 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99943 MB offset 420456448
12:19:42.276 Disk 0 scanning C:\Windows\system32\drivers
12:19:50.185 Service scanning
12:20:11.261 Modules scanning
12:20:11.261 Disk 0 trace - called modules:
12:20:11.292 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:20:11.292 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005957060]
12:20:11.323 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80057fcb10]
12:20:11.323 5 hpdskflt.sys[fffff88001baf189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004946050]
12:20:12.165 AVAST engine scan C:\Windows
12:20:14.474 AVAST engine scan C:\Windows\system32
12:22:27.792 AVAST engine scan C:\Windows\system32\drivers
12:22:36.247 AVAST engine scan C:\Users\Terence
12:25:44.711 AVAST engine scan C:\ProgramData
12:29:19.539 Disk 0 MBR has been saved successfully to "C:\Users\Terence\Documents\MBR.dat"
12:29:19.539 The log file has been saved successfully to "C:\Users\Terence\Documents\aswMBR.txt"

HERE is the first of TWO 'full-scan' done in safe mode with networking, when I allowed the 'stuck' to continue to finish which is the whole scan ended. BUT the RED scanned Detection GONE! Here below -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:35:15
-----------------------------
12:35:15.423 OS Version: Windows x64 6.1.7601 Service Pack 1
12:35:15.423 Number of processors: 4 586 0x2505
12:35:15.423 ComputerName: TERENCEHPENVY14 UserName: Terence
12:35:15.766 Initialize success
12:35:23.847 AVAST engine defs: 12081900
12:35:33.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:35:33.581 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
12:35:33.581 Disk 0 MBR read successfully
12:35:33.581 Disk 0 MBR scan
12:35:33.597 Disk 0 Windows 7 default MBR code
12:35:33.597 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:35:33.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110200 MB offset 206848
12:35:33.628 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 95000 MB offset 225896448
12:35:33.675 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99943 MB offset 420456448
12:35:33.737 Disk 0 scanning C:\Windows\system32\drivers
12:35:41.412 Service scanning
12:36:03.003 Modules scanning
12:36:03.003 Disk 0 trace - called modules:
12:36:03.034 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:36:03.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bea060]
12:36:03.034 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004a8bb10]
12:36:03.050 5 hpdskflt.sys[fffff88001b90189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004939050]
12:36:03.986 AVAST engine scan C:\Windows
12:36:06.575 AVAST engine scan C:\Windows\system32
12:38:17.740 AVAST engine scan C:\Windows\system32\drivers
12:38:26.008 AVAST engine scan C:\Users\Terence
12:43:07.979 AVAST engine scan C:\ProgramData
12:53:57.158 Scan finished successfully
12:54:35.612 Disk 0 MBR has been saved successfully to "C:\Users\Terence\Documents\MBR.dat"
12:54:35.612 The log file has been saved successfully to "C:\Users\Terence\Documents\aswMBR second.txt"


Here's below is the second of two full scan, also done in safe mode with networking, AGAIN, the RED scanned DETECTION gone. This results below should be the same as the above preceedent scan. Here -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:55:28
-----------------------------
12:55:28.387 OS Version: Windows x64 6.1.7601 Service Pack 1
12:55:28.387 Number of processors: 4 586 0x2505
12:55:28.387 ComputerName: TERENCEHPENVY14 UserName: Terence
12:55:28.965 Initialize success
12:55:33.863 AVAST engine defs: 12081900
12:55:38.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:55:38.543 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
12:55:38.559 Disk 0 MBR read successfully
12:55:38.559 Disk 0 MBR scan
12:55:38.559 Disk 0 Windows 7 default MBR code
12:55:38.590 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:55:38.605 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110200 MB offset 206848
12:55:38.637 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 95000 MB offset 225896448
12:55:38.652 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99943 MB offset 420456448
12:55:38.715 Disk 0 scanning C:\Windows\system32\drivers
12:55:46.421 Service scanning
12:56:06.919 Modules scanning
12:56:06.919 Disk 0 trace - called modules:
12:56:06.951 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:56:06.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bea060]
12:56:06.966 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004a8bb10]
12:56:06.966 5 hpdskflt.sys[fffff88001b90189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004939050]
12:56:08.136 AVAST engine scan C:\Windows
12:56:13.003 AVAST engine scan C:\Windows\system32
12:58:21.532 AVAST engine scan C:\Windows\system32\drivers
12:58:29.800 AVAST engine scan C:\Users\Terence
13:01:10.652 AVAST engine scan C:\ProgramData
13:10:57.993 Scan finished successfully
13:11:55.448 Disk 0 MBR has been saved successfully to "C:\Users\Terence\Documents\MBR.dat"
13:11:55.463 The log file has been saved successfully to "C:\Users\Terence\Documents\aswMBR third.txt"








#15 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 20 August 2012 - 06:59 AM

Hi I might need to apologise for the probable mess here as due to the difficulty in getting to d/l the required programs you called for, and even then if managed to d/l the computer system blocked me from openning - I am at a loss how to go around this.

