Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something, Google keeps redirecting!


  • This topic is locked This topic is locked
25 replies to this topic

#1 Marekso

Marekso

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 24 July 2012 - 08:45 AM

Hey all, I've been noticing that when i try to click on any link on google it redirects me to a "singles cam offer site" .. it's super frustrating and I now install (before finding this awesome site) Malwarebytes Anti-bytes and upon doing a quick search it did find 2 rootkits and deleted them, but when i'm trying to access the internet it still shows me that it has stopped a malicious activity in where a wide array of IP addresses are doing something to services.exe ... AND I can't activate my default windows firewall it throws an error saying "Windows Firewall can't change some of your sttings Error code 0x80070424), And don't worry I followed ALL the guidelines (disabling the malwarebyte as well as disabling all CD/DVD emulation thingy's)..

UPDATE: Plus when I go to whatismyipaddress.com or any other such website it shows me that I have a United Kingdom IP(i'm from Latvia so this is super weird)
this is what it shows
IP Information: 91.105.14.190
ISP:
Organization:
Connection: Broadband
Services: None Detected
City: Featherstone
Region: Wakefield
Country: United Kingdom

--------------------------------

so here goes, this is the DSS report:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by Mareks at 16:37:42 on 2012-07-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2046.876 [GMT 3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TigerVNC\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 80.232.230.242 195.122.12.242
TCP: Interfaces\{A2B62DA1-2273-4BF6-902A-FC84E60118E4} : DhcpNameServer = 80.232.230.242 195.122.12.242
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mareks\AppData\Roaming\Mozilla\Firefox\Profiles\qgluk588.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\system32\drivers\anvsnddrv.sys --> C:\Windows\system32\drivers\anvsnddrv.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PAC207;Trust WB-1400T Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\DRIVERS\massfilter.sys --> C:\Windows\system32\DRIVERS\massfilter.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys --> C:\Windows\system32\DRIVERS\ZTEusbnet.sys [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
.
=============== Created Last 30 ================
.
2012-07-24 12:56:19 -------- d-----w- C:\Users\Mareks\AppData\Roaming\Malwarebytes
2012-07-24 12:56:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-24 12:56:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-24 12:56:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 10:04:27 -------- d-----w- C:\_OTL
2012-07-23 09:22:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-22 13:15:49 -------- d-----w- C:\Users\Mareks\AppData\Roaming\NVIDIA
2012-07-21 13:39:33 -------- d-----w- C:\Users\Mareks\AppData\Local\Macromedia
2012-07-21 13:23:25 -------- d-----w- C:\Users\Mareks\AppData\Local\Deployment
2012-07-21 13:18:00 -------- d-----w- C:\Users\Mareks\AppData\Local\Mozilla
2012-07-21 13:16:10 -------- d-----w- C:\Users\Mareks\AppData\Roaming\Mnemosyne
2012-07-21 13:16:08 -------- d-----w- C:\Users\Mareks\.matplotlib
2012-07-21 13:09:52 -------- d-----w- C:\Users\Mareks\AppData\Roaming\Foxit Software
2012-07-21 13:06:01 -------- d-----w- C:\Users\Mareks\AppData\Local\Apps
2012-07-21 13:04:29 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-21 12:33:03 -------- d-----w- C:\Users\Mareks\AppData\Local\Adobe
2012-07-13 14:48:49 -------- d-----w- C:\ProgramData\Blumentals
2012-07-13 14:48:21 -------- d-----w- C:\Program Files (x86)\Easy GIF Animator
2012-07-02 23:37:54 -------- d-----w- C:\Program Files (x86)\Citrix
2012-07-01 20:18:28 -------- d-----w- C:\Program Files (x86)\Mnemosyne
.
==================== Find3M ====================
.
2012-07-23 10:39:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 10:39:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 22:24:24 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-31 22:24:24 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-31 22:24:24 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-31 22:24:24 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 16:38:08,65 ===============
Attached File  Attach.txt   8.27KB   1 downloads

Edited by Marekso, 24 July 2012 - 10:23 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 25 July 2012 - 02:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 25 July 2012 - 03:05 AM

When I tried running combofix, it extracted all the files but then nothing happened (the malware i have must be in-process, preventing me from launching combofix appropriately). I did however manage to run the security check and these are the results.

Securitycheck log:


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 3
Java version out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 25 July 2012 - 03:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 25 July 2012 - 03:55 AM

Okay, one thing I forgot to mention in the first post - I already ran TDSSkiller yesterday and it DID find 2 rootkits, but I also ran the TDSSkiller today and it found nothing so I will be posting BOTH reports (from yesterday and today but the important log is probably the one that found the 2 malware and cured it yesterday)

