Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newsfudge -- virus?


  • This topic is locked This topic is locked
8 replies to this topic

#1 eyen

eyen

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 15 July 2012 - 03:53 PM

Hi all,

Less than a week ago, I started noticing my browser was automatically redirecting to a number of websites after I searched on google. Often I would be directed a newsfudge.com website, but it would redirect to other sites as well, frequently related to whatever I searched for. When redirected, the page would mostly pop up under another window, so I disallowed any pop-ups from Internet Explorer, but that didn't help. Since then I've tried running/updating MBAM several times, and although it found a few things which I promptly deleted, the problem is still there. I've checked under google chrome and also firefox, and the problem exists there as well.

Any help would be appreciated! Thanks

eyen

-I'm running Windows 7 Home Premium (64 bit)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:52 PM

Posted 15 July 2012 - 05:55 PM

Welcome eyen

Lets look a a few other things.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


>>>>>
Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


<<<<
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


<<<<
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 eyen

eyen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 15 July 2012 - 08:37 PM

Hi Boopme,

Thanks for your reply and help.
Are you on a router? Are other machines on it,if so are they redirecting?
--Yes, I am on a wireless router through AT&T, and there are two other Macbooks running OS Lion, but they are not having issues.

Do you use Firefox?
--No, I pretty much just use IE.

MiniToolBox Log:
MiniToolBox by Farbar Version: 15-07-2012
Ran by Edward (administrator) on 15-07-2012 at 20:13:23
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: proxy.bcm.tmc.edu:3128

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "proxy.bcm.tmc.edu"
"network.proxy.ftp_port", 31280
"network.proxy.http", "proxy.bcm.tmc.edu"
"network.proxy.http_port", 31280
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "proxy.bcm.tmc.edu"
"network.proxy.socks_port", 31280
"network.proxy.ssl", "proxy.bcm.tmc.edu"
"network.proxy.ssl_port", 31280
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Edward-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-98-0D-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 1C-65-9D-B3-4D-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a967:56a1:763b:114%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 3:19:11 PM
Lease Expires . . . . . . . . . . : Monday, July 16, 2012 3:19:10 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 203187613
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B4-5F-11-1C-65-9D-B3-4D-39
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D7808AEF-543D-4D31-AE04-E8ABC18B7592}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.227.68] with 32 bytes of data:
Reply from 74.125.227.68: bytes=32 time=27ms TTL=52
Reply from 74.125.227.68: bytes=32 time=26ms TTL=52

Ping statistics for 74.125.227.68:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=62ms TTL=43
Reply from 209.191.122.70: bytes=32 time=58ms TTL=43

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 62ms, Average = 60ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...6c 62 6d 98 0d 70 ......Realtek PCIe GBE Family Controller
12...1c 65 9d b3 4d 39 ......802.11n Wireless LAN Card
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.70 281
192.168.1.70 255.255.255.255 On-link 192.168.1.70 281
192.168.1.255 255.255.255.255 On-link 192.168.1.70 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.70 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.70 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::a967:56a1:763b:114/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/15/2012 02:14:12 PM) (Source: MsiInstaller) (User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/15/2012 02:13:42 PM) (Source: MsiInstaller) (User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/15/2012 02:13:10 PM) (Source: MsiInstaller) (User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/15/2012 02:12:38 PM) (Source: MsiInstaller) (User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/15/2012 08:58:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x001d9aa6
Faulting process id: 0x25f8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/15/2012 08:18:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0x7c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17022970

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17022970

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2012 08:22:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969


System errors:
=============
Error: (07/15/2012 03:49:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (07/15/2012 03:35:53 PM) (Source: Microsoft-Windows-Service Pack Installer) (User: Edward-HP)
Description: Service Pack installation failed with error code 0x800f0a13.

Error: (07/15/2012 03:33:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/15/2012 03:33:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/15/2012 03:33:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (07/15/2012 03:33:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (07/15/2012 03:33:16 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/15/2012 03:19:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (07/15/2012 03:19:11 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/15/2012 03:19:11 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (07/15/2012 02:14:12 PM) (Source: MsiInstaller)(User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/15/2012 02:13:42 PM) (Source: MsiInstaller)(User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/15/2012 02:13:10 PM) (Source: MsiInstaller)(User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/15/2012 02:12:38 PM) (Source: MsiInstaller)(User: Edward-HP)Edward-HP
Description: Product: Symantec AntiVirus Win64 -- Error 1920.Service Symantec AntiVirus (Symantec AntiVirus) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/15/2012 08:58:04 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100MSHTML.dll9.0.8112.164474fc9d776c0000005001d9aa625f801cd629132115715C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\MSHTML.dll187a1973-ce85-11e1-9b6a-6c626d980d70

Error: (07/15/2012 08:18:10 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100ntdll.dll6.1.7600.169154ec49d10c0000374000ce9037c401cd628be403eb0eC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\ntdll.dll8551c742-ce7f-11e1-9b6a-6c626d980d70