I did a IE9 'reset' to all default values - and managed to d/l the dds, BUT not the screen 317. Sorry again, the first dds scan was done before I halted my ESET and WIn Firewall. Thereafter having did so I scaned another time so you can see 2 dds logs:

First DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Terence at 19:26:52 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3350.1803 [GMT 8:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Windows\SysWOW64\CPdeSrvU.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://news.google.com/
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [SkyDrive] "C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
StartupFolder: C:\Users\Terence\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtilTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~2.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtil.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: avast.com\public
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: infospyware.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\35471627865726 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\544656E605F696E647 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\65964716C634F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\75962756C6563737043574 : DhcpNameServer = 10.138.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun-x64: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun-x64: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\system32\DRIVERS\BFRD4G.sys --> C:\Windows\system32\DRIVERS\BFRD4G.sys [?]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\system32\drivers\bftpdskc64.sys --> C:\Windows\system32\drivers\bftpdskc64.sys [?]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2011-11-7 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2010-3-12 90112]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-18 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-7 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\system32\drivers\bautpw64.sys --> C:\Windows\system32\drivers\bautpw64.sys [?]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\system32\drivers\bftpusbx64.sys --> C:\Windows\system32\drivers\bftpusbx64.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-6-24 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648]
S3 Jukebox3_x64;Jukebox3_x64;C:\Windows\system32\DRIVERS\ctpdusbx.sys --> C:\Windows\system32\DRIVERS\ctpdusbx.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-08-16 02:08:19 -------- dc----w- C:\Downloads
2012-08-15 01:50:50 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 01:44:45 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 01:44:45 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 01:44:45 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 01:44:45 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 01:44:43 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 01:44:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 01:44:43 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 01:44:42 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 01:44:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 01:44:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 01:44:41 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 09:22:19 -------- dc----w- C:\Program Files\Eraser
2012-08-14 04:15:49 -------- dc----w- C:\android-sdk
2012-08-14 02:24:11 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-14 02:24:11 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-13 06:33:18 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-13 05:22:16 -------- d-----w- C:\Program Files (x86)\Nero
2012-08-12 16:05:10 -------- d-----w- C:\Users\Terence\AppData\Roaming\Imagic507N
2012-08-12 16:03:34 98304 ------w- C:\Windows\SysWow64\l3codecx.ax
2012-08-12 08:25:38 -------- dc----w- C:\Terence
2012-08-12 07:44:25 -------- d-----w- C:\Users\Terence\SyncUP
2012-08-12 07:43:26 -------- d-----w- C:\Users\Terence\AppData\Local\Nero_AG
2012-08-12 07:43:24 -------- d-----w- C:\Users\Terence\AppData\Roaming\Dell
2012-08-12 07:43:00 -------- d-----w- C:\Users\Terence\AppData\Local\Nero
2012-08-12 07:33:25 -------- d-----w- C:\ProgramData\Nero
2012-08-12 07:32:29 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-08-12 07:32:04 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-12 07:31:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-08-12 07:31:13 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-08-12 07:30:50 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-08-12 06:08:53 -------- dc----w- C:\adb
2012-08-11 18:37:21 -------- d-----w- C:\Users\Terence\AppData\Local\Apple
2012-08-06 16:25:32 -------- d-----w- C:\Users\Terence\.android
2012-08-06 16:25:13 -------- d-----w- C:\Users\Terence\AppData\Local\Android
2012-07-31 01:34:02 -------- d-sh--w- C:\found.000
2012-07-27 01:59:04 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-07-22 13:02:47 -------- d-----w- C:\Users\Terence\AppData\Roaming\addpcs
2012-07-22 06:31:27 -------- dc----w- C:\_OTL
.
==================== Find3M ====================
.
2012-08-15 07:57:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:57:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-13 06:32:32 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-13 06:32:32 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 02:27:42 116016 ----a-w- C:\Windows\System32\drivers\41255614.sys
2012-07-03 05:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 10:10:03 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-06 00:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-09 04:01:34 446464 -c--a-w- C:\Program Files\TFC.exe
2010-07-04 14:34:10 388608 -c--a-w- C:\Program Files\HijackThis204.exe
.
============= FINISH: 19:30:31.33 ===============