TDSSkiller report from yesterday

14:51:49.0755 3488 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:51:49.0911 3488 ============================================================
14:51:49.0911 3488 Current date / time: 2012/07/24 14:51:49.0911
14:51:49.0911 3488 SystemInfo:
14:51:49.0911 3488
14:51:49.0911 3488 OS Version: 6.1.7601 ServicePack: 1.0
14:51:49.0911 3488 Product type: Workstation
14:51:49.0911 3488 ComputerName: PC
14:51:49.0911 3488 UserName: User
14:51:49.0911 3488 Windows directory: C:\Windows
14:51:49.0911 3488 System windows directory: C:\Windows
14:51:49.0911 3488 Running under WOW64
14:51:49.0911 3488 Processor architecture: Intel x64
14:51:49.0911 3488 Number of processors: 2
14:51:49.0911 3488 Page size: 0x1000
14:51:49.0911 3488 Boot type: Normal boot
14:51:49.0911 3488 ============================================================
14:51:51.0018 3488 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:51.0034 3488 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FAE7E00 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3E08, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:51:51.0050 3488 ============================================================
14:51:51.0050 3488 \Device\Harddisk1\DR1:
14:51:51.0050 3488 MBR partitions:
14:51:51.0050 3488 \Device\Harddisk0\DR0:
14:51:51.0050 3488 MBR partitions:
14:51:51.0050 3488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:51:51.0050 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4CA000
14:51:51.0050 3488 ============================================================
14:51:51.0081 3488 C: <-> \Device\Harddisk0\DR0\Partition1
14:51:51.0081 3488 ============================================================
14:51:51.0081 3488 Initialize success
14:51:51.0081 3488 ============================================================
14:51:52.0683 3820 ============================================================
14:51:52.0683 3820 Scan started
14:51:52.0683 3820 Mode: Manual;
14:51:52.0683 3820 ============================================================
14:51:55.0798 3820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:51:55.0814 3820 1394ohci - ok
14:51:55.0845 3820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:51:55.0861 3820 ACPI - ok
14:51:55.0876 3820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:51:55.0876 3820 AcpiPmi - ok
14:51:55.0954 3820 AdobeARMservice - ok
14:51:56.0095 3820 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:56.0110 3820 AdobeFlashPlayerUpdateSvc - ok
14:51:56.0166 3820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:51:56.0176 3820 adp94xx - ok
14:51:56.0226 3820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:51:56.0236 3820 adpahci - ok
14:51:56.0266 3820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:51:56.0276 3820 adpu320 - ok
14:51:56.0306 3820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:51:56.0316 3820 AeLookupSvc - ok
14:51:56.0386 3820 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:51:56.0406 3820 AFD - ok
14:51:56.0436 3820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:51:56.0446 3820 agp440 - ok
14:51:56.0476 3820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:51:56.0476 3820 ALG - ok
14:51:56.0496 3820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:51:56.0496 3820 aliide - ok
14:51:56.0516 3820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:51:56.0516 3820 amdide - ok
14:51:56.0536 3820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:51:56.0546 3820 AmdK8 - ok
14:51:56.0576 3820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:51:56.0576 3820 AmdPPM - ok
14:51:56.0596 3820 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
14:51:56.0596 3820 amdsata - ok
14:51:56.0636 3820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:51:56.0646 3820 amdsbs - ok
14:51:56.0666 3820 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
14:51:56.0676 3820 amdxata - ok
14:51:56.0716 3820 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:51:56.0716 3820 androidusb - ok
14:51:56.0766 3820 anvsnddrv (e71711d37c48ac40fd3e2866a5abba51) C:\Windows\system32\drivers\anvsnddrv.sys
14:51:56.0776 3820 anvsnddrv - ok
14:51:56.0816 3820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:51:56.0816 3820 AppID - ok
14:51:56.0846 3820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:51:56.0856 3820 AppIDSvc - ok
14:51:56.0896 3820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:51:56.0896 3820 Appinfo - ok
14:51:56.0956 3820 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:51:56.0966 3820 AppMgmt - ok
14:51:56.0986 3820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:51:56.0986 3820 arc - ok
14:51:57.0006 3820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:51:57.0016 3820 arcsas - ok
14:51:57.0156 3820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:51:57.0216 3820 aspnet_state - ok
14:51:57.0266 3820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:57.0276 3820 AsyncMac - ok
14:51:57.0306 3820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:51:57.0306 3820 atapi - ok
14:51:57.0376 3820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:51:57.0406 3820 AudioEndpointBuilder - ok
14:51:57.0416 3820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:51:57.0416 3820 AudioSrv - ok
14:51:57.0436 3820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:51:57.0446 3820 AxInstSV - ok
14:51:57.0496 3820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:51:57.0506 3820 b06bdrv - ok
14:51:57.0546 3820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:51:57.0556 3820 b57nd60a - ok
14:51:57.0586 3820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:51:57.0586 3820 BDESVC - ok
14:51:57.0616 3820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:51:57.0616 3820 Beep - ok
14:51:57.0646 3820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:51:57.0656 3820 blbdrive - ok
14:51:57.0696 3820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:51:57.0706 3820 bowser - ok
14:51:57.0726 3820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:51:57.0726 3820 BrFiltLo - ok
14:51:57.0736 3820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:51:57.0736 3820 BrFiltUp - ok
14:51:57.0756 3820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:51:57.0766 3820 Browser - ok
14:51:57.0796 3820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:51:57.0806 3820 Brserid - ok
14:51:57.0816 3820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:51:57.0826 3820 BrSerWdm - ok
14:51:57.0836 3820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:51:57.0836 3820 BrUsbMdm - ok
14:51:57.0856 3820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:51:57.0856 3820 BrUsbSer - ok
14:51:57.0876 3820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:51:57.0886 3820 BTHMODEM - ok
14:51:57.0896 3820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:51:57.0906 3820 bthserv - ok
14:51:57.0936 3820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:51:57.0946 3820 cdfs - ok
14:51:57.0986 3820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:51:57.0996 3820 cdrom - ok
14:51:58.0036 3820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:51:58.0046 3820 CertPropSvc - ok
14:51:58.0066 3820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:51:58.0076 3820 circlass - ok
14:51:58.0106 3820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:51:58.0126 3820 CLFS - ok
14:51:58.0192 3820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:58.0207 3820 clr_optimization_v2.0.50727_32 - ok
14:51:58.0254 3820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:51:58.0270 3820 clr_optimization_v2.0.50727_64 - ok
14:51:58.0363 3820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:58.0472 3820 clr_optimization_v4.0.30319_32 - ok
14:51:58.0504 3820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:51:58.0519 3820 clr_optimization_v4.0.30319_64 - ok
14:51:58.0550 3820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:51:58.0550 3820 CmBatt - ok
14:51:58.0582 3820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:51:58.0582 3820 cmdide - ok
14:51:58.0628 3820 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:51:58.0644 3820 CNG - ok
14:51:58.0660 3820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:51:58.0660 3820 Compbatt - ok
14:51:58.0706 3820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:51:58.0706 3820 CompositeBus - ok
14:51:58.0722 3820 COMSysApp - ok
14:51:58.0738 3820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:51:58.0753 3820 crcdisk - ok
14:51:58.0784 3820 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:51:58.0800 3820 CryptSvc - ok
14:51:58.0862 3820 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:51:58.0878 3820 CSC - ok
14:51:58.0940 3820 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:51:58.0956 3820 CscService - ok
14:51:59.0018 3820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:51:59.0065 3820 DcomLaunch - ok
14:51:59.0128 3820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:51:59.0159 3820 defragsvc - ok
14:51:59.0221 3820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:51:59.0221 3820 DfsC - ok
14:51:59.0284 3820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:51:59.0299 3820 Dhcp - ok
14:51:59.0330 3820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:51:59.0330 3820 discache - ok
14:51:59.0362 3820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:51:59.0377 3820 Disk - ok
14:51:59.0408 3820 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:51:59.0424 3820 dmvsc - ok
14:51:59.0455 3820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:51:59.0455 3820 Dnscache - ok
14:51:59.0486 3820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:51:59.0502 3820 dot3svc - ok
14:51:59.0549 3820 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:51:59.0564 3820 Dot4 - ok
14:51:59.0580 3820 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:51:59.0580 3820 Dot4Print - ok
14:51:59.0596 3820 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:51:59.0611 3820 dot4usb - ok
14:51:59.0642 3820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:51:59.0658 3820 DPS - ok
14:51:59.0689 3820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:51:59.0689 3820 drmkaud - ok
14:51:59.0736 3820 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:51:59.0736 3820 dtsoftbus01 - ok
14:51:59.0814 3820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:51:59.0845 3820 DXGKrnl - ok
14:51:59.0861 3820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:51:59.0876 3820 EapHost - ok
14:52:00.0032 3820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:52:00.0157 3820 ebdrv - ok
14:52:00.0251 3820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:52:00.0266 3820 EFS - ok
14:52:00.0344 3820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:52:00.0376 3820 ehRecvr - ok
14:52:00.0391 3820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:52:00.0407 3820 ehSched - ok
14:52:00.0485 3820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:52:00.0516 3820 elxstor - ok
14:52:00.0532 3820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:52:00.0532 3820 ErrDev - ok
14:52:00.0656 3820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:52:00.0688 3820 EventSystem - ok
14:52:00.0719 3820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:52:00.0719 3820 exfat - ok
14:52:00.0750 3820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:52:00.0766 3820 fastfat - ok
14:52:00.0828 3820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:52:00.0859 3820 Fax - ok
14:52:00.0875 3820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:52:00.0890 3820 fdc - ok
14:52:00.0890 3820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:52:00.0906 3820 fdPHost - ok
14:52:00.0906 3820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:52:00.0922 3820 FDResPub - ok
14:52:00.0937 3820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:52:00.0953 3820 FileInfo - ok
14:52:00.0953 3820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:52:00.0968 3820 Filetrace - ok
14:52:00.0984 3820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:00.0984 3820 flpydisk - ok
14:52:01.0015 3820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:52:01.0031 3820 FltMgr - ok
14:52:01.0093 3820 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:52:01.0109 3820 FontCache - ok
14:52:01.0202 3820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:01.0218 3820 FontCache3.0.0.0 - ok
14:52:01.0265 3820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:52:01.0265 3820 FsDepends - ok
14:52:01.0280 3820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:52:01.0296 3820 Fs_Rec - ok
14:52:01.0327 3820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:52:01.0343 3820 fvevol - ok
14:52:01.0358 3820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:52:01.0374 3820 gagp30kx - ok
14:52:01.0421 3820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:52:01.0452 3820 gpsvc - ok
14:52:01.0468 3820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:52:01.0468 3820 hcw85cir - ok
14:52:01.0530 3820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:52:01.0546 3820 HdAudAddService - ok
14:52:01.0577 3820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:01.0592 3820 HDAudBus - ok
14:52:01.0592 3820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:52:01.0608 3820 HidBatt - ok
14:52:01.0624 3820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:52:01.0639 3820 HidBth - ok
14:52:01.0655 3820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:52:01.0655 3820 HidIr - ok
14:52:01.0670 3820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:52:01.0686 3820 hidserv - ok
14:52:01.0733 3820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:52:01.0748 3820 HidUsb - ok
14:52:01.0780 3820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:52:01.0795 3820 hkmsvc - ok
14:52:01.0842 3820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:52:01.0858 3820 HomeGroupListener - ok
14:52:01.0889 3820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:52:01.0904 3820 HomeGroupProvider - ok
14:52:02.0045 3820 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:52:02.0045 3820 hpqcxs08 - ok
14:52:02.0076 3820 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:52:02.0092 3820 hpqddsvc - ok
14:52:02.0123 3820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:52:02.0138 3820 HpSAMD - ok
14:52:02.0201 3820 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:52:02.0232 3820 HPSLPSVC - ok
14:52:02.0279 3820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:52:02.0294 3820 HTTP - ok
14:52:02.0310 3820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:52:02.0310 3820 hwpolicy - ok
14:52:02.0341 3820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:02.0357 3820 i8042prt - ok
14:52:02.0404 3820 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
14:52:02.0435 3820 iaStorV - ok
14:52:02.0622 3820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:02.0653 3820 idsvc - ok
14:52:02.0669 3820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:52:02.0684 3820 iirsp - ok
14:52:02.0747 3820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:52:02.0778 3820 IKEEXT - ok
14:52:02.0809 3820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:52:02.0809 3820 intelide - ok
14:52:02.0840 3820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:52:02.0840 3820 intelppm - ok
14:52:02.0856 3820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:52:02.0872 3820 IPBusEnum - ok
14:52:02.0887 3820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:02.0887 3820 IpFilterDriver - ok
14:52:02.0934 3820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:52:02.0934 3820 IPMIDRV - ok
14:52:02.0950 3820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:52:02.0965 3820 IPNAT - ok
14:52:02.0981 3820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:52:02.0981 3820 IRENUM - ok
14:52:02.0996 3820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:52:03.0012 3820 isapnp - ok
14:52:03.0043 3820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:52:03.0090 3820 iScsiPrt - ok
14:52:03.0121 3820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:03.0121 3820 kbdclass - ok
14:52:03.0168 3820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:52:03.0168 3820 kbdhid - ok
14:52:03.0199 3820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:03.0199 3820 KeyIso - ok
14:52:03.0215 3820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:52:03.0230 3820 KSecDD - ok
14:52:03.0246 3820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:52:03.0246 3820 KSecPkg - ok
14:52:03.0277 3820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:52:03.0277 3820 ksthunk - ok
14:52:03.0308 3820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:52:03.0386 3820 KtmRm - ok
14:52:03.0433 3820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:52:03.0449 3820 LanmanServer - ok
14:52:03.0480 3820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:52:03.0496 3820 LanmanWorkstation - ok
14:52:03.0527 3820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:03.0542 3820 lltdio - ok
14:52:03.0574 3820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:52:03.0589 3820 lltdsvc - ok
14:52:03.0605 3820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:52:03.0620 3820 lmhosts - ok
14:52:03.0652 3820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:52:03.0667 3820 LSI_FC - ok
14:52:03.0683 3820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:52:03.0683 3820 LSI_SAS - ok
14:52:03.0698 3820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:52:03.0698 3820 LSI_SAS2 - ok
14:52:03.0714 3820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:52:03.0730 3820 LSI_SCSI - ok
14:52:03.0761 3820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:52:03.0761 3820 luafv - ok
14:52:03.0808 3820 massfilter (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys
14:52:03.0808 3820 massfilter - ok
14:52:03.0854 3820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:52:03.0854 3820 Mcx2Svc - ok
14:52:03.0870 3820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:52:03.0886 3820 megasas - ok
14:52:03.0901 3820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:52:03.0917 3820 MegaSR - ok
14:52:03.0995 3820 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:52:03.0995 3820 Microsoft Office Groove Audit Service - ok
14:52:04.0026 3820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:04.0042 3820 MMCSS - ok
14:52:04.0057 3820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:52:04.0057 3820 Modem - ok
14:52:04.0088 3820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:52:04.0088 3820 monitor - ok
14:52:04.0120 3820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:52:04.0120 3820 mouclass - ok
14:52:04.0182 3820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:04.0182 3820 mouhid - ok
14:52:04.0198 3820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:52:04.0198 3820 mountmgr - ok
14:52:04.0279 3820 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:52:04.0289 3820 MozillaMaintenance - ok
14:52:04.0309 3820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:52:04.0319 3820 mpio - ok
14:52:04.0339 3820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:52:04.0349 3820 mpsdrv - ok
14:52:04.0379 3820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:52:04.0389 3820 MRxDAV - ok
14:52:04.0419 3820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:04.0439 3820 mrxsmb - ok
14:52:04.0469 3820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:04.0489 3820 mrxsmb10 - ok
14:52:04.0509 3820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:04.0519 3820 mrxsmb20 - ok
14:52:04.0539 3820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:52:04.0539 3820 msahci - ok
14:52:04.0569 3820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:52:04.0579 3820 msdsm - ok
14:52:04.0609 3820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:52:04.0619 3820 MSDTC - ok
14:52:04.0649 3820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:52:04.0659 3820 Msfs - ok
14:52:04.0689 3820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:52:04.0689 3820 mshidkmdf - ok
14:52:04.0709 3820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:52:04.0709 3820 msisadrv - ok
14:52:04.0739 3820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:52:04.0759 3820 MSiSCSI - ok
14:52:04.0759 3820 msiserver - ok
14:52:04.0799 3820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:04.0799 3820 MSKSSRV - ok
14:52:04.0809 3820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:04.0809 3820 MSPCLOCK - ok
14:52:04.0829 3820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:52:04.0829 3820 MSPQM - ok
14:52:04.0849 3820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:52:04.0869 3820 MsRPC - ok
14:52:04.0919 3820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:04.0919 3820 mssmbios - ok
14:52:04.0939 3820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:52:04.0939 3820 MSTEE - ok
14:52:04.0959 3820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:52:04.0959 3820 MTConfig - ok
14:52:04.0979 3820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:52:04.0979 3820 Mup - ok
14:52:05.0029 3820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:52:05.0049 3820 napagent - ok
14:52:05.0099 3820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:05.0119 3820 NativeWifiP - ok
14:52:05.0179 3820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:52:05.0199 3820 NDIS - ok
14:52:05.0219 3820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:05.0229 3820 NdisCap - ok
14:52:05.0259 3820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:05.0269 3820 NdisTapi - ok
14:52:05.0309 3820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:05.0319 3820 Ndisuio - ok
14:52:05.0339 3820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:05.0349 3820 NdisWan - ok
14:52:05.0369 3820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:52:05.0369 3820 NDProxy - ok
14:52:05.0409 3820 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
14:52:05.0419 3820 Net Driver HPZ12 - ok
14:52:05.0439 3820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:52:05.0439 3820 NetBIOS - ok
14:52:05.0479 3820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:52:05.0489 3820 NetBT - ok
14:52:05.0519 3820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:05.0519 3820 Netlogon - ok
14:52:05.0569 3820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:52:05.0579 3820 Netman - ok
14:52:05.0699 3820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:05.0749 3820 NetMsmqActivator - ok
14:52:05.0759 3820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:05.0759 3820 NetPipeActivator - ok
14:52:05.0889 3820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:52:05.0899 3820 netprofm - ok
14:52:05.0989 3820 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