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17022970

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17022970

Error: (07/15/2012 01:06:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2012 08:22:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
AC3Filter 2.2a (Version: 2.2a)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.7)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.804.0)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
BLOCKBUSTER Movielink
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Build-a-lot 2 (Version: 2.2.0.95)
C4400 (Version: 130.0.365.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1125.2142.38865)
Catalyst Control Center InstallProxy (Version: 2010.1125.2142.38865)
Catalyst Control Center Localization All (Version: 2010.1125.2142.38865)
ccc-core-static (Version: 2010.1125.2142.38865)
ccc-utility64 (Version: 2010.1125.2142.38865)
CCC Help Chinese Standard (Version: 2010.1125.2141.38865)
CCC Help Chinese Traditional (Version: 2010.1125.2141.38865)
CCC Help English (Version: 2010.1125.2141.38865)
CCC Help Japanese (Version: 2010.1125.2141.38865)
CCC Help Korean (Version: 2010.1125.2141.38865)
CCC Help Thai (Version: 2010.1125.2141.38865)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Copy (Version: 130.0.428.000)
Coupon Printer for Windows (Version: 5.0.0.1)
CyberLink DVD Suite Deluxe (Version: 7.0.2823)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DivX Setup (Version: 2.6.1.9)
DocProc (Version: 13.0.0.0)
Dora's Carnival Adventure (Version: 2.2.0.95)
Driver Sweeper 2.1.0
Driver Sweeper version 2.8.0 (Version: 2.8.0)
Dropbox (Version: 1.4.7)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4030)
Escape Rosecliff Island (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Feedback Tool (Version: 1.1.0)
Feedback Tool (Version: 1.2.0)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 20.0.1132.57)
Google Drive (Version: 1.2.3123.250)
Google Update Helper (Version: 1.3.21.115)
GPBaseService2 (Version: 130.0.371.000)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Advisor (Version: 3.4.12850.3526)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Game Console
HP Games (Version: 1.0.1.3)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Music (Version: 4.1.4301)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.3.0)
HP Odometer (Version: 2.10.0000)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 11.14.0001)
HP Setup (Version: 8.1.4186.3400)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Hulu Desktop (Version: 0.9.13)
iCloud (Version: 1.1.0.40)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 10.8.0.1003)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo
LabelPrint (Version: 2.5.2823)
LightScribe System Software (Version: 1.18.15.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.73)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.1.121.2)
Mendeley Desktop 1.1.2 (Version: 1.1.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Octoshape add-in for Adobe Flash Player
OrchidWiz Encyclopedia 7.0 (Version: 7.0)
OrchidWiz Encyclopedia 8.0 (Version: 8.0)
OrchidWiz Encyclopedia 9.0 (Version: 9.0)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Picasa 3 (Version: 3.8)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4022)
PowerDirector (Version: 8.0.2906)
PressReader (Version: 5.10.621.0)
PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000)
QuickTime (Version: 7.72.80.56)
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver (Version: 7.27.920.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.2926)
Roxio CinemaNow 2.0 (Version: 1.0.284)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Spotify (Version: 0.8.3.222.g317ab79d)
Status (Version: 130.0.469.000)
System Requirements Lab for Intel (Version: 4.5.3.0)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
WD SmartWare (Version: 1.4.1.1)
WebReg (Version: 130.0.132.017)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Xvid Video Codec (Version: 1.3.2)
Zinio Reader 4 (Version: 4.0.2811)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 9175.08 MB
Available physical RAM: 5928.4 MB
Total Pagefile: 18348.3 MB
Available Pagefile: 14707.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1384.69 GB) (Free:1283.73 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.48 GB) (Free:1.53 GB) NTFS
3 Drive e: (OrchidWiz 9.0) (CDROM) (Total:5.35 GB) (Free:0 GB) UDF
5 Drive h: (CF DRIVE) (Removable) (Total:7.46 GB) (Free:7.31 GB) FAT32
7 Drive j: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\EDWARD-HP

Administrator Edward Guest


**** End of log ****

GooredFix
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:18 on 15/07/2012 (Edward)
Firefox version 13.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:07 18/08/2011]
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [15:02 11/07/2012]

C:\Users\Edward\Application Data\Mozilla\Firefox\Profiles\52cvz3zx.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06:14 21/12/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [07:03 25/12/2011]

-=E.O.F=-

Rkill log:
(I believe it did run).
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/15/2012 at 20:20:19.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Edward\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\McUICnt.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe


Rkill completed on 07/15/2012 at 20:20:26.


TDSSKiller Log:

(I did not need to reboot)