Second DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Terence at 19:31:57 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3350.1652 [GMT 8:00]
.
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Windows\SysWOW64\CPdeSrvU.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://news.google.com/
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [SkyDrive] "C:\Users\Terence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
StartupFolder: C:\Users\Terence\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtilTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~2.LNK - C:\Program Files (x86)\BUFFALO\BFRD4G\BRDUtil.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: avast.com\public
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: infospyware.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\35471627865726 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\544656E605F696E647 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\65964716C634F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A74EFE91-DBFC-4363-BC1B-5D8F23334796}\75962756C6563737043574 : DhcpNameServer = 10.138.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun-x64: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun-x64: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\system32\DRIVERS\BFRD4G.sys --> C:\Windows\system32\DRIVERS\BFRD4G.sys [?]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\system32\drivers\bftpdskc64.sys --> C:\Windows\system32\drivers\bftpdskc64.sys [?]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2011-11-7 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2010-3-12 90112]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-18 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-7 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\system32\drivers\bautpw64.sys --> C:\Windows\system32\drivers\bautpw64.sys [?]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\system32\drivers\bftpusbx64.sys --> C:\Windows\system32\drivers\bftpusbx64.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-6-24 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-1 116648]
S3 Jukebox3_x64;Jukebox3_x64;C:\Windows\system32\DRIVERS\ctpdusbx.sys --> C:\Windows\system32\DRIVERS\ctpdusbx.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-08-16 02:08:19 -------- dc----w- C:\Downloads
2012-08-15 01:50:50 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 01:44:45 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 01:44:45 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 01:44:45 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 01:44:45 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 01:44:43 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 01:44:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 01:44:43 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 01:44:42 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 01:44:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 01:44:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 01:44:41 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 09:22:19 -------- dc----w- C:\Program Files\Eraser
2012-08-14 04:15:49 -------- dc----w- C:\android-sdk
2012-08-14 02:24:11 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-14 02:24:11 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-13 06:33:18 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-13 05:22:16 -------- d-----w- C:\Program Files (x86)\Nero
2012-08-12 16:05:10 -------- d-----w- C:\Users\Terence\AppData\Roaming\Imagic507N
2012-08-12 16:03:34 98304 ------w- C:\Windows\SysWow64\l3codecx.ax
2012-08-12 08:25:38 -------- dc----w- C:\Terence
2012-08-12 07:44:25 -------- d-----w- C:\Users\Terence\SyncUP
2012-08-12 07:43:26 -------- d-----w- C:\Users\Terence\AppData\Local\Nero_AG
2012-08-12 07:43:24 -------- d-----w- C:\Users\Terence\AppData\Roaming\Dell
2012-08-12 07:43:00 -------- d-----w- C:\Users\Terence\AppData\Local\Nero
2012-08-12 07:33:25 -------- d-----w- C:\ProgramData\Nero
2012-08-12 07:32:29 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-08-12 07:32:04 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-12 07:31:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-08-12 07:31:13 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-08-12 07:30:50 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-08-12 06:08:53 -------- dc----w- C:\adb
2012-08-11 18:37:21 -------- d-----w- C:\Users\Terence\AppData\Local\Apple
2012-08-06 16:25:32 -------- d-----w- C:\Users\Terence\.android
2012-08-06 16:25:13 -------- d-----w- C:\Users\Terence\AppData\Local\Android
2012-07-31 01:34:02 -------- d-sh--w- C:\found.000
2012-07-27 01:59:04 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-07-22 13:02:47 -------- d-----w- C:\Users\Terence\AppData\Roaming\addpcs
2012-07-22 06:31:27 -------- dc----w- C:\_OTL
.
==================== Find3M ====================
.
2012-08-15 07:57:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:57:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-13 06:32:32 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-13 06:32:32 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 02:27:42 116016 ----a-w- C:\Windows\System32\drivers\41255614.sys
2012-07-03 05:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 10:10:03 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-06 00:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-09 04:01:34 446464 -c--a-w- C:\Program Files\TFC.exe
2010-07-04 14:34:10 388608 -c--a-w- C:\Program Files\HijackThis204.exe
.
============= FINISH: 19:35:07.23 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users