14:52:06.0009 3820 netr7364 - ok
14:52:06.0109 3820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:06.0109 3820 NetTcpActivator - ok
14:52:06.0119 3820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:06.0119 3820 NetTcpPortSharing - ok
14:52:06.0169 3820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:52:06.0169 3820 nfrd960 - ok
14:52:06.0279 3820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:52:06.0294 3820 NlaSvc - ok
14:52:06.0310 3820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:52:06.0310 3820 Npfs - ok
14:52:06.0326 3820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:52:06.0341 3820 nsi - ok
14:52:06.0357 3820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:52:06.0357 3820 nsiproxy - ok
14:52:06.0466 3820 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
14:52:06.0513 3820 Ntfs - ok
14:52:06.0684 3820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:52:06.0684 3820 Null - ok
14:52:07.0605 3820 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:07.0964 3820 nvlddmkm - ok
14:52:08.0088 3820 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
14:52:08.0104 3820 nvraid - ok
14:52:08.0135 3820 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
14:52:08.0135 3820 nvstor - ok
14:52:08.0229 3820 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
14:52:08.0260 3820 nvsvc - ok
14:52:08.0338 3820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:52:08.0338 3820 nv_agp - ok
14:52:08.0447 3820 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:52:08.0478 3820 odserv - ok
14:52:08.0478 3820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:52:08.0494 3820 ohci1394 - ok
14:52:08.0572 3820 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:08.0572 3820 ose - ok
14:52:08.0650 3820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:08.0666 3820 p2pimsvc - ok
14:52:08.0712 3820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:52:08.0728 3820 p2psvc - ok
14:52:08.0822 3820 PAC207 (9e2e0723a36e4fdaa6b5e49fbfc0f859) C:\Windows\system32\DRIVERS\PFC027.SYS
14:52:08.0837 3820 PAC207 - ok
14:52:08.0884 3820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:52:08.0900 3820 Parport - ok
14:52:08.0915 3820 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:52:08.0931 3820 partmgr - ok
14:52:08.0946 3820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:52:08.0962 3820 PcaSvc - ok
14:52:08.0978 3820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:52:08.0993 3820 pci - ok
14:52:09.0009 3820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:52:09.0009 3820 pciide - ok
14:52:09.0040 3820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:52:09.0040 3820 pcmcia - ok
14:52:09.0071 3820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:52:09.0071 3820 pcw - ok
14:52:09.0118 3820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:52:09.0134 3820 PEAUTH - ok
14:52:09.0212 3820 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:52:09.0258 3820 PeerDistSvc - ok
14:52:09.0321 3820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:52:09.0336 3820 PerfHost - ok
14:52:09.0461 3820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:52:09.0508 3820 pla - ok
14:52:09.0586 3820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:52:09.0602 3820 PlugPlay - ok
14:52:09.0664 3820 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
14:52:09.0664 3820 Pml Driver HPZ12 - ok
14:52:09.0680 3820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:52:09.0695 3820 PNRPAutoReg - ok
14:52:09.0726 3820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:09.0726 3820 PNRPsvc - ok
14:52:09.0773 3820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:52:09.0804 3820 PolicyAgent - ok
14:52:09.0836 3820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:52:09.0836 3820 Power - ok
14:52:09.0914 3820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:09.0914 3820 PptpMiniport - ok
14:52:09.0945 3820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:52:09.0960 3820 Processor - ok
14:52:09.0992 3820 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:52:09.0992 3820 ProfSvc - ok
14:52:10.0023 3820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:10.0023 3820 ProtectedStorage - ok
14:52:10.0054 3820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:52:10.0054 3820 Psched - ok
14:52:10.0148 3820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:52:10.0194 3820 ql2300 - ok
14:52:10.0272 3820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:52:10.0288 3820 ql40xx - ok
14:52:10.0319 3820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:52:10.0335 3820 QWAVE - ok
14:52:10.0350 3820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:52:10.0366 3820 QWAVEdrv - ok
14:52:10.0366 3820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:10.0366 3820 RasAcd - ok
14:52:10.0413 3820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:10.0428 3820 RasAgileVpn - ok
14:52:10.0444 3820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:52:10.0460 3820 RasAuto - ok
14:52:10.0475 3820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:10.0491 3820 Rasl2tp - ok
14:52:10.0538 3820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:52:10.0553 3820 RasMan - ok
14:52:10.0584 3820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:10.0584 3820 RasPppoe - ok
14:52:10.0600 3820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:10.0600 3820 RasSstp - ok
14:52:10.0631 3820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:10.0647 3820 rdbss - ok
14:52:10.0662 3820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:10.0678 3820 rdpbus - ok
14:52:10.0678 3820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:10.0678 3820 RDPCDD - ok
14:52:10.0709 3820 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:52:10.0725 3820 RDPDR - ok
14:52:10.0740 3820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:52:10.0740 3820 RDPENCDD - ok
14:52:10.0756 3820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:52:10.0756 3820 RDPREFMP - ok
14:52:10.0787 3820 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:52:10.0803 3820 RdpVideoMiniport - ok
14:52:10.0834 3820 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:52:10.0834 3820 RDPWD - ok
14:52:10.0865 3820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:52:10.0881 3820 rdyboost - ok
14:52:10.0928 3820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:52:10.0928 3820 RemoteAccess - ok
14:52:10.0959 3820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:52:10.0974 3820 RemoteRegistry - ok
14:52:11.0037 3820 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
14:52:11.0037 3820 RivaTuner64 - ok
14:52:11.0068 3820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:52:11.0084 3820 RpcEptMapper - ok
14:52:11.0099 3820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:52:11.0099 3820 RpcLocator - ok
14:52:11.0146 3820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:11.0162 3820 RpcSs - ok
14:52:11.0193 3820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:11.0193 3820 rspndr - ok
14:52:11.0255 3820 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
14:52:11.0271 3820 RTL8023x64 - ok
14:52:11.0364 3820 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:52:11.0380 3820 RTL8167 - ok
14:52:11.0411 3820 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:52:11.0411 3820 s3cap - ok
14:52:11.0442 3820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:11.0458 3820 SamSs - ok
14:52:11.0474 3820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:52:11.0489 3820 sbp2port - ok
14:52:11.0520 3820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:52:11.0552 3820 SCardSvr - ok
14:52:11.0567 3820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:52:11.0567 3820 scfilter - ok
14:52:11.0645 3820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:52:11.0676 3820 Schedule - ok
14:52:11.0708 3820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:11.0708 3820 SCPolicySvc - ok
14:52:11.0754 3820 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
14:52:11.0770 3820 ScreamBAudioSvc - ok
14:52:11.0801 3820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:52:11.0817 3820 SDRSVC - ok
14:52:11.0832 3820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:52:11.0832 3820 secdrv - ok
14:52:11.0848 3820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:52:11.0864 3820 seclogon - ok
14:52:11.0879 3820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:52:11.0879 3820 SENS - ok
14:52:11.0910 3820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:52:11.0926 3820 SensrSvc - ok
14:52:11.0942 3820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:52:11.0942 3820 Serenum - ok
14:52:11.0973 3820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:52:11.0973 3820 Serial - ok
14:52:11.0988 3820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:52:12.0004 3820 sermouse - ok
14:52:12.0066 3820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:52:12.0082 3820 SessionEnv - ok
14:52:12.0098 3820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:52:12.0098 3820 sffdisk - ok
14:52:12.0113 3820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:12.0113 3820 sffp_mmc - ok
14:52:12.0160 3820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:52:12.0160 3820 sffp_sd - ok
14:52:12.0176 3820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:52:12.0176 3820 sfloppy - ok
14:52:12.0222 3820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:12.0242 3820 ShellHWDetection - ok
14:52:12.0272 3820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:52:12.0272 3820 SiSRaid2 - ok
14:52:12.0292 3820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:52:12.0302 3820 SiSRaid4 - ok
14:52:12.0402 3820 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:52:12.0412 3820 SkypeUpdate - ok
14:52:12.0462 3820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:12.0472 3820 Smb - ok
14:52:12.0522 3820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:12.0522 3820 SNMPTRAP - ok
14:52:12.0532 3820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:12.0532 3820 spldr - ok
14:52:12.0572 3820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:12.0592 3820 Spooler - ok
14:52:12.0842 3820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:12.0942 3820 sppsvc - ok
14:52:13.0042 3820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:13.0052 3820 sppuinotify - ok
14:52:13.0132 3820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:13.0182 3820 srv - ok
14:52:13.0212 3820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:13.0262 3820 srv2 - ok
14:52:13.0302 3820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:13.0312 3820 srvnet - ok
14:52:13.0362 3820 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:52:13.0372 3820 ssadbus - ok
14:52:13.0402 3820 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:52:13.0402 3820 ssadmdfl - ok
14:52:13.0432 3820 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:52:13.0452 3820 ssadmdm - ok
14:52:13.0502 3820 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:52:13.0512 3820 ssadserd - ok
14:52:13.0562 3820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:13.0572 3820 SSDPSRV - ok
14:52:13.0622 3820 ssm_bus (8e1b485aebf4743f05b4fb162f6ed430) C:\Windows\system32\DRIVERS\ssm_bus.sys
14:52:13.0632 3820 ssm_bus - ok
14:52:13.0712 3820 ssm_mdfl (1dfdee4a0e168b6362a6a0778eafdb55) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
14:52:13.0712 3820 ssm_mdfl - ok
14:52:13.0742 3820 ssm_mdm (1ffcc272f19bd84596378780f5c9843d) C:\Windows\system32\DRIVERS\ssm_mdm.sys
14:52:13.0752 3820 ssm_mdm - ok
14:52:13.0772 3820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:13.0782 3820 SstpSvc - ok
14:52:13.0912 3820 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:52:13.0922 3820 Stereo Service - ok
14:52:13.0952 3820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:52:13.0962 3820 stexstor - ok
14:52:14.0032 3820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:14.0052 3820 stisvc - ok
14:52:14.0082 3820 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:52:14.0082 3820 storflt - ok
14:52:14.0122 3820 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:52:14.0132 3820 storvsc - ok
14:52:14.0152 3820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:52:14.0162 3820 swenum - ok
14:52:14.0202 3820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:14.0222 3820 swprv - ok
14:52:14.0252 3820 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
14:52:14.0262 3820 Synth3dVsc - ok
14:52:14.0350 3820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:14.0413 3820 SysMain - ok
14:52:14.0491 3820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:14.0506 3820 TabletInputService - ok
14:52:14.0538 3820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:14.0553 3820 TapiSrv - ok
14:52:14.0584 3820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:14.0584 3820 TBS - ok
14:52:14.0772 3820 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:52:14.0818 3820 Tcpip - ok
14:52:15.0006 3820 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:15.0021 3820 TCPIP6 - ok
14:52:15.0349 3820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:15.0349 3820 tcpipreg - ok
14:52:15.0380 3820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:15.0380 3820 TDPIPE - ok
14:52:15.0396 3820 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:52:15.0396 3820 TDTCP - ok
14:52:15.0411 3820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:15.0427 3820 tdx - ok
14:52:15.0645 3820 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:52:15.0739 3820 TeamViewer7 - ok
14:52:15.0817 3820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:52:15.0817 3820 TermDD - ok
14:52:15.0848 3820 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:52:15.0848 3820 terminpt - ok
14:52:15.0910 3820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:15.0942 3820 TermService - ok
14:52:15.0957 3820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:15.0973 3820 Themes - ok
14:52:15.0988 3820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:15.0988 3820 THREADORDER - ok
14:52:16.0020 3820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:16.0035 3820 TrkWks - ok
14:52:16.0066 3820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:16.0082 3820 TrustedInstaller - ok
14:52:16.0098 3820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:16.0113 3820 tssecsrv - ok
14:52:16.0113 3820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:16.0129 3820 TsUsbFlt - ok
14:52:16.0129 3820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:52:16.0144 3820 TsUsbGD - ok
14:52:16.0176 3820 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:52:16.0191 3820 tsusbhub - ok
14:52:16.0222 3820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:16.0238 3820 tunnel - ok
14:52:16.0254 3820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:52:16.0269 3820 uagp35 - ok
14:52:16.0300 3820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:16.0316 3820 udfs - ok
14:52:16.0347 3820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:16.0347 3820 UI0Detect - ok
14:52:16.0363 3820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:16.0378 3820 uliagpkx - ok
14:52:16.0425 3820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:16.0425 3820 umbus - ok
14:52:16.0441 3820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:52:16.0441 3820 UmPass - ok
14:52:16.0488 3820 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:52:16.0503 3820 UmRdpService - ok
14:52:16.0534 3820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:16.0550 3820 upnphost - ok
14:52:16.0566 3820 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:16.0581 3820 usbccgp - ok
14:52:16.0597 3820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:16.0612 3820 usbcir - ok
14:52:16.0612 3820 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
14:52:16.0628 3820 usbehci - ok
14:52:16.0690 3820 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:16.0706 3820 usbhub - ok
14:52:16.0722 3820 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:52:16.0722 3820 usbohci - ok
14:52:16.0753 3820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:52:16.0753 3820 usbprint - ok
14:52:16.0784 3820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:52:16.0800 3820 usbscan - ok
14:52:16.0815 3820 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:16.0831 3820 USBSTOR - ok
14:52:16.0846 3820 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
14:52:16.0846 3820 usbuhci - ok
14:52:16.0893 3820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:16.0940 3820 UxSms - ok
14:52:17.0002 3820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:17.0002 3820 VaultSvc - ok
14:52:17.0034 3820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:17.0034 3820 vdrvroot - ok
14:52:17.0080 3820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:17.0143 3820 vds - ok
14:52:17.0174 3820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:17.0190 3820 vga - ok
14:52:17.0221 3820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:17.0221 3820 VgaSave - ok
14:52:17.0236 3820 VGPU - ok
14:52:17.0268 3820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:17.0283 3820 vhdmp - ok
14:52:17.0314 3820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:17.0314 3820 viaide - ok
14:52:17.0346 3820 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:52:17.0361 3820 vmbus - ok
14:52:17.0377 3820 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:52:17.0392 3820 VMBusHID - ok
14:52:17.0408 3820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:17.0408 3820 volmgr - ok
14:52:17.0439 3820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:17.0455 3820 volmgrx - ok
14:52:17.0502 3820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:17.0517 3820 volsnap - ok
14:52:17.0564 3820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:52:17.0580 3820 vsmraid - ok
14:52:17.0689 3820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:17.0736 3820 VSS - ok
14:52:17.0845 3820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:17.0845 3820 vwifibus - ok
14:52:17.0876 3820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:17.0876 3820 vwififlt - ok
14:52:17.0907 3820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:17.0938 3820 W32Time - ok
14:52:17.0970 3820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:52:17.0970 3820 WacomPen - ok
14:52:18.0016 3820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:18.0016 3820 WANARP - ok
14:52:18.0032 3820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:18.0032 3820 Wanarpv6 - ok
14:52:18.0110 3820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:18.0141 3820 WatAdminSvc - ok
14:52:18.0219 3820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:18.0250 3820 wbengine - ok
14:52:18.0344 3820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:18.0360 3820 WbioSrvc - ok
14:52:18.0391 3820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:18.0406 3820 wcncsvc - ok
14:52:18.0422 3820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:18.0422 3820 WcsPlugInService - ok
14:52:18.0484 3820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:52:18.0484 3820 Wd - ok
14:52:18.0547 3820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:18.0578 3820 Wdf01000 - ok
14:52:18.0609 3820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:18.0609 3820 WdiServiceHost - ok
14:52:18.0625 3820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:18.0625 3820 WdiSystemHost - ok
14:52:18.0640 3820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:18.0656 3820 WebClient - ok
14:52:18.0672 3820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:18.0687 3820 Wecsvc - ok
14:52:18.0703 3820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:18.0718 3820 wercplsupport - ok
14:52:18.0734 3820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:18.0734 3820 WerSvc - ok
14:52:18.0781 3820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:18.0781 3820 WfpLwf - ok
14:52:18.0812 3820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:18.0812 3820 WIMMount - ok
14:52:18.0828 3820 WinHttpAutoProxySvc - ok
14:52:18.0906 3820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:18.0921 3820 Winmgmt - ok
14:52:19.0046 3820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:19.0124 3820 WinRM - ok
14:52:19.0264 3820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:19.0280 3820 WinUsb - ok
14:52:19.0623 3820 WinVNC4 (a932840d03cb606af35090f2b8e0bb85) C:\Program Files (x86)\TigerVNC\winvnc4.exe
14:52:19.0764 3820 WinVNC4 - ok
14:52:19.0857 3820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:19.0873 3820 Wlansvc - ok
14:52:20.0107 3820 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:20.0185 3820 wlidsvc - ok
14:52:20.0310 3820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:20.0310 3820 WmiAcpi - ok
14:52:20.0356 3820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:20.0372 3820 wmiApSrv - ok
14:52:20.0434 3820 WMPNetworkSvc - ok
14:52:20.0466 3820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:20.0466 3820 WPCSvc - ok
14:52:20.0481 3820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:20.0497 3820 WPDBusEnum - ok
14:52:20.0512 3820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:20.0512 3820 ws2ifsl - ok
14:52:20.0528 3820 WSearch - ok
14:52:20.0544 3820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:20.0544 3820 WudfPf - ok
14:52:20.0590 3820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:20.0590 3820 WUDFRd - ok
14:52:20.0606 3820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:20.0622 3820 wudfsvc - ok
14:52:20.0637 3820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:20.0653 3820 WwanSvc - ok
14:52:20.0700 3820 ZTEusbmdm6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:52:20.0715 3820 ZTEusbmdm6k - ok
14:52:20.0746 3820 ZTEusbnet (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
14:52:20.0746 3820 ZTEusbnet - ok
14:52:20.0793 3820 ZTEusbnmea (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:52:20.0809 3820 ZTEusbnmea - ok
14:52:20.0887 3820 ZTEusbser6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:52:20.0902 3820 ZTEusbser6k - ok
14:52:20.0980 3820 ZTEusbvoice (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
14:52:20.0996 3820 ZTEusbvoice - ok
14:52:21.0027 3820 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:52:21.0027 3820 \Device\Harddisk1\DR1 - ok
14:52:21.0058 3820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:52:21.0417 3820 \Device\Harddisk0\DR0 - ok
14:52:21.0448 3820 Boot (0x1200) (4bfdc8ff9330cfadbe0ee101eb26bac7) \Device\Harddisk0\DR0\Partition0
14:52:21.0448 3820 \Device\Harddisk0\DR0\Partition0 - ok
14:52:21.0448 3820 Boot (0x1200) (7ce49a498b2f5324fd2c26732b94ebe9) \Device\Harddisk0\DR0\Partition1
14:52:21.0448 3820 \Device\Harddisk0\DR0\Partition1 - ok