20:21:16.0898 6032 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:21:17.0517 6032 ============================================================
20:21:17.0517 6032 Current date / time: 2012/07/15 20:21:17.0517
20:21:17.0517 6032 SystemInfo:
20:21:17.0517 6032
20:21:17.0517 6032 OS Version: 6.1.7600 ServicePack: 0.0
20:21:17.0517 6032 Product type: Workstation
20:21:17.0517 6032 ComputerName: EDWARD-HP
20:21:17.0518 6032 UserName: Edward
20:21:17.0518 6032 Windows directory: C:\Windows
20:21:17.0518 6032 System windows directory: C:\Windows
20:21:17.0518 6032 Running under WOW64
20:21:17.0518 6032 Processor architecture: Intel x64
20:21:17.0518 6032 Number of processors: 8
20:21:17.0518 6032 Page size: 0x1000
20:21:17.0518 6032 Boot type: Normal boot
20:21:17.0518 6032 ============================================================
20:21:17.0980 6032 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:21:17.0992 6032 Drive \Device\Harddisk2\DR2 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:21:17.0999 6032 Drive \Device\Harddisk4\DR4 - Size: 0x1DD936000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:21:18.0013 6032 ============================================================
20:21:18.0013 6032 \Device\Harddisk0\DR0:
20:21:18.0014 6032 MBR partitions:
20:21:18.0014 6032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:21:18.0014 6032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD15F000
20:21:18.0014 6032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD191800, BlocksNum 0x18F5800
20:21:18.0014 6032 \Device\Harddisk4\DR4:
20:21:18.0015 6032 MBR partitions:
20:21:18.0015 6032 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xB, StartLBA 0x1B4, BlocksNum 0xEEC7FC
20:21:18.0015 6032 ============================================================
20:21:18.0041 6032 C: <-> \Device\Harddisk0\DR0\Partition1
20:21:18.0115 6032 D: <-> \Device\Harddisk0\DR0\Partition2
20:21:18.0115 6032 ============================================================
20:21:18.0115 6032 Initialize success
20:21:18.0115 6032 ============================================================
20:21:23.0926 9056 ============================================================
20:21:23.0926 9056 Scan started
20:21:23.0926 9056 Mode: Manual;
20:21:23.0926 9056 ============================================================
20:21:27.0146 9056 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:21:27.0151 9056 1394ohci - ok
20:21:27.0171 9056 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:21:27.0176 9056 ACPI - ok
20:21:27.0191 9056 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:21:27.0191 9056 AcpiPmi - ok
20:21:27.0291 9056 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:21:27.0291 9056 AdobeARMservice - ok
20:21:27.0401 9056 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:21:27.0406 9056 AdobeFlashPlayerUpdateSvc - ok
20:21:27.0436 9056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:21:27.0436 9056 adp94xx - ok
20:21:27.0466 9056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:21:27.0471 9056 adpahci - ok
20:21:27.0491 9056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:21:27.0491 9056 adpu320 - ok
20:21:27.0516 9056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:21:27.0521 9056 AeLookupSvc - ok
20:21:27.0576 9056 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:21:27.0581 9056 AFD - ok
20:21:27.0621 9056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:21:27.0621 9056 agp440 - ok
20:21:27.0641 9056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:21:27.0641 9056 ALG - ok
20:21:27.0656 9056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:21:27.0661 9056 aliide - ok
20:21:27.0701 9056 AMD External Events Utility (c9a5a02cb76b35a78404f6d4101163f9) C:\Windows\system32\atiesrxx.exe
20:21:27.0701 9056 AMD External Events Utility - ok
20:21:27.0716 9056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:21:27.0716 9056 amdide - ok
20:21:27.0736 9056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:21:27.0736 9056 AmdK8 - ok
20:21:28.0366 9056 amdkmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:28.0541 9056 amdkmdag - ok
20:21:28.0691 9056 amdkmdap (d93655ec3ca48fcbffd9d4e6df63737f) C:\Windows\system32\DRIVERS\atikmpag.sys
20:21:28.0696 9056 amdkmdap - ok
20:21:28.0716 9056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:21:28.0716 9056 AmdPPM - ok
20:21:28.0751 9056 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:21:28.0751 9056 amdsata - ok
20:21:28.0776 9056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:21:28.0781 9056 amdsbs - ok
20:21:28.0796 9056 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:21:28.0796 9056 amdxata - ok
20:21:28.0826 9056 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:21:28.0826 9056 AppID - ok
20:21:28.0851 9056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:21:28.0856 9056 AppIDSvc - ok
20:21:28.0871 9056 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:21:28.0871 9056 Appinfo - ok
20:21:29.0006 9056 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:21:29.0006 9056 Apple Mobile Device - ok
20:21:29.0026 9056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:21:29.0026 9056 arc - ok
20:21:29.0051 9056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:21:29.0051 9056 arcsas - ok
20:21:29.0071 9056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:29.0071 9056 AsyncMac - ok
20:21:29.0086 9056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:21:29.0091 9056 atapi - ok
20:21:29.0121 9056 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
20:21:29.0126 9056 AtiHdmiService - ok
20:21:29.0171 9056 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:21:29.0181 9056 AudioEndpointBuilder - ok
20:21:29.0191 9056 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:21:29.0196 9056 AudioSrv - ok
20:21:29.0236 9056 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:21:29.0236 9056 AxInstSV - ok
20:21:29.0276 9056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:21:29.0281 9056 b06bdrv - ok
20:21:29.0316 9056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:21:29.0321 9056 b57nd60a - ok
20:21:29.0391 9056 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:21:29.0391 9056 BBSvc - ok
20:21:29.0426 9056 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:21:29.0426 9056 BBUpdate - ok
20:21:29.0461 9056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:21:29.0461 9056 BDESVC - ok
20:21:29.0476 9056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:21:29.0476 9056 Beep - ok
20:21:29.0521 9056 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:21:29.0531 9056 BITS - ok
20:21:29.0566 9056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:21:29.0566 9056 blbdrive - ok
20:21:29.0646 9056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:21:29.0651 9056 Bonjour Service - ok
20:21:29.0721 9056 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:21:29.0726 9056 bowser - ok
20:21:29.0741 9056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:21:29.0741 9056 BrFiltLo - ok
20:21:29.0761 9056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:21:29.0761 9056 BrFiltUp - ok
20:21:29.0781 9056 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:21:29.0786 9056 Browser - ok
20:21:29.0826 9056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:21:29.0831 9056 Brserid - ok
20:21:29.0851 9056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:21:29.0856 9056 BrSerWdm - ok
20:21:29.0871 9056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:21:29.0871 9056 BrUsbMdm - ok
20:21:29.0881 9056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:21:29.0886 9056 BrUsbSer - ok
20:21:29.0906 9056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:21:29.0906 9056 BTHMODEM - ok
20:21:29.0941 9056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:21:29.0941 9056 bthserv - ok
20:21:29.0961 9056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:29.0966 9056 cdfs - ok
20:21:29.0986 9056 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:29.0991 9056 cdrom - ok
20:21:30.0021 9056 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:21:30.0026 9056 CertPropSvc - ok
20:21:30.0096 9056 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:21:30.0096 9056 CinemaNow Service - ok
20:21:30.0111 9056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:21:30.0111 9056 circlass - ok
20:21:30.0136 9056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:21:30.0141 9056 CLFS - ok
20:21:30.0212 9056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:21:30.0212 9056 clr_optimization_v2.0.50727_32 - ok
20:21:30.0247 9056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:21:30.0247 9056 clr_optimization_v2.0.50727_64 - ok
20:21:30.0312 9056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:21:30.0317 9056 clr_optimization_v4.0.30319_32 - ok
20:21:30.0342 9056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:21:30.0347 9056 clr_optimization_v4.0.30319_64 - ok
20:21:30.0367 9056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:30.0372 9056 CmBatt - ok
20:21:30.0397 9056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:21:30.0397 9056 cmdide - ok
20:21:30.0447 9056 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
20:21:30.0452 9056 CNG - ok
20:21:30.0477 9056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:30.0477 9056 Compbatt - ok
20:21:30.0497 9056 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:21:30.0502 9056 CompositeBus - ok
20:21:30.0507 9056 COMSysApp - ok
20:21:30.0552 9056 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
20:21:30.0552 9056 CpqDfw - ok
20:21:30.0577 9056 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
20:21:30.0582 9056 cqcpu - ok
20:21:30.0592 9056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:21:30.0592 9056 crcdisk - ok
20:21:30.0647 9056 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
20:21:30.0647 9056 CryptSvc - ok
20:21:30.0692 9056 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
20:21:30.0697 9056 ctxusbm - ok
20:21:30.0752 9056 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:21:30.0762 9056 DcomLaunch - ok
20:21:30.0792 9056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:21:30.0797 9056 defragsvc - ok
20:21:30.0837 9056 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:21:30.0837 9056 DfsC - ok
20:21:30.0867 9056 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:21:30.0877 9056 Dhcp - ok
20:21:30.0907 9056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:21:30.0907 9056 discache - ok
20:21:30.0937 9056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:21:30.0937 9056 Disk - ok
20:21:30.0977 9056 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:21:30.0977 9056 Dnscache - ok
20:21:31.0007 9056 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:21:31.0007 9056 dot3svc - ok
20:21:31.0077 9056 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:21:31.0077 9056 Dot4 - ok
20:21:31.0127 9056 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:21:31.0127 9056 Dot4Print - ok
20:21:31.0147 9056 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:21:31.0157 9056 dot4usb - ok
20:21:31.0177 9056 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:21:31.0177 9056 DPS - ok
20:21:31.0197 9056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:21:31.0197 9056 drmkaud - ok
20:21:31.0257 9056 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:31.0267 9056 DXGKrnl - ok
20:21:31.0297 9056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:21:31.0297 9056 EapHost - ok
20:21:31.0427 9056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:21:31.0467 9056 ebdrv - ok
20:21:31.0557 9056 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:21:31.0567 9056 EFS - ok
20:21:31.0657 9056 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:21:31.0667 9056 ehRecvr - ok
20:21:31.0697 9056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:21:31.0697 9056 ehSched - ok
20:21:31.0747 9056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:21:31.0757 9056 elxstor - ok
20:21:31.0777 9056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:21:31.0777 9056 ErrDev - ok
20:21:31.0817 9056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:21:31.0817 9056 EventSystem - ok
20:21:31.0847 9056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:21:31.0847 9056 exfat - ok
20:21:31.0877 9056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:21:31.0877 9056 fastfat - ok
20:21:32.0017 9056 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:21:32.0037 9056 Fax - ok
20:21:32.0067 9056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:21:32.0067 9056 fdc - ok
20:21:32.0087 9056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:21:32.0097 9056 fdPHost - ok
20:21:32.0107 9056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:21:32.0107 9056 FDResPub - ok
20:21:32.0127 9056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:21:32.0127 9056 FileInfo - ok
20:21:32.0147 9056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:21:32.0147 9056 Filetrace - ok
20:21:32.0157 9056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:32.0167 9056 flpydisk - ok
20:21:32.0197 9056 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:21:32.0197 9056 FltMgr - ok
20:21:32.0267 9056 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
20:21:32.0307 9056 FontCache - ok
20:21:32.0357 9056 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:21:32.0357 9056 FontCache3.0.0.0 - ok
20:21:32.0507 9056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:21:32.0507 9056 FsDepends - ok
20:21:32.0527 9056 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:32.0527 9056 Fs_Rec - ok
20:21:32.0557 9056 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:21:32.0567 9056 fvevol - ok
20:21:32.0597 9056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:21:32.0597 9056 gagp30kx - ok
20:21:32.0667 9056 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:21:32.0677 9056 GameConsoleService - ok
20:21:32.0717 9056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:21:32.0717 9056 GEARAspiWDM - ok
20:21:32.0767 9056 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:21:32.0777 9056 gpsvc - ok
20:21:32.0877 9056 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:21:32.0877 9056 gupdate - ok
20:21:32.0887 9056 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:21:32.0887 9056 gupdatem - ok
20:21:32.0927 9056 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:21:32.0927 9056 gusvc - ok
20:21:32.0967 9056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:21:32.0967 9056 hcw85cir - ok
20:21:33.0017 9056 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:21:33.0027 9056 HdAudAddService - ok
20:21:33.0057 9056 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:21:33.0067 9056 HDAudBus - ok
20:21:33.0087 9056 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:21:33.0097 9056 HECIx64 - ok
20:21:33.0107 9056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:21:33.0107 9056 HidBatt - ok
20:21:33.0137 9056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:21:33.0137 9056 HidBth - ok
20:21:33.0157 9056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:21:33.0157 9056 HidIr - ok
20:21:33.0177 9056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:21:33.0177 9056 hidserv - ok
20:21:33.0197 9056 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:33.0197 9056 HidUsb - ok
20:21:33.0217 9056 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:21:33.0217 9056 hkmsvc - ok
20:21:33.0247 9056 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:21:33.0257 9056 HomeGroupListener - ok
20:21:33.0297 9056 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:21:33.0307 9056 HomeGroupProvider - ok
20:21:33.0407 9056 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:21:33.0407 9056 HP Support Assistant Service - ok
20:21:33.0437 9056 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:21:33.0437 9056 HPDrvMntSvc.exe - ok
20:21:33.0577 9056 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:21:33.0577 9056 hpqcxs08 - ok
20:21:33.0613 9056 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:21:33.0613 9056 hpqddsvc - ok
20:21:33.0668 9056 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:21:33.0674 9056 hpqwmiex - ok
20:21:33.0902 9056 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:21:33.0904 9056 HpSAMD - ok
20:21:34.0209 9056 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Users\Edward\AppData\Local\Temp\7zS2F17\hpslpsvc64.dll
20:21:34.0223 9056 HPSLPSVC - ok
20:21:34.0424 9056 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:21:34.0434 9056 HTTP - ok
20:21:34.0449 9056 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:21:34.0451 9056 hwpolicy - ok
20:21:34.0473 9056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:21:34.0476 9056 i8042prt - ok
20:21:34.0537 9056 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
20:21:34.0542 9056 iaStor - ok
20:21:34.0631 9056 IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:21:34.0631 9056 IAStorDataMgrSvc - ok
20:21:34.0691 9056 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:21:34.0697 9056 iaStorV - ok
20:21:34.0783 9056 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:21:34.0789 9056 idsvc - ok
20:21:34.0823 9056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:21:34.0824 9056 iirsp - ok
20:21:34.0891 9056 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:21:34.0902 9056 IKEEXT - ok
20:21:35.0049 9056 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
20:21:35.0102 9056 IntcAzAudAddService - ok
20:21:35.0177 9056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:21:35.0178 9056 intelide - ok
20:21:35.0208 9056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:35.0209 9056 intelppm - ok
20:21:35.0228 9056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:21:35.0231 9056 IPBusEnum - ok
20:21:35.0246 9056 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:35.0247 9056 IpFilterDriver - ok
20:21:35.0259 9056 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:21:35.0261 9056 IPMIDRV - ok
20:21:35.0283 9056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:21:35.0286 9056 IPNAT - ok
20:21:35.0398 9056 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:21:35.0407 9056 iPod Service - ok
20:21:35.0441 9056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:21:35.0442 9056 IRENUM - ok
20:21:35.0479 9056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:21:35.0481 9056 isapnp - ok
20:21:35.0509 9056 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:21:35.0513 9056 iScsiPrt - ok
20:21:35.0531 9056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:35.0532 9056 kbdclass - ok
20:21:35.0546 9056 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:21:35.0547 9056 kbdhid - ok