14:52:21.0448 3820 ============================================================
14:52:21.0448 3820 Scan finished
14:52:21.0448 3820 ============================================================
14:52:21.0464 2976 Detected object count: 0
14:52:21.0464 2976 Actual detected object count: 0
14:52:28.0796 2076 ============================================================
14:52:28.0796 2076 Scan started
14:52:28.0796 2076 Mode: Manual; SigCheck; TDLFS;
14:52:28.0796 2076 ============================================================
14:52:29.0217 2076 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:52:29.0389 2076 1394ohci - ok
14:52:29.0420 2076 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:52:29.0436 2076 ACPI - ok
14:52:29.0451 2076 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:52:29.0545 2076 AcpiPmi - ok
14:52:29.0607 2076 AdobeARMservice - ok
14:52:29.0732 2076 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:29.0763 2076 AdobeFlashPlayerUpdateSvc - ok
14:52:29.0810 2076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:52:29.0826 2076 adp94xx - ok
14:52:29.0857 2076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:52:29.0857 2076 adpahci - ok
14:52:29.0872 2076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:52:29.0888 2076 adpu320 - ok
14:52:29.0919 2076 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:52:30.0075 2076 AeLookupSvc - ok
14:52:30.0122 2076 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:52:30.0169 2076 AFD - ok
14:52:30.0184 2076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:52:30.0200 2076 agp440 - ok
14:52:30.0216 2076 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:52:30.0262 2076 ALG - ok
14:52:30.0294 2076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:52:30.0309 2076 aliide - ok
14:52:30.0325 2076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:52:30.0325 2076 amdide - ok
14:52:30.0340 2076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:52:30.0372 2076 AmdK8 - ok
14:52:30.0387 2076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:52:30.0418 2076 AmdPPM - ok
14:52:30.0434 2076 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
14:52:30.0450 2076 amdsata - ok
14:52:30.0465 2076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:52:30.0481 2076 amdsbs - ok
14:52:30.0496 2076 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
14:52:30.0496 2076 amdxata - ok
14:52:30.0528 2076 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:52:30.0637 2076 androidusb - ok
14:52:30.0668 2076 anvsnddrv (e71711d37c48ac40fd3e2866a5abba51) C:\Windows\system32\drivers\anvsnddrv.sys
14:52:30.0668 2076 anvsnddrv - ok
14:52:30.0684 2076 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:52:30.0996 2076 AppID - ok
14:52:31.0074 2076 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:52:31.0136 2076 AppIDSvc - ok
14:52:31.0152 2076 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:52:31.0214 2076 Appinfo - ok
14:52:31.0245 2076 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:52:31.0276 2076 AppMgmt - ok
14:52:31.0292 2076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:52:31.0308 2076 arc - ok
14:52:31.0339 2076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:52:31.0339 2076 arcsas - ok
14:52:31.0432 2076 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:52:31.0448 2076 aspnet_state - ok
14:52:31.0464 2076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:31.0557 2076 AsyncMac - ok
14:52:31.0573 2076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:52:31.0573 2076 atapi - ok
14:52:31.0620 2076 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:31.0666 2076 AudioEndpointBuilder - ok
14:52:31.0666 2076 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:31.0698 2076 AudioSrv - ok
14:52:31.0713 2076 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:52:31.0760 2076 AxInstSV - ok
14:52:31.0807 2076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:52:31.0869 2076 b06bdrv - ok
14:52:31.0900 2076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:31.0932 2076 b57nd60a - ok
14:52:31.0947 2076 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:52:31.0994 2076 BDESVC - ok
14:52:32.0010 2076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:52:32.0072 2076 Beep - ok
14:52:32.0072 2076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:32.0119 2076 blbdrive - ok
14:52:32.0134 2076 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:52:32.0166 2076 bowser - ok
14:52:32.0181 2076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:52:32.0228 2076 BrFiltLo - ok
14:52:32.0244 2076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:52:32.0259 2076 BrFiltUp - ok
14:52:32.0275 2076 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:52:32.0322 2076 Browser - ok
14:52:32.0353 2076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:52:32.0415 2076 Brserid - ok
14:52:32.0446 2076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:32.0478 2076 BrSerWdm - ok
14:52:32.0493 2076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:32.0509 2076 BrUsbMdm - ok
14:52:32.0540 2076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:32.0571 2076 BrUsbSer - ok
14:52:32.0587 2076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:52:32.0618 2076 BTHMODEM - ok
14:52:32.0634 2076 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:52:32.0665 2076 bthserv - ok
14:52:32.0680 2076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:52:32.0712 2076 cdfs - ok
14:52:32.0743 2076 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:52:32.0758 2076 cdrom - ok
14:52:32.0774 2076 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:32.0821 2076 CertPropSvc - ok
14:52:32.0836 2076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:52:32.0852 2076 circlass - ok
14:52:32.0883 2076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:52:32.0899 2076 CLFS - ok
14:52:32.0961 2076 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:32.0977 2076 clr_optimization_v2.0.50727_32 - ok
14:52:33.0024 2076 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:33.0039 2076 clr_optimization_v2.0.50727_64 - ok
14:52:33.0102 2076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:33.0102 2076 clr_optimization_v4.0.30319_32 - ok
14:52:33.0133 2076 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:33.0148 2076 clr_optimization_v4.0.30319_64 - ok
14:52:33.0164 2076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:52:33.0195 2076 CmBatt - ok
14:52:33.0211 2076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:52:33.0211 2076 cmdide - ok
14:52:33.0258 2076 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:52:33.0304 2076 CNG - ok
14:52:33.0320 2076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:52:33.0320 2076 Compbatt - ok
14:52:33.0336 2076 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:52:33.0367 2076 CompositeBus - ok
14:52:33.0367 2076 COMSysApp - ok
14:52:33.0382 2076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:52:33.0398 2076 crcdisk - ok
14:52:33.0429 2076 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:52:33.0460 2076 CryptSvc - ok
14:52:33.0507 2076 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:52:33.0585 2076 CSC - ok
14:52:33.0632 2076 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:52:33.0663 2076 CscService - ok
14:52:33.0726 2076 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:33.0757 2076 DcomLaunch - ok
14:52:33.0788 2076 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:52:33.0835 2076 defragsvc - ok
14:52:33.0882 2076 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:52:33.0928 2076 DfsC - ok
14:52:33.0960 2076 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:52:34.0006 2076 Dhcp - ok
14:52:34.0022 2076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:52:34.0069 2076 discache - ok
14:52:34.0084 2076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:52:34.0084 2076 Disk - ok
14:52:34.0116 2076 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:52:34.0162 2076 dmvsc - ok
14:52:34.0209 2076 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:52:34.0272 2076 Dnscache - ok
14:52:34.0334 2076 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:52:34.0396 2076 dot3svc - ok
14:52:34.0428 2076 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:52:34.0459 2076 Dot4 - ok
14:52:34.0474 2076 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:52:34.0490 2076 Dot4Print - ok
14:52:34.0506 2076 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:52:34.0521 2076 dot4usb - ok
14:52:34.0552 2076 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:52:34.0584 2076 DPS - ok
14:52:34.0599 2076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:52:34.0630 2076 drmkaud - ok
14:52:34.0677 2076 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:52:34.0677 2076 dtsoftbus01 - ok
14:52:34.0755 2076 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:52:34.0771 2076 DXGKrnl - ok
14:52:34.0802 2076 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:52:34.0833 2076 EapHost - ok
14:52:35.0020 2076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:52:35.0052 2076 ebdrv - ok
14:52:35.0161 2076 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:52:35.0208 2076 EFS - ok
14:52:35.0317 2076 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:52:35.0379 2076 ehRecvr - ok
14:52:35.0410 2076 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:52:35.0426 2076 ehSched - ok
14:52:35.0504 2076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:52:35.0520 2076 elxstor - ok
14:52:35.0535 2076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:52:35.0551 2076 ErrDev - ok
14:52:35.0598 2076 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:52:35.0629 2076 EventSystem - ok
14:52:35.0660 2076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:52:35.0676 2076 exfat - ok
14:52:35.0707 2076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:52:35.0738 2076 fastfat - ok
14:52:35.0800 2076 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:52:35.0847 2076 Fax - ok
14:52:35.0863 2076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:52:35.0894 2076 fdc - ok
14:52:35.0894 2076 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:52:35.0941 2076 fdPHost - ok
14:52:35.0956 2076 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:52:35.0972 2076 FDResPub - ok
14:52:36.0003 2076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:52:36.0003 2076 FileInfo - ok
14:52:36.0019 2076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:52:36.0066 2076 Filetrace - ok
14:52:36.0081 2076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:36.0097 2076 flpydisk - ok
14:52:36.0269 2076 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:52:36.0300 2076 FltMgr - ok
14:52:36.0362 2076 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:52:36.0409 2076 FontCache - ok
14:52:36.0518 2076 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:36.0534 2076 FontCache3.0.0.0 - ok
14:52:36.0581 2076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:52:36.0596 2076 FsDepends - ok
14:52:36.0612 2076 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:52:36.0627 2076 Fs_Rec - ok
14:52:36.0643 2076 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:52:36.0659 2076 fvevol - ok
14:52:36.0674 2076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:52:36.0690 2076 gagp30kx - ok
14:52:36.0737 2076 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:52:36.0768 2076 gpsvc - ok
14:52:36.0783 2076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:52:36.0861 2076 hcw85cir - ok
14:52:36.0924 2076 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:52:36.0971 2076 HdAudAddService - ok
14:52:36.0986 2076 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:37.0017 2076 HDAudBus - ok
14:52:37.0033 2076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:52:37.0064 2076 HidBatt - ok
14:52:37.0095 2076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:52:37.0127 2076 HidBth - ok
14:52:37.0142 2076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:52:37.0158 2076 HidIr - ok
14:52:37.0173 2076 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:52:37.0220 2076 hidserv - ok
14:52:37.0251 2076 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:52:37.0251 2076 HidUsb - ok
14:52:37.0283 2076 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:52:37.0314 2076 hkmsvc - ok
14:52:37.0361 2076 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:52:37.0376 2076 HomeGroupListener - ok
14:52:37.0407 2076 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:52:37.0439 2076 HomeGroupProvider - ok
14:52:37.0563 2076 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:52:37.0595 2076 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:52:37.0595 2076 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:52:37.0626 2076 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:52:37.0657 2076 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:52:37.0657 2076 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:52:37.0704 2076 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:52:37.0719 2076 HpSAMD - ok
14:52:37.0782 2076 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:52:37.0797 2076 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:52:37.0797 2076 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:52:37.0844 2076 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:52:37.0891 2076 HTTP - ok
14:52:37.0907 2076 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:52:37.0907 2076 hwpolicy - ok
14:52:37.0922 2076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:37.0938 2076 i8042prt - ok
14:52:37.0953 2076 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
14:52:37.0969 2076 iaStorV - ok
14:52:38.0109 2076 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:38.0125 2076 idsvc - ok
14:52:38.0141 2076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:52:38.0156 2076 iirsp - ok
14:52:38.0203 2076 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:52:38.0250 2076 IKEEXT - ok
14:52:38.0265 2076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:52:38.0281 2076 intelide - ok
14:52:38.0297 2076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:52:38.0312 2076 intelppm - ok
14:52:38.0328 2076 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:52:38.0375 2076 IPBusEnum - ok
14:52:38.0390 2076 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:38.0406 2076 IpFilterDriver - ok
14:52:38.0421 2076 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:52:38.0437 2076 IPMIDRV - ok
14:52:38.0468 2076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:52:38.0499 2076 IPNAT - ok
14:52:38.0515 2076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:52:38.0515 2076 IRENUM - ok
14:52:38.0531 2076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:52:38.0546 2076 isapnp - ok
14:52:38.0593 2076 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:52:38.0609 2076 iScsiPrt - ok
14:52:38.0624 2076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:38.0624 2076 kbdclass - ok
14:52:38.0640 2076 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:52:38.0655 2076 kbdhid - ok
14:52:38.0687 2076 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:38.0687 2076 KeyIso - ok
14:52:38.0702 2076 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:52:38.0702 2076 KSecDD - ok
14:52:38.0718 2076 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:52:38.0733 2076 KSecPkg - ok
14:52:38.0749 2076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:52:38.0780 2076 ksthunk - ok
14:52:38.0827 2076 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:52:38.0858 2076 KtmRm - ok
14:52:38.0889 2076 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:52:38.0921 2076 LanmanServer - ok
14:52:38.0952 2076 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:52:38.0983 2076 LanmanWorkstation - ok
14:52:38.0999 2076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:39.0030 2076 lltdio - ok
14:52:39.0061 2076 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:52:39.0108 2076 lltdsvc - ok
14:52:39.0123 2076 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:52:39.0139 2076 lmhosts - ok
14:52:39.0170 2076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:52:39.0186 2076 LSI_FC - ok
14:52:39.0186 2076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:52:39.0201 2076 LSI_SAS - ok
14:52:39.0217 2076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:52:39.0217 2076 LSI_SAS2 - ok
14:52:39.0233 2076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:52:39.0248 2076 LSI_SCSI - ok
14:52:39.0264 2076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:52:39.0295 2076 luafv - ok
14:52:39.0326 2076 massfilter (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys
14:52:39.0342 2076 massfilter - ok
14:52:39.0357 2076 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:52:39.0373 2076 Mcx2Svc - ok
14:52:39.0389 2076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:52:39.0389 2076 megasas - ok
14:52:39.0420 2076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:52:39.0420 2076 MegaSR - ok
14:52:39.0498 2076 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:52:39.0513 2076 Microsoft Office Groove Audit Service - ok
14:52:39.0545 2076 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:39.0607 2076 MMCSS - ok
14:52:39.0607 2076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:52:39.0654 2076 Modem - ok
14:52:39.0654 2076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:52:39.0685 2076 monitor - ok
14:52:39.0701 2076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:52:39.0701 2076 mouclass - ok
14:52:39.0701 2076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:39.0732 2076 mouhid - ok
14:52:39.0747 2076 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:52:39.0747 2076 mountmgr - ok
14:52:39.0810 2076 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:52:39.0825 2076 MozillaMaintenance - ok
14:52:39.0841 2076 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:52:39.0857 2076 mpio - ok
14:52:39.0872 2076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:52:39.0888 2076 mpsdrv - ok
14:52:39.0919 2076 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:52:39.0935 2076 MRxDAV - ok
14:52:39.0966 2076 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:40.0013 2076 mrxsmb - ok
14:52:40.0059 2076 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:40.0059 2076 mrxsmb10 - ok
14:52:40.0075 2076 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:40.0091 2076 mrxsmb20 - ok
14:52:40.0091 2076 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:52:40.0106 2076 msahci - ok
14:52:40.0122 2076 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:52:40.0122 2076 msdsm - ok
14:52:40.0153 2076 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:52:40.0184 2076 MSDTC - ok
14:52:40.0200 2076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:52:40.0215 2076 Msfs - ok
14:52:40.0247 2076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:52:40.0278 2076 mshidkmdf - ok
14:52:40.0293 2076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:52:40.0293 2076 msisadrv - ok
14:52:40.0325 2076 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:52:40.0356 2076 MSiSCSI - ok
14:52:40.0371 2076 msiserver - ok
14:52:40.0387 2076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:40.0418 2076 MSKSSRV - ok
14:52:40.0434 2076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:40.0465 2076 MSPCLOCK - ok
14:52:40.0465 2076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:52:40.0512 2076 MSPQM - ok
14:52:40.0527 2076 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:52:40.0543 2076 MsRPC - ok
14:52:40.0559 2076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:40.0559 2076 mssmbios - ok
14:52:40.0574 2076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:52:40.0605 2076 MSTEE - ok
14:52:40.0621 2076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:52:40.0637 2076 MTConfig - ok
14:52:40.0652 2076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:52:40.0668 2076 Mup - ok
14:52:40.0699 2076 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:52:40.0746 2076 napagent - ok
14:52:40.0777 2076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:40.0808 2076 NativeWifiP - ok
14:52:40.0871 2076 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:52:40.0886 2076 NDIS - ok
14:52:40.0886 2076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:40.0933 2076 NdisCap - ok
14:52:40.0949 2076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:40.0980 2076 NdisTapi - ok
14:52:40.0980 2076 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:41.0011 2076 Ndisuio - ok
14:52:41.0027 2076 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:41.0073 2076 NdisWan - ok
14:52:41.0089 2076 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:52:41.0105 2076 NDProxy - ok
14:52:41.0136 2076 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
14:52:41.0167 2076 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:52:41.0167 2076 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:52:41.0183 2076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:52:41.0276 2076 NetBIOS - ok
14:52:41.0307 2076 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:52:41.0323 2076 NetBT - ok
14:52:41.0354 2076 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:41.0354 2076 Netlogon - ok
14:52:41.0401 2076 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:52:41.0432 2076 Netman - ok
14:52:41.0541 2076 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:41.0557 2076 NetMsmqActivator - ok
14:52:41.0557 2076 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:41.0557 2076 NetPipeActivator - ok
14:52:41.0604 2076 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:52:41.0651 2076 netprofm - ok
14:52:41.0744 2076 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
14:52:41.0791 2076 netr7364 - ok
14:52:41.0822 2076 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:41.0838 2076 NetTcpActivator - ok
14:52:41.0838 2076 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:52:41.0838 2076 NetTcpPortSharing - ok
14:52:41.0869 2076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:52:41.0869 2076 nfrd960 - ok
14:52:41.0900 2076 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:52:41.0931 2076 NlaSvc - ok
14:52:41.0947 2076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:52:41.0963 2076 Npfs - ok
14:52:41.0978 2076 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:52:42.0025 2076 nsi - ok
14:52:42.0041 2076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:52:42.0072 2076 nsiproxy - ok
14:52:42.0165 2076 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
14:52:42.0181 2076 Ntfs - ok
14:52:42.0306 2076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:52:42.0337 2076 Null - ok
14:52:43.0133 2076 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:43.0289 2076 nvlddmkm - ok
14:52:43.0382 2076 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
14:52:43.0398 2076 nvraid - ok
14:52:43.0413 2076 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
14:52:43.0413 2076 nvstor - ok
14:52:43.0476 2076 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
14:52:43.0491 2076 nvsvc - ok
14:52:43.0523 2076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:52:43.0523 2076 nv_agp - ok
14:52:43.0647 2076 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:52:43.0663 2076 odserv - ok
14:52:43.0663 2076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:52:43.0679 2076 ohci1394 - ok
14:52:43.0710 2076 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:43.0710 2076 ose - ok
14:52:43.0757 2076 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:43.0803 2076 p2pimsvc - ok
14:52:43.0850 2076 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:52:43.0850 2076 p2psvc - ok
14:52:43.0913 2076 PAC207 (9e2e0723a36e4fdaa6b5e49fbfc0f859) C:\Windows\system32\DRIVERS\PFC027.SYS
14:52:43.0959 2076 PAC207 - ok
14:52:43.0975 2076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:52:43.0991 2076 Parport - ok
14:52:44.0006 2076 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:52:44.0022 2076 partmgr - ok
14:52:44.0037 2076 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:52:44.0069 2076 PcaSvc - ok
14:52:44.0100 2076 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:52:44.0100 2076 pci - ok
14:52:44.0115 2076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:52:44.0115 2076 pciide - ok
14:52:44.0147 2076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:52:44.0147 2076 pcmcia - ok
14:52:44.0162 2076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:52:44.0162 2076 pcw - ok
14:52:44.0209 2076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:52:44.0256 2076 PEAUTH - ok
14:52:44.0334 2076 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:52:44.0412 2076 PeerDistSvc - ok
14:52:44.0505 2076 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:52:44.0537 2076 PerfHost - ok
14:52:44.0693 2076 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:52:44.0724 2076 pla - ok
14:52:44.0771 2076 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:52:44.0833 2076 PlugPlay - ok
14:52:44.0880 2076 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
14:52:44.0895 2076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:52:44.0895 2076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:52:44.0911 2076 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:52:44.0942 2076 PNRPAutoReg - ok
14:52:44.0973 2076 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:44.0989 2076 PNRPsvc - ok
14:52:45.0036 2076 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:52:45.0083 2076 PolicyAgent - ok
14:52:45.0098 2076 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:52:45.0145 2076 Power - ok
14:52:45.0192 2076 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:45.0254 2076 PptpMiniport - ok
14:52:45.0254 2076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:52:45.0301 2076 Processor - ok
14:52:45.0317 2076 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:52:45.0348 2076 ProfSvc - ok
14:52:45.0379 2076 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:45.0395 2076 ProtectedStorage - ok
14:52:45.0410 2076 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:52:45.0426 2076 Psched - ok
14:52:45.0519 2076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:52:45.0535 2076 ql2300 - ok
14:52:45.0629 2076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:52:45.0644 2076 ql40xx - ok
14:52:45.0691 2076 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:52:45.0707 2076 QWAVE - ok
14:52:45.0722 2076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:52:45.0753 2076 QWAVEdrv - ok
14:52:45.0769 2076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:45.0785 2076 RasAcd - ok
14:52:45.0816 2076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:45.0831 2076 RasAgileVpn - ok
14:52:45.0847 2076 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:52:45.0894 2076 RasAuto - ok
14:52:45.0909 2076 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:45.0956 2076 Rasl2tp - ok
14:52:45.0987 2076 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:52:46.0003 2076 RasMan - ok
14:52:46.0019 2076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:46.0050 2076 RasPppoe - ok
14:52:46.0065 2076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:46.0097 2076 RasSstp - ok
14:52:46.0128 2076 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:46.0143 2076 rdbss - ok
14:52:46.0159 2076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:46.0175 2076 rdpbus - ok
14:52:46.0190 2076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:46.0221 2076 RDPCDD - ok
14:52:46.0253 2076 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:52:46.0299 2076 RDPDR - ok
14:52:46.0315 2076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:52:46.0346 2076 RDPENCDD - ok
14:52:46.0362 2076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:52:46.0393 2076 RDPREFMP - ok
14:52:46.0424 2076 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:52:46.0455 2076 RdpVideoMiniport - ok
14:52:46.0487 2076 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:52:46.0502 2076 RDPWD - ok
14:52:46.0533 2076 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:52:46.0549 2076 rdyboost - ok
14:52:46.0580 2076 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:52:46.0596 2076 RemoteAccess - ok
14:52:46.0627 2076 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:52:46.0658 2076 RemoteRegistry - ok
14:52:46.0705 2076 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
14:52:46.0736 2076 RivaTuner64 - ok
14:52:46.0752 2076 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:52:46.0799 2076 RpcEptMapper - ok
14:52:46.0814 2076 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:52:46.0830 2076 RpcLocator - ok
14:52:46.0877 2076 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:46.0892 2076 RpcSs - ok
14:52:46.0939 2076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:46.0955 2076 rspndr - ok
14:52:47.0001 2076 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
14:52:47.0017 2076 RTL8023x64 - ok
14:52:47.0095 2076 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:52:47.0126 2076 RTL8167 - ok
14:52:47.0142 2076 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:52:47.0157 2076 s3cap - ok
14:52:47.0189 2076 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:47.0204 2076 SamSs - ok
14:52:47.0220 2076 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:52:47.0235 2076 sbp2port - ok
14:52:47.0267 2076 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:52:47.0313 2076 SCardSvr - ok
14:52:47.0329 2076 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:52:47.0360 2076 scfilter - ok
14:52:47.0469 2076 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:52:47.0547 2076 Schedule - ok
14:52:47.0579 2076 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:47.0594 2076 SCPolicySvc - ok
14:52:47.0625 2076 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
14:52:47.0625 2076 ScreamBAudioSvc - ok
14:52:47.0657 2076 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:52:47.0688 2076 SDRSVC - ok
14:52:47.0703 2076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:52:47.0750 2076 secdrv - ok
14:52:47.0766 2076 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:52:47.0781 2076 seclogon - ok
14:52:47.0797 2076 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:52:47.0844 2076 SENS - ok
14:52:47.0859 2076 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:52:47.0891 2076 SensrSvc - ok
14:52:47.0906 2076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:52:47.0922 2076 Serenum - ok
14:52:47.0937 2076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:52:47.0969 2076 Serial - ok
14:52:47.0984 2076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:52:48.0000 2076 sermouse - ok
14:52:48.0031 2076 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:52:48.0062 2076 SessionEnv - ok
14:52:48.0078 2076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:52:48.0109 2076 sffdisk - ok
14:52:48.0125 2076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:48.0140 2076 sffp_mmc - ok
14:52:48.0156 2076 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:52:48.0171 2076 sffp_sd - ok
14:52:48.0171 2076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:52:48.0187 2076 sfloppy - ok
14:52:48.0218 2076 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:48.0249 2076 ShellHWDetection - ok
14:52:48.0265 2076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:52:48.0265 2076 SiSRaid2 - ok
14:52:48.0296 2076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:52:48.0296 2076 SiSRaid4 - ok
14:52:48.0359 2076 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:52:48.0374 2076 SkypeUpdate - ok
14:52:48.0390 2076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:48.0437 2076 Smb - ok
14:52:48.0452 2076 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:48.0468 2076 SNMPTRAP - ok
14:52:48.0483 2076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:48.0499 2076 spldr - ok
14:52:48.0530 2076 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:48.0561 2076 Spooler - ok
14:52:48.0717 2076 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:48.0780 2076 sppsvc - ok
14:52:48.0873 2076 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:48.0920 2076 sppuinotify - ok
14:52:48.0983 2076 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:49.0045 2076 srv - ok
14:52:49.0092 2076 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:49.0123 2076 srv2 - ok
14:52:49.0154 2076 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:49.0170 2076 srvnet - ok
14:52:49.0201 2076 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:52:49.0263 2076 ssadbus - ok
14:52:49.0279 2076 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:52:49.0310 2076 ssadmdfl - ok
14:52:49.0341 2076 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:52:49.0357 2076 ssadmdm - ok
14:52:49.0388 2076 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:52:49.0404 2076 ssadserd - ok
14:52:49.0451 2076 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:49.0497 2076 SSDPSRV - ok
14:52:49.0529 2076 ssm_bus (8e1b485aebf4743f05b4fb162f6ed430) C:\Windows\system32\DRIVERS\ssm_bus.sys
14:52:49.0544 2076 ssm_bus - ok
14:52:49.0560 2076 ssm_mdfl (1dfdee4a0e168b6362a6a0778eafdb55) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
14:52:49.0575 2076 ssm_mdfl - ok
14:52:49.0591 2076 ssm_mdm (1ffcc272f19bd84596378780f5c9843d) C:\Windows\system32\DRIVERS\ssm_mdm.sys
14:52:49.0607 2076 ssm_mdm - ok
14:52:49.0622 2076 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:49.0638 2076 SstpSvc - ok
14:52:49.0747 2076 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:52:49.0763 2076 Stereo Service - ok
14:52:49.0794 2076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:52:49.0794 2076 stexstor - ok
14:52:49.0856 2076 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:49.0872 2076 stisvc - ok
14:52:49.0903 2076 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:52:49.0903 2076 storflt - ok
14:52:49.0919 2076 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:52:49.0934 2076 storvsc - ok
14:52:49.0950 2076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:52:49.0965 2076 swenum - ok
14:52:49.0997 2076 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:50.0028 2076 swprv - ok
14:52:50.0059 2076 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
14:52:50.0075 2076 Synth3dVsc - ok
14:52:50.0153 2076 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:50.0199 2076 SysMain - ok
14:52:50.0293 2076 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:50.0324 2076 TabletInputService - ok
14:52:50.0355 2076 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:50.0418 2076 TapiSrv - ok
14:52:50.0433 2076 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:50.0465 2076 TBS - ok
14:52:50.0589 2076 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:52:50.0621 2076 Tcpip - ok
14:52:50.0777 2076 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:50.0808 2076 TCPIP6 - ok
14:52:50.0901 2076 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:50.0933 2076 tcpipreg - ok
14:52:50.0933 2076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:50.0979 2076 TDPIPE - ok
14:52:50.0995 2076 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:52:51.0042 2076 TDTCP - ok
14:52:51.0057 2076 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:51.0073 2076 tdx - ok
14:52:51.0432 2076 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:52:51.0463 2076 TeamViewer7 - ok
14:52:51.0541 2076 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:52:51.0541 2076 TermDD - ok
14:52:51.0557 2076 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:52:51.0572 2076 terminpt - ok
14:52:51.0635 2076 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:51.0666 2076 TermService - ok
14:52:51.0681 2076 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:51.0697 2076 Themes - ok
14:52:51.0713 2076 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:51.0744 2076 THREADORDER - ok
14:52:51.0759 2076 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:51.0791 2076 TrkWks - ok
14:52:51.0837 2076 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:51.0900 2076 TrustedInstaller - ok
14:52:51.0915 2076 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:51.0947 2076 tssecsrv - ok
14:52:51.0962 2076 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:52.0009 2076 TsUsbFlt - ok
14:52:52.0025 2076 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:52:52.0056 2076 TsUsbGD - ok
14:52:52.0071 2076 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:52:52.0087 2076 tsusbhub - ok
14:52:52.0103 2076 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:52.0134 2076 tunnel - ok
14:52:52.0149 2076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:52:52.0149 2076 uagp35 - ok
14:52:52.0181 2076 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:52.0227 2076 udfs - ok
14:52:52.0259 2076 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:52.0259 2076 UI0Detect - ok
14:52:52.0274 2076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:52.0274 2076 uliagpkx - ok
14:52:52.0305 2076 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:52.0321 2076 umbus - ok
14:52:52.0337 2076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:52:52.0368 2076 UmPass - ok
14:52:52.0383 2076 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:52:52.0415 2076 UmRdpService - ok
14:52:52.0446 2076 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:52.0477 2076 upnphost - ok
14:52:52.0493 2076 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:52.0508 2076 usbccgp - ok
14:52:52.0524 2076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:52.0524 2076 usbcir - ok
14:52:52.0539 2076 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
14:52:52.0555 2076 usbehci - ok
14:52:52.0586 2076 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:52.0617 2076 usbhub - ok
14:52:52.0633 2076 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:52:52.0633 2076 usbohci - ok
14:52:52.0649 2076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:52:52.0664 2076 usbprint - ok
14:52:52.0695 2076 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:52:52.0695 2076 usbscan - ok
14:52:52.0727 2076 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:52.0742 2076 USBSTOR - ok
14:52:52.0758 2076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
14:52:52.0773 2076 usbuhci - ok
14:52:52.0789 2076 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:52.0898 2076 UxSms - ok
14:52:52.0914 2076 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:52.0929 2076 VaultSvc - ok
14:52:52.0929 2076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:52.0945 2076 vdrvroot - ok
14:52:52.0992 2076 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:53.0023 2076 vds - ok
14:52:53.0054 2076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:53.0070 2076 vga - ok
14:52:53.0085 2076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:53.0117 2076 VgaSave - ok
14:52:53.0117 2076 VGPU - ok
14:52:53.0148 2076 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:53.0148 2076 vhdmp - ok
14:52:53.0163 2076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:53.0179 2076 viaide - ok
14:52:53.0210 2076 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:52:53.0210 2076 vmbus - ok
14:52:53.0226 2076 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:52:53.0241 2076 VMBusHID - ok
14:52:53.0257 2076 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:53.0257 2076 volmgr - ok
14:52:53.0288 2076 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:53.0288 2076 volmgrx - ok
14:52:53.0319 2076 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:53.0319 2076 volsnap - ok
14:52:53.0351 2076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:52:53.0351 2076 vsmraid - ok
14:52:53.0444 2076 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:53.0491 2076 VSS - ok
14:52:53.0616 2076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:53.0647 2076 vwifibus - ok
14:52:53.0663 2076 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:53.0694 2076 vwififlt - ok
14:52:53.0741 2076 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:53.0756 2076 W32Time - ok
14:52:53.0772 2076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:52:53.0803 2076 WacomPen - ok
14:52:53.0819 2076 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:53.0850 2076 WANARP - ok
14:52:53.0850 2076 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:53.0881 2076 Wanarpv6 - ok
14:52:53.0959 2076 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:53.0975 2076 WatAdminSvc - ok
14:52:54.0068 2076 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:54.0146 2076 wbengine - ok
14:52:54.0240 2076 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:54.0271 2076 WbioSrvc - ok
14:52:54.0302 2076 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:54.0333 2076 wcncsvc - ok
14:52:54.0349 2076 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:54.0411 2076 WcsPlugInService - ok
14:52:54.0474 2076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:52:54.0489 2076 Wd - ok
14:52:54.0536 2076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:54.0552 2076 Wdf01000 - ok
14:52:54.0567 2076 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:54.0677 2076 WdiServiceHost - ok
14:52:54.0677 2076 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:54.0708 2076 WdiSystemHost - ok
14:52:54.0723 2076 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:54.0755 2076 WebClient - ok
14:52:54.0770 2076 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:54.0817 2076 Wecsvc - ok
14:52:54.0833 2076 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:54.0848 2076 wercplsupport - ok
14:52:54.0864 2076 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:54.0895 2076 WerSvc - ok
14:52:54.0926 2076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:54.0942 2076 WfpLwf - ok
14:52:54.0957 2076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:54.0973 2076 WIMMount - ok
14:52:54.0973 2076 WinHttpAutoProxySvc - ok
14:52:55.0035 2076 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:55.0113 2076 Winmgmt - ok
14:52:55.0238 2076 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:55.0285 2076 WinRM - ok
14:52:55.0410 2076 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:55.0441 2076 WinUsb - ok
14:52:55.0784 2076 WinVNC4 (a932840d03cb606af35090f2b8e0bb85) C:\Program Files (x86)\TigerVNC\winvnc4.exe
14:52:55.0847 2076 WinVNC4 ( UnsignedFile.Multi.Generic ) - warning
14:52:55.0847 2076 WinVNC4 - detected UnsignedFile.Multi.Generic (1)
14:52:55.0971 2076 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:56.0003 2076 Wlansvc - ok
14:52:56.0205 2076 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:56.0252 2076 wlidsvc - ok
14:52:56.0393 2076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:56.0424 2076 WmiAcpi - ok
14:52:56.0471 2076 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:56.0502 2076 wmiApSrv - ok
14:52:56.0549 2076 WMPNetworkSvc - ok
14:52:56.0580 2076 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:56.0627 2076 WPCSvc - ok
14:52:56.0658 2076 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:56.0720 2076 WPDBusEnum - ok
14:52:56.0751 2076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:56.0783 2076 ws2ifsl - ok
14:52:56.0783 2076 WSearch - ok
14:52:56.0798 2076 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:56.0829 2076 WudfPf - ok
14:52:56.0861 2076 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:56.0892 2076 WUDFRd - ok
14:52:56.0907 2076 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:56.0923 2076 wudfsvc - ok
14:52:56.0954 2076 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:56.0985 2076 WwanSvc - ok
14:52:57.0017 2076 ZTEusbmdm6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:52:57.0048 2076 ZTEusbmdm6k - ok
14:52:57.0079 2076 ZTEusbnet (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
14:52:57.0126 2076 ZTEusbnet - ok
14:52:57.0157 2076 ZTEusbnmea (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:52:57.0188 2076 ZTEusbnmea - ok
14:52:57.0204 2076 ZTEusbser6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:52:57.0219 2076 ZTEusbser6k - ok
14:52:57.0235 2076 ZTEusbvoice (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
14:52:57.0251 2076 ZTEusbvoice - ok
14:52:57.0266 2076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:52:57.0999 2076 \Device\Harddisk1\DR1 - ok
14:52:58.0015 2076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:52:58.0452 2076 \Device\Harddisk0\DR0 - ok
14:52:58.0467 2076 Boot (0x1200) (4bfdc8ff9330cfadbe0ee101eb26bac7) \Device\Harddisk0\DR0\Partition0
14:52:58.0467 2076 \Device\Harddisk0\DR0\Partition0 - ok
14:52:58.0483 2076 Boot (0x1200) (7ce49a498b2f5324fd2c26732b94ebe9) \Device\Harddisk0\DR0\Partition1
14:52:58.0483 2076 \Device\Harddisk0\DR0\Partition1 - ok
14:52:58.0483 2076 ============================================================
14:52:58.0483 2076 Scan finished
14:52:58.0483 2076 ============================================================
14:52:58.0483 3592 Detected object count: 6
14:52:58.0483 3592 Actual detected object count: 6
14:57:04.0105 3592 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:04.0105 3592 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:04.0105 3592 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:04.0105 3592 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:04.0105 3592 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:04.0105 3592 WinVNC4 ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:04.0105 3592 WinVNC4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:11.0016 1868 Deinitialize success