20:21:35.0581 9056 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:35.0582 9056 KeyIso - ok
20:21:35.0613 9056 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
20:21:35.0613 9056 KSecDD - ok
20:21:35.0633 9056 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
20:21:35.0643 9056 KSecPkg - ok
20:21:35.0655 9056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:21:35.0657 9056 ksthunk - ok
20:21:35.0700 9056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:21:35.0707 9056 KtmRm - ok
20:21:35.0746 9056 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:21:35.0751 9056 LanmanServer - ok
20:21:35.0781 9056 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:21:35.0785 9056 LanmanWorkstation - ok
20:21:35.0857 9056 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:21:35.0858 9056 LightScribeService - ok
20:21:36.0040 9056 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\PROGRA~2\Symantec\LiveUpdate\LuComServer_3_3.EXE
20:21:36.0056 9056 LiveUpdate - ok
20:21:36.0142 9056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:36.0143 9056 lltdio - ok
20:21:36.0194 9056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:21:36.0200 9056 lltdsvc - ok
20:21:36.0239 9056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:21:36.0241 9056 lmhosts - ok
20:21:36.0325 9056 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:21:36.0328 9056 LMS - ok
20:21:36.0360 9056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:21:36.0362 9056 LSI_FC - ok
20:21:36.0378 9056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:21:36.0380 9056 LSI_SAS - ok
20:21:36.0408 9056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:21:36.0411 9056 LSI_SAS2 - ok
20:21:36.0433 9056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:21:36.0435 9056 LSI_SCSI - ok
20:21:36.0454 9056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:21:36.0457 9056 luafv - ok
20:21:36.0499 9056 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
20:21:36.0501 9056 MBAMProtector - ok
20:21:36.0565 9056 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:21:36.0571 9056 MBAMService - ok
20:21:36.0656 9056 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
20:21:36.0659 9056 McComponentHostService - ok
20:21:36.0688 9056 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:21:36.0691 9056 Mcx2Svc - ok
20:21:36.0703 9056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:21:36.0704 9056 megasas - ok
20:21:36.0734 9056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:21:36.0739 9056 MegaSR - ok
20:21:36.0801 9056 Microsoft SharePoint Workspace Audit Service - ok
20:21:36.0840 9056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:21:36.0843 9056 MMCSS - ok
20:21:36.0857 9056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:21:36.0859 9056 Modem - ok
20:21:36.0888 9056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:21:36.0889 9056 monitor - ok
20:21:36.0924 9056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:36.0925 9056 mouclass - ok
20:21:36.0954 9056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:36.0955 9056 mouhid - ok
20:21:36.0979 9056 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:21:36.0981 9056 mountmgr - ok
20:21:37.0130 9056 Movielink Core Service (19e4baa7be36144c41af844de1cfb50d) C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
20:21:37.0146 9056 Movielink Core Service - ok
20:21:37.0208 9056 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:21:37.0209 9056 MozillaMaintenance - ok
20:21:37.0306 9056 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:21:37.0309 9056 mpio - ok
20:21:37.0330 9056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:21:37.0332 9056 mpsdrv - ok
20:21:37.0356 9056 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:21:37.0359 9056 MRxDAV - ok
20:21:37.0396 9056 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:37.0399 9056 mrxsmb - ok
20:21:37.0445 9056 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:37.0450 9056 mrxsmb10 - ok
20:21:37.0474 9056 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:37.0476 9056 mrxsmb20 - ok
20:21:37.0503 9056 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:21:37.0504 9056 msahci - ok
20:21:37.0526 9056 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:21:37.0529 9056 msdsm - ok
20:21:37.0556 9056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:21:37.0560 9056 MSDTC - ok
20:21:37.0590 9056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:21:37.0591 9056 Msfs - ok
20:21:37.0614 9056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:21:37.0615 9056 mshidkmdf - ok
20:21:37.0623 9056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:21:37.0624 9056 msisadrv - ok
20:21:37.0652 9056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:21:37.0656 9056 MSiSCSI - ok
20:21:37.0659 9056 msiserver - ok
20:21:37.0678 9056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:37.0680 9056 MSKSSRV - ok
20:21:37.0691 9056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:37.0692 9056 MSPCLOCK - ok
20:21:37.0707 9056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:21:37.0709 9056 MSPQM - ok
20:21:37.0739 9056 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:21:37.0744 9056 MsRPC - ok
20:21:37.0774 9056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:21:37.0775 9056 mssmbios - ok
20:21:37.0780 9056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:21:37.0781 9056 MSTEE - ok
20:21:37.0798 9056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:21:37.0799 9056 MTConfig - ok
20:21:37.0831 9056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:21:37.0832 9056 Mup - ok
20:21:37.0873 9056 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:21:37.0881 9056 napagent - ok
20:21:37.0939 9056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:37.0944 9056 NativeWifiP - ok
20:21:38.0012 9056 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:21:38.0024 9056 NDIS - ok
20:21:38.0043 9056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:21:38.0044 9056 NdisCap - ok
20:21:38.0064 9056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:38.0065 9056 NdisTapi - ok
20:21:38.0082 9056 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:38.0084 9056 Ndisuio - ok
20:21:38.0100 9056 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:38.0102 9056 NdisWan - ok
20:21:38.0109 9056 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:21:38.0110 9056 NDProxy - ok
20:21:38.0152 9056 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
20:21:38.0154 9056 Net Driver HPZ12 - ok
20:21:38.0170 9056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:21:38.0171 9056 NetBIOS - ok
20:21:38.0188 9056 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:21:38.0191 9056 NetBT - ok
20:21:38.0220 9056 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:38.0221 9056 Netlogon - ok
20:21:38.0246 9056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:21:38.0250 9056 Netman - ok
20:21:38.0285 9056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:21:38.0290 9056 netprofm - ok
20:21:38.0353 9056 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
20:21:38.0365 9056 netr28x - ok
20:21:38.0430 9056 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:21:38.0432 9056 NetTcpPortSharing - ok
20:21:38.0457 9056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:21:38.0458 9056 nfrd960 - ok
20:21:38.0494 9056 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:21:38.0499 9056 NlaSvc - ok
20:21:38.0530 9056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:21:38.0532 9056 Npfs - ok
20:21:38.0541 9056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:21:38.0544 9056 nsi - ok
20:21:38.0559 9056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:21:38.0561 9056 nsiproxy - ok
20:21:38.0651 9056 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:21:38.0685 9056 Ntfs - ok
20:21:38.0749 9056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:21:38.0750 9056 Null - ok
20:21:38.0800 9056 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:21:38.0802 9056 nusb3hub - ok
20:21:38.0833 9056 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:21:38.0835 9056 nusb3xhc - ok
20:21:38.0877 9056 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:21:38.0878 9056 nvraid - ok
20:21:38.0915 9056 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:21:38.0918 9056 nvstor - ok
20:21:38.0943 9056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:21:38.0945 9056 nv_agp - ok
20:21:38.0962 9056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:38.0963 9056 ohci1394 - ok
20:21:39.0038 9056 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:39.0039 9056 ose - ok
20:21:39.0260 9056 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:21:39.0281 9056 osppsvc - ok
20:21:39.0407 9056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:21:39.0413 9056 p2pimsvc - ok
20:21:39.0455 9056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:21:39.0462 9056 p2psvc - ok
20:21:39.0510 9056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:21:39.0512 9056 Parport - ok
20:21:39.0548 9056 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:21:39.0550 9056 partmgr - ok
20:21:39.0569 9056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:21:39.0573 9056 PcaSvc - ok
20:21:39.0605 9056 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:21:39.0607 9056 pci - ok
20:21:39.0638 9056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:21:39.0639 9056 pciide - ok
20:21:39.0666 9056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:21:39.0670 9056 pcmcia - ok
20:21:39.0816 9056 PCToolsSSDMonitorSvc (8cb97ab9edc3db4e6723577e1d790353) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
20:21:39.0822 9056 PCToolsSSDMonitorSvc - ok
20:21:39.0873 9056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:21:39.0874 9056 pcw - ok
20:21:39.0910 9056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:21:39.0927 9056 PEAUTH - ok
20:21:40.0017 9056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:21:40.0019 9056 PerfHost - ok
20:21:40.0094 9056 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:21:40.0122 9056 pla - ok
20:21:40.0187 9056 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:21:40.0193 9056 PlugPlay - ok
20:21:40.0227 9056 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
20:21:40.0229 9056 Pml Driver HPZ12 - ok
20:21:40.0237 9056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:21:40.0238 9056 PNRPAutoReg - ok
20:21:40.0268 9056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:21:40.0271 9056 PNRPsvc - ok
20:21:40.0307 9056 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:21:40.0315 9056 PolicyAgent - ok
20:21:40.0353 9056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:21:40.0357 9056 Power - ok
20:21:40.0418 9056 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:40.0420 9056 PptpMiniport - ok
20:21:40.0433 9056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:21:40.0435 9056 Processor - ok
20:21:40.0467 9056 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
20:21:40.0471 9056 ProfSvc - ok
20:21:40.0502 9056 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:40.0503 9056 ProtectedStorage - ok
20:21:40.0538 9056 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:21:40.0540 9056 Psched - ok
20:21:40.0620 9056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:21:40.0653 9056 ql2300 - ok
20:21:40.0720 9056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:21:40.0722 9056 ql40xx - ok
20:21:40.0748 9056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:21:40.0754 9056 QWAVE - ok
20:21:40.0773 9056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:21:40.0774 9056 QWAVEdrv - ok
20:21:40.0786 9056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:40.0788 9056 RasAcd - ok
20:21:40.0818 9056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:21:40.0819 9056 RasAgileVpn - ok
20:21:40.0839 9056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:21:40.0842 9056 RasAuto - ok
20:21:40.0864 9056 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:40.0866 9056 Rasl2tp - ok
20:21:40.0894 9056 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:21:40.0900 9056 RasMan - ok
20:21:40.0921 9056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:40.0923 9056 RasPppoe - ok
20:21:40.0937 9056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:40.0938 9056 RasSstp - ok
20:21:40.0957 9056 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:40.0960 9056 rdbss - ok
20:21:40.0970 9056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:21:40.0970 9056 rdpbus - ok
20:21:40.0993 9056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:40.0994 9056 RDPCDD - ok
20:21:41.0008 9056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:21:41.0010 9056 RDPENCDD - ok
20:21:41.0019 9056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:21:41.0020 9056 RDPREFMP - ok
20:21:41.0063 9056 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
20:21:41.0067 9056 RDPWD - ok
20:21:41.0102 9056 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:21:41.0106 9056 rdyboost - ok
20:21:41.0141 9056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:21:41.0144 9056 RemoteAccess - ok
20:21:41.0164 9056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:21:41.0167 9056 RemoteRegistry - ok
20:21:41.0186 9056 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:21:41.0187 9056 RimUsb - ok
20:21:41.0198 9056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:21:41.0200 9056 RpcEptMapper - ok
20:21:41.0214 9056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:21:41.0216 9056 RpcLocator - ok
20:21:41.0244 9056 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:21:41.0247 9056 RpcSs - ok
20:21:41.0269 9056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:41.0270 9056 rspndr - ok
20:21:41.0343 9056 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:21:41.0348 9056 RTL8167 - ok
20:21:41.0385 9056 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:41.0386 9056 SamSs - ok
20:21:41.0415 9056 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:21:41.0418 9056 sbp2port - ok
20:21:41.0463 9056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:21:41.0468 9056 SCardSvr - ok
20:21:41.0474 9056 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:21:41.0475 9056 scfilter - ok
20:21:41.0555 9056 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:21:41.0579 9056 Schedule - ok
20:21:41.0609 9056 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:21:41.0611 9056 SCPolicySvc - ok
20:21:41.0629 9056 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:21:41.0634 9056 SDRSVC - ok
20:21:41.0681 9056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:21:41.0683 9056 secdrv - ok
20:21:41.0698 9056 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:21:41.0701 9056 seclogon - ok
20:21:41.0713 9056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:21:41.0716 9056 SENS - ok
20:21:41.0725 9056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:21:41.0727 9056 SensrSvc - ok
20:21:41.0757 9056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:21:41.0758 9056 Serenum - ok
20:21:41.0775 9056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:21:41.0777 9056 Serial - ok
20:21:41.0802 9056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:21:41.0803 9056 sermouse - ok
20:21:41.0826 9056 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:21:41.0828 9056 SessionEnv - ok
20:21:41.0850 9056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:41.0851 9056 sffdisk - ok
20:21:41.0861 9056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:21:41.0862 9056 sffp_mmc - ok
20:21:41.0871 9056 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:41.0872 9056 sffp_sd - ok
20:21:41.0887 9056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:21:41.0888 9056 sfloppy - ok
20:21:41.0930 9056 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:21:41.0936 9056 ShellHWDetection - ok
20:21:41.0949 9056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:21:41.0950 9056 SiSRaid2 - ok
20:21:41.0964 9056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:21:41.0965 9056 SiSRaid4 - ok
20:21:41.0994 9056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:21:41.0995 9056 Smb - ok
20:21:42.0048 9056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:21:42.0051 9056 SNMPTRAP - ok
20:21:42.0064 9056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:21:42.0066 9056 spldr - ok
20:21:42.0117 9056 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:21:42.0125 9056 Spooler - ok
20:21:42.0273 9056 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:21:42.0325 9056 sppsvc - ok
20:21:42.0397 9056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:21:42.0401 9056 sppuinotify - ok
20:21:42.0462 9056 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:21:42.0467 9056 srv - ok
20:21:42.0505 9056 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:21:42.0510 9056 srv2 - ok
20:21:42.0552 9056 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:42.0554 9056 srvnet - ok
20:21:42.0582 9056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:21:42.0585 9056 SSDPSRV - ok
20:21:42.0598 9056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:21:42.0601 9056 SstpSvc - ok
20:21:42.0619 9056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:21:42.0621 9056 stexstor - ok
20:21:42.0669 9056 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:21:42.0678 9056 stisvc - ok
20:21:42.0696 9056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:21:42.0697 9056 swenum - ok
20:21:42.0725 9056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:21:42.0732 9056 swprv - ok
20:21:42.0794 9056 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:21:42.0797 9056 SymEvent - ok
20:21:42.0869 9056 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:21:42.0903 9056 SysMain - ok
20:21:42.0963 9056 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:21:42.0966 9056 TabletInputService - ok
20:21:42.0991 9056 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:21:42.0997 9056 TapiSrv - ok
20:21:43.0016 9056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:21:43.0020 9056 TBS - ok
20:21:43.0142 9056 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:21:43.0178 9056 Tcpip - ok
20:21:43.0328 9056 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:43.0341 9056 TCPIP6 - ok
20:21:43.0422 9056 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:21:43.0423 9056 tcpipreg - ok
20:21:43.0444 9056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:21:43.0446 9056 TDPIPE - ok
20:21:43.0476 9056 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:21:43.0477 9056 TDTCP - ok
20:21:43.0497 9056 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:21:43.0499 9056 tdx - ok