AswMBR report:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 11:40:34
-----------------------------
11:40:34.154 OS Version: Windows x64 6.1.7601 Service Pack 1
11:40:34.154 Number of processors: 2 586 0x602
11:40:34.154 ComputerName: PC UserName:
11:40:36.588 Initialize success
11:40:57.711 AVAST engine defs: 12072500
11:41:09.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
11:41:09.006 Disk 0 Vendor: Maxtor_6Y120P0 YAR41BW0 Size: 117242MB BusType: 3
11:41:09.006 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
11:41:09.006 Disk 1 Vendor: SAMSUNG_SP2504C VT100-33 Size: 238475MB BusType: 3
11:41:09.177 Disk 0 MBR read successfully
11:41:09.177 Disk 0 MBR scan
11:41:09.177 Disk 0 Windows 7 default MBR code
11:41:09.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:41:09.208 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117140 MB offset 206848
11:41:09.224 Disk 0 scanning C:\Windows\system32\drivers
11:41:22.406 Service scanning
11:41:43.466 Modules scanning
11:41:43.482 Disk 0 trace - called modules:
11:41:43.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:41:43.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027a1060]
11:41:43.497 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80023019b0]
11:41:43.513 5 ACPI.sys[fffff88000e627a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002680680]
11:41:45.869 AVAST engine scan C:\Windows
11:41:47.709 AVAST engine scan C:\Windows\system32
11:43:40.373 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:43:42.229 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:44:41.353 AVAST engine scan C:\Windows\system32\drivers
11:44:52.741 AVAST engine scan C:\Users\Mareks
11:46:56.340 AVAST engine scan C:\ProgramData
11:48:40.548 Scan finished successfully
11:49:18.862 Disk 0 MBR has been saved successfully to "C:\Users\Mareks\Desktop\MBR.dat"
11:49:18.878 The log file has been saved successfully to "C:\Users\Mareks\Desktop\aswMBR.txt"