20:21:43.0520 9056 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:21:43.0522 9056 TermDD - ok
20:21:43.0572 9056 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:21:43.0584 9056 TermService - ok
20:21:43.0613 9056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:21:43.0615 9056 Themes - ok
20:21:43.0647 9056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:21:43.0649 9056 THREADORDER - ok
20:21:43.0667 9056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:21:43.0670 9056 TrkWks - ok
20:21:43.0726 9056 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:21:43.0728 9056 TrustedInstaller - ok
20:21:43.0746 9056 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:43.0747 9056 tssecsrv - ok
20:21:43.0769 9056 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:43.0771 9056 tunnel - ok
20:21:43.0792 9056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:21:43.0793 9056 uagp35 - ok
20:21:43.0820 9056 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:21:43.0825 9056 udfs - ok
20:21:43.0840 9056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:21:43.0842 9056 UI0Detect - ok
20:21:43.0862 9056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:21:43.0863 9056 uliagpkx - ok
20:21:43.0881 9056 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:21:43.0882 9056 umbus - ok
20:21:43.0894 9056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:21:43.0895 9056 UmPass - ok
20:21:44.0050 9056 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:21:44.0065 9056 UNS - ok
20:21:44.0163 9056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:21:44.0170 9056 upnphost - ok
20:21:44.0239 9056 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:21:44.0241 9056 USBAAPL64 - ok
20:21:44.0279 9056 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:44.0281 9056 usbccgp - ok
20:21:44.0298 9056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:21:44.0300 9056 usbcir - ok
20:21:44.0334 9056 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
20:21:44.0336 9056 usbehci - ok
20:21:44.0391 9056 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:44.0396 9056 usbhub - ok
20:21:44.0421 9056 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:21:44.0423 9056 usbohci - ok
20:21:44.0445 9056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:44.0446 9056 usbprint - ok
20:21:44.0467 9056 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:44.0469 9056 usbscan - ok
20:21:44.0504 9056 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:44.0506 9056 USBSTOR - ok
20:21:44.0528 9056 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
20:21:44.0530 9056 usbuhci - ok
20:21:44.0561 9056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:21:44.0564 9056 UxSms - ok
20:21:44.0600 9056 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:44.0601 9056 VaultSvc - ok
20:21:44.0623 9056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:21:44.0625 9056 vdrvroot - ok
20:21:44.0664 9056 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:21:44.0673 9056 vds - ok
20:21:44.0691 9056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:44.0693 9056 vga - ok
20:21:44.0705 9056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:21:44.0706 9056 VgaSave - ok
20:21:44.0733 9056 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:21:44.0737 9056 vhdmp - ok
20:21:44.0751 9056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:21:44.0753 9056 viaide - ok
20:21:44.0771 9056 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:21:44.0772 9056 volmgr - ok
20:21:44.0806 9056 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:21:44.0812 9056 volmgrx - ok
20:21:44.0841 9056 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:21:44.0845 9056 volsnap - ok
20:21:44.0850 9056 vpnva - ok
20:21:44.0872 9056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:21:44.0875 9056 vsmraid - ok
20:21:44.0947 9056 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:21:44.0980 9056 VSS - ok
20:21:45.0054 9056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:21:45.0055 9056 vwifibus - ok
20:21:45.0069 9056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:21:45.0071 9056 vwififlt - ok
20:21:45.0114 9056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:21:45.0122 9056 W32Time - ok
20:21:45.0144 9056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:21:45.0145 9056 WacomPen - ok
20:21:45.0184 9056 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:45.0186 9056 WANARP - ok
20:21:45.0191 9056 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:45.0192 9056 Wanarpv6 - ok
20:21:45.0271 9056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:21:45.0299 9056 WatAdminSvc - ok
20:21:45.0369 9056 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:21:45.0403 9056 wbengine - ok
20:21:45.0485 9056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:21:45.0490 9056 WbioSrvc - ok
20:21:45.0532 9056 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:21:45.0540 9056 wcncsvc - ok
20:21:45.0552 9056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:21:45.0555 9056 WcsPlugInService - ok
20:21:45.0568 9056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:21:45.0569 9056 Wd - ok
20:21:45.0596 9056 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
20:21:45.0597 9056 WDC_SAM - ok
20:21:45.0669 9056 WDDMService (6209c98eaa7d003dbea3eb3245211342) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:21:45.0673 9056 WDDMService - ok
20:21:45.0711 9056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:21:45.0720 9056 Wdf01000 - ok
20:21:45.0839 9056 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
20:21:45.0848 9056 WDFME - ok
20:21:45.0898 9056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:21:45.0901 9056 WdiServiceHost - ok
20:21:45.0903 9056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:21:45.0905 9056 WdiSystemHost - ok
20:21:45.0961 9056 WDSC (3e2b446bfd98ee3ab236fe9e84f35489) C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
20:21:45.0966 9056 WDSC - ok
20:21:46.0000 9056 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:21:46.0005 9056 WebClient - ok
20:21:46.0028 9056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:21:46.0032 9056 Wecsvc - ok
20:21:46.0044 9056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:21:46.0047 9056 wercplsupport - ok
20:21:46.0064 9056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:21:46.0067 9056 WerSvc - ok
20:21:46.0098 9056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:21:46.0099 9056 WfpLwf - ok
20:21:46.0110 9056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:21:46.0111 9056 WIMMount - ok
20:21:46.0116 9056 WinHttpAutoProxySvc - ok
20:21:46.0178 9056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:21:46.0181 9056 Winmgmt - ok
20:21:46.0274 9056 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:21:46.0312 9056 WinRM - ok
20:21:46.0440 9056 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:21:46.0442 9056 WinUsb - ok
20:21:46.0506 9056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:21:46.0519 9056 Wlansvc - ok
20:21:46.0661 9056 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:21:46.0702 9056 wlidsvc - ok
20:21:46.0788 9056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:21:46.0789 9056 WmiAcpi - ok
20:21:46.0844 9056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:21:46.0848 9056 wmiApSrv - ok
20:21:46.0877 9056 WMPNetworkSvc - ok
20:21:46.0889 9056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:21:46.0892 9056 WPCSvc - ok
20:21:46.0909 9056 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:21:46.0913 9056 WPDBusEnum - ok
20:21:46.0923 9056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:21:46.0924 9056 ws2ifsl - ok
20:21:46.0928 9056 WSearch - ok
20:21:47.0052 9056 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:21:47.0093 9056 wuauserv - ok
20:21:47.0174 9056 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:21:47.0176 9056 WudfPf - ok
20:21:47.0199 9056 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:47.0203 9056 WUDFRd - ok
20:21:47.0221 9056 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:21:47.0225 9056 wudfsvc - ok
20:21:47.0246 9056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:21:47.0251 9056 WwanSvc - ok
20:21:47.0272 9056 MBR (0x1B8) (a040d6a641c1a95edd8be354a88f7053) \Device\Harddisk0\DR0
20:21:47.0477 9056 \Device\Harddisk0\DR0 - ok
20:21:47.0481 9056 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
20:21:47.0488 9056 \Device\Harddisk4\DR4 - ok
20:21:47.0493 9056 Boot (0x1200) (a4234c5bbc5b00f1835a385d43a36e39) \Device\Harddisk0\DR0\Partition0
20:21:47.0497 9056 \Device\Harddisk0\DR0\Partition0 - ok
20:21:47.0528 9056 Boot (0x1200) (ec5f9e9632c9d1e52637b5964cc7788d) \Device\Harddisk0\DR0\Partition1
20:21:47.0531 9056 \Device\Harddisk0\DR0\Partition1 - ok
20:21:47.0561 9056 Boot (0x1200) (b385f401b24cad7d555c41eaff25576b) \Device\Harddisk0\DR0\Partition2
20:21:47.0567 9056 \Device\Harddisk0\DR0\Partition2 - ok
20:21:47.0571 9056 Boot (0x1200) (37f40b9f2f3d9deebab0f2b6a872e9d4) \Device\Harddisk4\DR4\Partition0
20:21:47.0572 9056 \Device\Harddisk4\DR4\Partition0 - ok
20:21:47.0573 9056 ============================================================
20:21:47.0573 9056 Scan finished
20:21:47.0573 9056 ============================================================
20:21:47.0585 9292 Detected object count: 0
20:21:47.0585 9292 Actual detected object count: 0