TDSSkiller report from TODAY (didn't find anything and the report is twice as short, but i'm posting it anyway)




11:39:18.0790 4248 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:39:18.0931 4248 ============================================================
11:39:18.0931 4248 Current date / time: 2012/07/25 11:39:18.0931
11:39:18.0931 4248 SystemInfo:
11:39:18.0931 4248
11:39:18.0931 4248 OS Version: 6.1.7601 ServicePack: 1.0
11:39:18.0931 4248 Product type: Workstation
11:39:18.0931 4248 ComputerName: PC
11:39:18.0931 4248 UserName: Mareks
11:39:18.0931 4248 Windows directory: C:\Windows
11:39:18.0931 4248 System windows directory: C:\Windows
11:39:18.0931 4248 Running under WOW64
11:39:18.0931 4248 Processor architecture: Intel x64
11:39:18.0931 4248 Number of processors: 2
11:39:18.0931 4248 Page size: 0x1000
11:39:18.0931 4248 Boot type: Normal boot
11:39:18.0931 4248 ============================================================
11:39:20.0069 4248 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:39:20.0085 4248 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FAE7E00 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3E08, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:39:20.0085 4248 ============================================================
11:39:20.0085 4248 \Device\Harddisk1\DR1:
11:39:20.0101 4248 MBR partitions:
11:39:20.0101 4248 \Device\Harddisk0\DR0:
11:39:20.0101 4248 MBR partitions:
11:39:20.0101 4248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:39:20.0101 4248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4CA000
11:39:20.0101 4248 ============================================================
11:39:20.0132 4248 C: <-> \Device\Harddisk0\DR0\Partition1
11:39:20.0132 4248 ============================================================
11:39:20.0132 4248 Initialize success
11:39:20.0132 4248 ============================================================
11:39:23.0283 2928 ============================================================
11:39:23.0283 2928 Scan started
11:39:23.0283 2928 Mode: Manual;
11:39:23.0283 2928 ============================================================
11:39:27.0168 2928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:39:27.0183 2928 1394ohci - ok
11:39:27.0214 2928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:39:27.0230 2928 ACPI - ok
11:39:27.0246 2928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:39:27.0246 2928 AcpiPmi - ok
11:39:27.0324 2928 AdobeARMservice - ok
11:39:28.0150 2928 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:39:28.0166 2928 AdobeFlashPlayerUpdateSvc - ok
11:39:28.0213 2928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:39:28.0228 2928 adp94xx - ok
11:39:28.0291 2928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:39:28.0306 2928 adpahci - ok
11:39:28.0322 2928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:39:28.0338 2928 adpu320 - ok
11:39:28.0400 2928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:39:28.0400 2928 AeLookupSvc - ok
11:39:28.0494 2928 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:39:28.0525 2928 AFD - ok
11:39:28.0556 2928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:39:28.0556 2928 agp440 - ok
11:39:28.0587 2928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:39:28.0587 2928 ALG - ok
11:39:28.0618 2928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:39:28.0618 2928 aliide - ok
11:39:28.0634 2928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:39:28.0634 2928 amdide - ok
11:39:28.0665 2928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:39:28.0681 2928 AmdK8 - ok
11:39:28.0712 2928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:39:28.0712 2928 AmdPPM - ok
11:39:28.0759 2928 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
11:39:28.0774 2928 amdsata - ok
11:39:28.0837 2928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:39:28.0837 2928 amdsbs - ok
11:39:28.0868 2928 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
11:39:28.0868 2928 amdxata - ok
11:39:28.0915 2928 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
11:39:28.0930 2928 androidusb - ok
11:39:28.0977 2928 anvsnddrv (e71711d37c48ac40fd3e2866a5abba51) C:\Windows\system32\drivers\anvsnddrv.sys
11:39:28.0977 2928 anvsnddrv - ok
11:39:29.0040 2928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:39:29.0040 2928 AppID - ok
11:39:29.0071 2928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:39:29.0086 2928 AppIDSvc - ok
11:39:29.0133 2928 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:39:29.0149 2928 Appinfo - ok
11:39:29.0211 2928 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:39:29.0227 2928 AppMgmt - ok
11:39:29.0274 2928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:39:29.0289 2928 arc - ok
11:39:29.0320 2928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:39:29.0320 2928 arcsas - ok
11:39:29.0742 2928 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:39:29.0773 2928 aspnet_state - ok
11:39:29.0804 2928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:29.0804 2928 AsyncMac - ok
11:39:29.0851 2928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:39:29.0851 2928 atapi - ok
11:39:29.0944 2928 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:39:29.0991 2928 AudioEndpointBuilder - ok
11:39:30.0007 2928 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:39:30.0007 2928 AudioSrv - ok
11:39:30.0054 2928 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:39:30.0054 2928 AxInstSV - ok
11:39:30.0475 2928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:39:30.0506 2928 b06bdrv - ok
11:39:30.0584 2928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:30.0600 2928 b57nd60a - ok
11:39:30.0646 2928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:39:30.0646 2928 BDESVC - ok
11:39:30.0662 2928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:39:30.0662 2928 Beep - ok
11:39:30.0724 2928 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:39:30.0756 2928 BFE - ok
11:39:30.0912 2928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:30.0927 2928 blbdrive - ok
11:39:31.0005 2928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:39:31.0005 2928 bowser - ok
11:39:31.0036 2928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:39:31.0036 2928 BrFiltLo - ok
11:39:31.0068 2928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:39:31.0068 2928 BrFiltUp - ok
11:39:31.0255 2928 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:39:31.0286 2928 BridgeMP - ok
11:39:31.0489 2928 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:39:31.0504 2928 Browser - ok
11:39:31.0551 2928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:39:31.0582 2928 Brserid - ok
11:39:31.0614 2928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:31.0614 2928 BrSerWdm - ok
11:39:31.0629 2928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:31.0629 2928 BrUsbMdm - ok
11:39:31.0645 2928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:39:31.0645 2928 BrUsbSer - ok
11:39:31.0660 2928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:39:31.0676 2928 BTHMODEM - ok
11:39:31.0692 2928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:39:31.0707 2928 bthserv - ok
11:39:31.0707 2928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:39:31.0723 2928 cdfs - ok
11:39:31.0754 2928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:39:31.0770 2928 cdrom - ok
11:39:31.0816 2928 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:39:31.0816 2928 CertPropSvc - ok
11:39:31.0832 2928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:39:31.0848 2928 circlass - ok
11:39:31.0894 2928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:39:31.0910 2928 CLFS - ok
11:39:31.0972 2928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:39:31.0988 2928 clr_optimization_v2.0.50727_32 - ok
11:39:32.0082 2928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:39:32.0097 2928 clr_optimization_v2.0.50727_64 - ok
11:39:32.0331 2928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:39:32.0331 2928 clr_optimization_v4.0.30319_32 - ok
11:39:32.0362 2928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:39:32.0378 2928 clr_optimization_v4.0.30319_64 - ok
11:39:32.0440 2928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:39:32.0440 2928 CmBatt - ok
11:39:32.0472 2928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:39:32.0472 2928 cmdide - ok
11:39:32.0550 2928 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:39:32.0565 2928 CNG - ok
11:39:32.0581 2928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:39:32.0581 2928 Compbatt - ok
11:39:32.0643 2928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:39:32.0659 2928 CompositeBus - ok
11:39:32.0659 2928 COMSysApp - ok
11:39:32.0674 2928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:39:32.0674 2928 crcdisk - ok
11:39:32.0737 2928 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:39:32.0737 2928 CryptSvc - ok
11:39:32.0846 2928 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:39:32.0862 2928 CSC - ok
11:39:32.0908 2928 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:39:32.0940 2928 CscService - ok
11:39:33.0252 2928 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:39:33.0298 2928 DcomLaunch - ok
11:39:33.0345 2928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:39:33.0361 2928 defragsvc - ok
11:39:33.0423 2928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:39:33.0439 2928 DfsC - ok
11:39:33.0486 2928 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:39:33.0517 2928 Dhcp - ok
11:39:33.0532 2928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:39:33.0532 2928 discache - ok
11:39:33.0564 2928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:39:33.0595 2928 Disk - ok
11:39:33.0626 2928 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:39:33.0626 2928 dmvsc - ok
11:39:33.0657 2928 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:39:33.0673 2928 Dnscache - ok
11:39:33.0735 2928 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:39:33.0751 2928 dot3svc - ok
11:39:33.0813 2928 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:39:33.0829 2928 Dot4 - ok
11:39:33.0844 2928 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:39:33.0844 2928 Dot4Print - ok
11:39:33.0860 2928 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:39:33.0876 2928 dot4usb - ok
11:39:33.0907 2928 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:39:33.0907 2928 DPS - ok
11:39:33.0938 2928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:39:33.0938 2928 drmkaud - ok
11:39:34.0016 2928 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:39:34.0032 2928 dtsoftbus01 - ok
11:39:34.0219 2928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:39:34.0250 2928 DXGKrnl - ok
11:39:34.0297 2928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:39:34.0312 2928 EapHost - ok
11:39:36.0153 2928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:39:36.0247 2928 ebdrv - ok
11:39:36.0465 2928 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:39:36.0481 2928 EFS - ok
11:39:36.0777 2928 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:39:36.0824 2928 ehRecvr - ok
11:39:37.0198 2928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:39:37.0198 2928 ehSched - ok
11:39:38.0166 2928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:39:38.0212 2928 elxstor - ok
11:39:38.0244 2928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:39:38.0244 2928 ErrDev - ok
11:39:38.0431 2928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:39:38.0493 2928 EventSystem - ok
11:39:38.0524 2928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:39:38.0540 2928 exfat - ok
11:39:38.0571 2928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:39:38.0587 2928 fastfat - ok
11:39:38.0790 2928 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:39:38.0852 2928 Fax - ok
11:39:38.0868 2928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:39:38.0883 2928 fdc - ok
11:39:38.0914 2928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:39:38.0914 2928 fdPHost - ok
11:39:38.0977 2928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:39:38.0992 2928 FDResPub - ok
11:39:39.0024 2928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:39:39.0039 2928 FileInfo - ok
11:39:39.0055 2928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:39:39.0070 2928 Filetrace - ok
11:39:39.0070 2928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:39:39.0133 2928 flpydisk - ok
11:39:39.0148 2928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:39:39.0164 2928 FltMgr - ok
11:39:39.0570 2928 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
11:39:39.0632 2928 FontCache - ok
11:39:39.0866 2928 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:39:39.0882 2928 FontCache3.0.0.0 - ok
11:39:40.0038 2928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:39:40.0053 2928 FsDepends - ok
11:39:40.0084 2928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:39:40.0084 2928 Fs_Rec - ok
11:39:40.0162 2928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:39:40.0178 2928 fvevol - ok
11:39:40.0209 2928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:39:40.0209 2928 gagp30kx - ok
11:39:40.0272 2928 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:39:40.0318 2928 gpsvc - ok
11:39:40.0428 2928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:39:40.0459 2928 hcw85cir - ok
11:39:40.0521 2928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:39:40.0537 2928 HdAudAddService - ok
11:39:40.0568 2928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:39:40.0584 2928 HDAudBus - ok
11:39:40.0599 2928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:39:40.0599 2928 HidBatt - ok
11:39:40.0615 2928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:39:40.0630 2928 HidBth - ok
11:39:40.0646 2928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:39:40.0662 2928 HidIr - ok
11:39:40.0693 2928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:39:40.0693 2928 hidserv - ok
11:39:40.0740 2928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:39:40.0755 2928 HidUsb - ok
11:39:40.0771 2928 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:39:40.0786 2928 hkmsvc - ok
11:39:40.0880 2928 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:39:40.0896 2928 HomeGroupListener - ok
11:39:40.0974 2928 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:39:40.0974 2928 HomeGroupProvider - ok
11:39:41.0176 2928 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:39:41.0208 2928 hpqcxs08 - ok
11:39:41.0223 2928 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:39:41.0239 2928 hpqddsvc - ok
11:39:41.0270 2928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:39:41.0286 2928 HpSAMD - ok
11:39:41.0348 2928 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:39:41.0364 2928 HPSLPSVC - ok
11:39:41.0426 2928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:39:41.0442 2928 HTTP - ok
11:39:41.0457 2928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:39:41.0457 2928 hwpolicy - ok
11:39:41.0488 2928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:39:41.0488 2928 i8042prt - ok
11:39:41.0520 2928 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
11:39:41.0535 2928 iaStorV - ok
11:39:41.0676 2928 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:39:41.0691 2928 idsvc - ok
11:39:41.0722 2928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:39:41.0722 2928 iirsp - ok
11:39:41.0800 2928 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:39:41.0832 2928 IKEEXT - ok
11:39:41.0863 2928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:39:41.0863 2928 intelide - ok
11:39:41.0894 2928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:39:41.0894 2928 intelppm - ok
11:39:41.0910 2928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:39:41.0910 2928 IPBusEnum - ok
11:39:41.0925 2928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:41.0941 2928 IpFilterDriver - ok
11:39:42.0019 2928 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:39:42.0066 2928 iphlpsvc - ok
11:39:42.0081 2928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:39:42.0081 2928 IPMIDRV - ok
11:39:42.0144 2928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:39:42.0159 2928 IPNAT - ok
11:39:42.0190 2928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:39:42.0206 2928 IRENUM - ok
11:39:42.0222 2928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:39:42.0222 2928 isapnp - ok
11:39:42.0268 2928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:39:42.0284 2928 iScsiPrt - ok
11:39:42.0315 2928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:39:42.0331 2928 kbdclass - ok
11:39:42.0362 2928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:39:42.0378 2928 kbdhid - ok
11:39:42.0409 2928 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:42.0424 2928 KeyIso - ok
11:39:42.0440 2928 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:39:42.0456 2928 KSecDD - ok
11:39:42.0471 2928 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:39:42.0487 2928 KSecPkg - ok
11:39:42.0502 2928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:39:42.0518 2928 ksthunk - ok
11:39:42.0596 2928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:39:42.0612 2928 KtmRm - ok
11:39:42.0658 2928 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:39:42.0690 2928 LanmanServer - ok
11:39:42.0721 2928 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:39:42.0736 2928 LanmanWorkstation - ok
11:39:42.0799 2928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:39:42.0799 2928 lltdio - ok
11:39:42.0814 2928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:39:42.0830 2928 lltdsvc - ok
11:39:42.0846 2928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:39:42.0861 2928 lmhosts - ok
11:39:42.0892 2928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:39:42.0892 2928 LSI_FC - ok
11:39:42.0908 2928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:39:42.0924 2928 LSI_SAS - ok
11:39:42.0939 2928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:39:42.0939 2928 LSI_SAS2 - ok
11:39:42.0955 2928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:39:42.0955 2928 LSI_SCSI - ok
11:39:42.0986 2928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:39:42.0986 2928 luafv - ok
11:39:43.0033 2928 massfilter (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys
11:39:43.0033 2928 massfilter - ok
11:39:43.0048 2928 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:39:43.0048 2928 MBAMProtector - ok
11:39:43.0189 2928 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:39:43.0189 2928 MBAMService - ok
11:39:43.0220 2928 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:39:43.0220 2928 Mcx2Svc - ok
11:39:43.0236 2928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:39:43.0236 2928 megasas - ok
11:39:43.0282 2928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:39:43.0298 2928 MegaSR - ok
11:39:43.0345 2928 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:39:43.0345 2928 Microsoft Office Groove Audit Service - ok
11:39:43.0376 2928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:39:43.0376 2928 MMCSS - ok
11:39:43.0392 2928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:39:43.0392 2928 Modem - ok
11:39:43.0423 2928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:39:43.0423 2928 monitor - ok
11:39:43.0454 2928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:39:43.0470 2928 mouclass - ok
11:39:43.0532 2928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:39:43.0532 2928 mouhid - ok
11:39:43.0548 2928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:39:43.0563 2928 mountmgr - ok
11:39:43.0641 2928 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:39:43.0641 2928 MozillaMaintenance - ok
11:39:43.0657 2928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:39:43.0672 2928 mpio - ok
11:39:43.0688 2928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:39:43.0704 2928 mpsdrv - ok
11:39:43.0719 2928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:39:43.0735 2928 MRxDAV - ok
11:39:43.0766 2928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:43.0782 2928 mrxsmb - ok
11:39:43.0797 2928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:43.0813 2928 mrxsmb10 - ok
11:39:43.0828 2928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:43.0844 2928 mrxsmb20 - ok
11:39:43.0860 2928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:39:43.0875 2928 msahci - ok
11:39:43.0906 2928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:39:43.0906 2928 msdsm - ok
11:39:43.0938 2928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:39:43.0953 2928 MSDTC - ok
11:39:43.0984 2928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:39:44.0000 2928 Msfs - ok
11:39:44.0047 2928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:39:44.0047 2928 mshidkmdf - ok
11:39:44.0062 2928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:39:44.0062 2928 msisadrv - ok
11:39:44.0094 2928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:39:44.0109 2928 MSiSCSI - ok
11:39:44.0109 2928 msiserver - ok
11:39:44.0156 2928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:39:44.0156 2928 MSKSSRV - ok
11:39:44.0172 2928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:44.0172 2928 MSPCLOCK - ok
11:39:44.0187 2928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:39:44.0187 2928 MSPQM - ok
11:39:44.0218 2928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:39:44.0234 2928 MsRPC - ok
11:39:44.0250 2928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:39:44.0265 2928 mssmbios - ok
11:39:44.0265 2928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:39:44.0265 2928 MSTEE - ok
11:39:44.0281 2928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:39:44.0296 2928 MTConfig - ok
11:39:44.0312 2928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:39:44.0312 2928 Mup - ok
11:39:44.0359 2928 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:39:44.0374 2928 napagent - ok
11:39:44.0421 2928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:39:44.0437 2928 NativeWifiP - ok
11:39:44.0499 2928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:39:44.0530 2928 NDIS - ok
11:39:44.0546 2928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:44.0562 2928 NdisCap - ok
11:39:44.0593 2928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:44.0593 2928 NdisTapi - ok
11:39:44.0624 2928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:44.0624 2928 Ndisuio - ok
11:39:44.0655 2928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:44.0671 2928 NdisWan - ok
11:39:44.0686 2928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:39:44.0702 2928 NDProxy - ok