MBAM log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Edward :: EDWARD-HP [administrator]

7/15/2012 8:30:37 PM
mbam-log-2012-07-15 (20-30-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243802
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{1c3cfb81-ea45-c2be-8fec-cc138b1e6d6a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


I am going to reboot as soon as I post this, but overall it seems only MBAM found one thing.

I'll let you know in my next reply whether the problem seems to be gone.

-eyen

#4 eyen

eyen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 15 July 2012 - 08:51 PM

Hi,

Ok, it seems that it worked so far. I've tried searching a couple of sites now, and there is no further redirecting to any other site. Plus, my firefox actually loads google now (before it did not).

Thanks!
-eyen

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:52 PM

Posted 16 July 2012 - 09:25 AM

Looks like that one infection was the big trouble maker. Give it a day or two and if all's still good then..

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:

Edited by boopme, 16 July 2012 - 09:26 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 eyen

eyen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 16 July 2012 - 10:52 AM

Boopme,

Spoke too soon. The redirecting went away for a little it, but it's back now. The pattern seems different though, it doesn't happen as frequently, and also doesn't happen when I'm at my computer, more when I've left it and come back, I see pop-ups, including the newsfudge website again.

What to do next?
-eyen

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:52 PM

Posted 16 July 2012 - 11:07 AM

Ok, Yeah I thought we got that too easy,but I hoped.:) That's why I said wait a day.

You have a ZeroAccess rootkit. To remove it all we need to move and repost.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 eyen

eyen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 16 July 2012 - 11:40 AM

Thanks boopme, I just finsihed creating a new topic in the new section. Everything was fine, but I didn't attempt to run Gmer since it says not to do it since I have a 64 bit OS. Should I post back here since I've created a new topic?

I really appreciate your help,
-eyen

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:52 PM

Posted 16 July 2012 - 06:28 PM

You're welcome!!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users