11:39:44.0733 2928 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
11:39:44.0733 2928 Net Driver HPZ12 - ok
11:39:44.0749 2928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:39:44.0764 2928 NetBIOS - ok
11:39:44.0796 2928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:39:44.0796 2928 NetBT - ok
11:39:44.0827 2928 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:44.0827 2928 Netlogon - ok
11:39:44.0874 2928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:39:44.0889 2928 Netman - ok
11:39:45.0030 2928 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:45.0030 2928 NetMsmqActivator - ok
11:39:45.0045 2928 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:45.0045 2928 NetPipeActivator - ok
11:39:45.0108 2928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:39:45.0123 2928 netprofm - ok
11:39:45.0217 2928 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
11:39:45.0232 2928 netr7364 - ok
11:39:45.0264 2928 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:45.0264 2928 NetTcpActivator - ok
11:39:45.0264 2928 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:45.0264 2928 NetTcpPortSharing - ok
11:39:45.0310 2928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:39:45.0310 2928 nfrd960 - ok
11:39:45.0576 2928 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:39:45.0607 2928 NlaSvc - ok
11:39:45.0622 2928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:39:45.0622 2928 Npfs - ok
11:39:45.0638 2928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:39:45.0638 2928 nsi - ok
11:39:45.0669 2928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:39:45.0669 2928 nsiproxy - ok
11:39:45.0778 2928 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
11:39:45.0825 2928 Ntfs - ok
11:39:45.0950 2928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:39:45.0950 2928 Null - ok
11:39:46.0699 2928 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:39:47.0167 2928 nvlddmkm - ok
11:39:47.0245 2928 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
11:39:47.0245 2928 nvraid - ok
11:39:47.0276 2928 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
11:39:47.0292 2928 nvstor - ok
11:39:47.0370 2928 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
11:39:47.0401 2928 nvsvc - ok
11:39:47.0432 2928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:39:47.0448 2928 nv_agp - ok
11:39:47.0572 2928 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:39:47.0588 2928 odserv - ok
11:39:47.0604 2928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:39:47.0604 2928 ohci1394 - ok
11:39:47.0666 2928 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:39:47.0682 2928 ose - ok
11:39:47.0728 2928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:39:47.0744 2928 p2pimsvc - ok
11:39:47.0791 2928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:39:47.0806 2928 p2psvc - ok
11:39:47.0884 2928 PAC207 (9e2e0723a36e4fdaa6b5e49fbfc0f859) C:\Windows\system32\DRIVERS\PFC027.SYS
11:39:47.0900 2928 PAC207 - ok
11:39:47.0916 2928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:39:47.0931 2928 Parport - ok
11:39:47.0947 2928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:39:47.0947 2928 partmgr - ok
11:39:47.0978 2928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:39:47.0978 2928 PcaSvc - ok
11:39:48.0009 2928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:39:48.0009 2928 pci - ok
11:39:48.0025 2928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:39:48.0025 2928 pciide - ok
11:39:48.0056 2928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:39:48.0072 2928 pcmcia - ok
11:39:48.0087 2928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:39:48.0134 2928 pcw - ok
11:39:48.0181 2928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:39:48.0196 2928 PEAUTH - ok
11:39:48.0274 2928 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:39:48.0306 2928 PeerDistSvc - ok
11:39:48.0384 2928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:39:48.0399 2928 PerfHost - ok
11:39:48.0540 2928 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:39:48.0586 2928 pla - ok
11:39:48.0649 2928 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:39:48.0664 2928 PlugPlay - ok
11:39:48.0711 2928 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
11:39:48.0727 2928 Pml Driver HPZ12 - ok
11:39:48.0758 2928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:39:48.0774 2928 PNRPAutoReg - ok
11:39:48.0805 2928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:39:48.0820 2928 PNRPsvc - ok
11:39:48.0867 2928 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:39:48.0883 2928 PolicyAgent - ok
11:39:48.0930 2928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:39:48.0930 2928 Power - ok
11:39:49.0008 2928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:39:49.0008 2928 PptpMiniport - ok
11:39:49.0054 2928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:39:49.0054 2928 Processor - ok
11:39:49.0148 2928 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:39:49.0164 2928 ProfSvc - ok
11:39:49.0195 2928 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:49.0195 2928 ProtectedStorage - ok
11:39:49.0226 2928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:39:49.0242 2928 Psched - ok
11:39:49.0320 2928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:39:49.0366 2928 ql2300 - ok
11:39:49.0460 2928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:39:49.0460 2928 ql40xx - ok
11:39:49.0491 2928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:39:49.0491 2928 QWAVE - ok
11:39:49.0522 2928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:39:49.0522 2928 QWAVEdrv - ok
11:39:49.0538 2928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:39:49.0538 2928 RasAcd - ok
11:39:49.0585 2928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:49.0585 2928 RasAgileVpn - ok
11:39:49.0600 2928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:39:49.0600 2928 RasAuto - ok
11:39:49.0616 2928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:49.0632 2928 Rasl2tp - ok
11:39:49.0647 2928 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:39:49.0663 2928 RasMan - ok
11:39:49.0694 2928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:49.0694 2928 RasPppoe - ok
11:39:49.0741 2928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:39:49.0741 2928 RasSstp - ok
11:39:49.0788 2928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:39:49.0803 2928 rdbss - ok
11:39:49.0819 2928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:39:49.0819 2928 rdpbus - ok
11:39:49.0850 2928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:49.0850 2928 RDPCDD - ok
11:39:49.0897 2928 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:39:49.0912 2928 RDPDR - ok
11:39:49.0928 2928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:39:49.0928 2928 RDPENCDD - ok
11:39:49.0944 2928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:39:49.0944 2928 RDPREFMP - ok
11:39:49.0975 2928 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:39:49.0990 2928 RdpVideoMiniport - ok
11:39:50.0006 2928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:39:50.0022 2928 RDPWD - ok
11:39:50.0068 2928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:39:50.0084 2928 rdyboost - ok
11:39:50.0178 2928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:39:50.0178 2928 RemoteAccess - ok
11:39:50.0209 2928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:39:50.0224 2928 RemoteRegistry - ok
11:39:50.0287 2928 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
11:39:50.0287 2928 RivaTuner64 - ok
11:39:50.0302 2928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:39:50.0318 2928 RpcEptMapper - ok
11:39:50.0349 2928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:39:50.0349 2928 RpcLocator - ok
11:39:50.0380 2928 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:39:50.0380 2928 RpcSs - ok
11:39:50.0412 2928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:39:50.0412 2928 rspndr - ok
11:39:50.0458 2928 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
11:39:50.0474 2928 RTL8023x64 - ok
11:39:50.0521 2928 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:39:50.0521 2928 RTL8167 - ok
11:39:50.0552 2928 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:39:50.0552 2928 s3cap - ok
11:39:50.0599 2928 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:50.0599 2928 SamSs - ok
11:39:50.0614 2928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:39:50.0630 2928 sbp2port - ok
11:39:50.0646 2928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:39:50.0661 2928 SCardSvr - ok
11:39:50.0677 2928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:39:50.0692 2928 scfilter - ok
11:39:50.0802 2928 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:39:50.0880 2928 Schedule - ok
11:39:50.0926 2928 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:39:50.0926 2928 SCPolicySvc - ok
11:39:51.0020 2928 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
11:39:51.0020 2928 ScreamBAudioSvc - ok
11:39:51.0051 2928 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:39:51.0098 2928 SDRSVC - ok
11:39:51.0176 2928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:39:51.0176 2928 secdrv - ok
11:39:51.0192 2928 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:39:51.0207 2928 seclogon - ok
11:39:51.0223 2928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:39:51.0223 2928 SENS - ok
11:39:51.0238 2928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:39:51.0254 2928 SensrSvc - ok
11:39:51.0270 2928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:39:51.0270 2928 Serenum - ok
11:39:51.0301 2928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:39:51.0301 2928 Serial - ok
11:39:51.0332 2928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:39:51.0348 2928 sermouse - ok
11:39:51.0363 2928 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:39:51.0363 2928 SessionEnv - ok
11:39:51.0379 2928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:39:51.0394 2928 sffdisk - ok
11:39:51.0394 2928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:39:51.0394 2928 sffp_mmc - ok
11:39:51.0394 2928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:39:51.0410 2928 sffp_sd - ok
11:39:51.0410 2928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:39:51.0410 2928 sfloppy - ok
11:39:51.0457 2928 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:39:51.0488 2928 ShellHWDetection - ok
11:39:51.0504 2928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:39:51.0519 2928 SiSRaid2 - ok
11:39:51.0535 2928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:39:51.0550 2928 SiSRaid4 - ok
11:39:51.0644 2928 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:39:51.0660 2928 SkypeUpdate - ok
11:39:51.0706 2928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:39:51.0706 2928 Smb - ok
11:39:51.0769 2928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:39:51.0769 2928 SNMPTRAP - ok
11:39:51.0784 2928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:39:51.0784 2928 spldr - ok
11:39:51.0831 2928 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:39:51.0847 2928 Spooler - ok
11:39:52.0018 2928 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:39:52.0174 2928 sppsvc - ok
11:39:52.0268 2928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:39:52.0284 2928 sppuinotify - ok
11:39:52.0393 2928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:39:52.0424 2928 srv - ok
11:39:52.0471 2928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:39:52.0486 2928 srv2 - ok
11:39:52.0518 2928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:39:52.0533 2928 srvnet - ok
11:39:52.0580 2928 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
11:39:52.0580 2928 ssadbus - ok
11:39:52.0611 2928 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:39:52.0611 2928 ssadmdfl - ok
11:39:52.0627 2928 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:39:52.0642 2928 ssadmdm - ok
11:39:52.0674 2928 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
11:39:52.0689 2928 ssadserd - ok
11:39:52.0736 2928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:39:52.0752 2928 SSDPSRV - ok
11:39:52.0830 2928 ssm_bus (8e1b485aebf4743f05b4fb162f6ed430) C:\Windows\system32\DRIVERS\ssm_bus.sys
11:39:52.0845 2928 ssm_bus - ok
11:39:52.0908 2928 ssm_mdfl (1dfdee4a0e168b6362a6a0778eafdb55) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
11:39:52.0908 2928 ssm_mdfl - ok
11:39:52.0939 2928 ssm_mdm (1ffcc272f19bd84596378780f5c9843d) C:\Windows\system32\DRIVERS\ssm_mdm.sys
11:39:52.0954 2928 ssm_mdm - ok
11:39:52.0986 2928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:39:53.0001 2928 SstpSvc - ok
11:39:53.0188 2928 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:39:53.0204 2928 Stereo Service - ok
11:39:53.0220 2928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:39:53.0220 2928 stexstor - ok
11:39:53.0282 2928 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:39:53.0313 2928 stisvc - ok
11:39:53.0329 2928 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:39:53.0344 2928 storflt - ok
11:39:53.0376 2928 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:39:53.0391 2928 storvsc - ok
11:39:53.0407 2928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:39:53.0407 2928 swenum - ok
11:39:53.0454 2928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:39:53.0469 2928 swprv - ok
11:39:53.0500 2928 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
11:39:53.0516 2928 Synth3dVsc - ok
11:39:53.0610 2928 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:39:53.0656 2928 SysMain - ok
11:39:53.0750 2928 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:39:53.0750 2928 TabletInputService - ok
11:39:53.0797 2928 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:39:53.0812 2928 TapiSrv - ok
11:39:53.0828 2928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:39:53.0844 2928 TBS - ok
11:39:53.0984 2928 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:39:54.0046 2928 Tcpip - ok
11:39:54.0249 2928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:39:54.0249 2928 TCPIP6 - ok
11:39:54.0343 2928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:39:54.0343 2928 tcpipreg - ok
11:39:54.0374 2928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:39:54.0374 2928 TDPIPE - ok
11:39:54.0390 2928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:39:54.0390 2928 TDTCP - ok
11:39:54.0405 2928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:39:54.0421 2928 tdx - ok
11:39:54.0655 2928 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:39:54.0748 2928 TeamViewer7 - ok
11:39:54.0858 2928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:39:54.0858 2928 TermDD - ok
11:39:54.0889 2928 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
11:39:54.0889 2928 terminpt - ok
11:39:54.0951 2928 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:39:54.0982 2928 TermService - ok
11:39:54.0998 2928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:39:55.0014 2928 Themes - ok
11:39:55.0029 2928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:39:55.0029 2928 THREADORDER - ok
11:39:55.0045 2928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:39:55.0060 2928 TrkWks - ok
11:39:55.0123 2928 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:39:55.0154 2928 TrustedInstaller - ok
11:39:55.0248 2928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:55.0263 2928 tssecsrv - ok
11:39:55.0263 2928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:39:55.0279 2928 TsUsbFlt - ok
11:39:55.0294 2928 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:39:55.0294 2928 TsUsbGD - ok
11:39:55.0326 2928 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
11:39:55.0341 2928 tsusbhub - ok
11:39:55.0372 2928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:39:55.0372 2928 tunnel - ok
11:39:55.0388 2928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:39:55.0388 2928 uagp35 - ok
11:39:55.0419 2928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:39:55.0435 2928 udfs - ok
11:39:55.0482 2928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:39:55.0482 2928 UI0Detect - ok
11:39:55.0497 2928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:39:55.0513 2928 uliagpkx - ok
11:39:55.0544 2928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:39:55.0544 2928 umbus - ok
11:39:55.0560 2928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:39:55.0560 2928 UmPass - ok
11:39:55.0591 2928 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:39:55.0606 2928 UmRdpService - ok
11:39:55.0638 2928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:39:55.0653 2928 upnphost - ok
11:39:55.0669 2928 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:55.0669 2928 usbccgp - ok
11:39:55.0700 2928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:39:55.0700 2928 usbcir - ok
11:39:55.0716 2928 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
11:39:55.0716 2928 usbehci - ok
11:39:55.0762 2928 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
11:39:55.0778 2928 usbhub - ok
11:39:55.0794 2928 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:39:55.0809 2928 usbohci - ok
11:39:55.0825 2928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:39:55.0840 2928 usbprint - ok
11:39:55.0856 2928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:39:55.0856 2928 usbscan - ok
11:39:55.0887 2928 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:39:55.0887 2928 USBSTOR - ok
11:39:55.0903 2928 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
11:39:55.0918 2928 usbuhci - ok
11:39:55.0950 2928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:39:55.0996 2928 UxSms - ok
11:39:56.0043 2928 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:39:56.0043 2928 VaultSvc - ok
11:39:56.0059 2928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:39:56.0074 2928 vdrvroot - ok
11:39:56.0152 2928 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:39:56.0168 2928 vds - ok
11:39:56.0184 2928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:56.0199 2928 vga - ok
11:39:56.0215 2928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:39:56.0215 2928 VgaSave - ok
11:39:56.0215 2928 VGPU - ok
11:39:56.0246 2928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:39:56.0262 2928 vhdmp - ok
11:39:56.0277 2928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:39:56.0277 2928 viaide - ok
11:39:56.0308 2928 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:39:56.0324 2928 vmbus - ok
11:39:56.0340 2928 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:39:56.0355 2928 VMBusHID - ok
11:39:56.0371 2928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:39:56.0371 2928 volmgr - ok
11:39:56.0402 2928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:39:56.0418 2928 volmgrx - ok
11:39:56.0433 2928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:39:56.0449 2928 volsnap - ok
11:39:56.0480 2928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:39:56.0496 2928 vsmraid - ok
11:39:56.0620 2928 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:39:56.0667 2928 VSS - ok
11:39:56.0792 2928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:39:56.0808 2928 vwifibus - ok
11:39:56.0870 2928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:39:56.0917 2928 vwififlt - ok
11:39:56.0964 2928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:39:56.0964 2928 W32Time - ok
11:39:56.0995 2928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:39:56.0995 2928 WacomPen - ok
11:39:57.0042 2928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:57.0057 2928 WANARP - ok
11:39:57.0057 2928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:39:57.0057 2928 Wanarpv6 - ok
11:39:57.0182 2928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:39:57.0229 2928 WatAdminSvc - ok
11:39:57.0307 2928 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:39:57.0416 2928 wbengine - ok
11:39:57.0525 2928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:39:57.0541 2928 WbioSrvc - ok
11:39:57.0588 2928 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:39:57.0603 2928 wcncsvc - ok
11:39:57.0619 2928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:39:57.0619 2928 WcsPlugInService - ok
11:39:57.0681 2928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:39:57.0681 2928 Wd - ok
11:39:57.0728 2928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:39:57.0759 2928 Wdf01000 - ok
11:39:57.0775 2928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:39:57.0775 2928 WdiServiceHost - ok
11:39:57.0775 2928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:39:57.0790 2928 WdiSystemHost - ok
11:39:57.0822 2928 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:39:57.0837 2928 WebClient - ok
11:39:57.0868 2928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:39:57.0868 2928 Wecsvc - ok
11:39:57.0900 2928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:39:57.0900 2928 wercplsupport - ok
11:39:57.0915 2928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:39:57.0931 2928 WerSvc - ok
11:39:57.0993 2928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:57.0993 2928 WfpLwf - ok
11:39:58.0009 2928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:39:58.0009 2928 WIMMount - ok
11:39:58.0056 2928 WinDefend - ok
11:39:58.0071 2928 WinHttpAutoProxySvc - ok
11:39:58.0165 2928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:39:58.0165 2928 Winmgmt - ok
11:39:58.0305 2928 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:39:58.0383 2928 WinRM - ok
11:39:58.0508 2928 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:39:58.0508 2928 WinUsb - ok
11:39:58.0898 2928 WinVNC4 (a932840d03cb606af35090f2b8e0bb85) C:\Program Files (x86)\TigerVNC\winvnc4.exe
11:39:59.0038 2928 WinVNC4 - ok
11:39:59.0179 2928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:39:59.0210 2928 Wlansvc - ok
11:39:59.0475 2928 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:39:59.0553 2928 wlidsvc - ok
11:39:59.0631 2928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:39:59.0647 2928 WmiAcpi - ok
11:39:59.0678 2928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:39:59.0694 2928 wmiApSrv - ok
11:39:59.0740 2928 WMPNetworkSvc - ok
11:39:59.0772 2928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:39:59.0772 2928 WPCSvc - ok
11:39:59.0803 2928 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:39:59.0803 2928 WPDBusEnum - ok
11:39:59.0818 2928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:39:59.0834 2928 ws2ifsl - ok
11:39:59.0865 2928 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:39:59.0881 2928 wscsvc - ok
11:39:59.0881 2928 WSearch - ok
11:40:00.0037 2928 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:40:00.0130 2928 wuauserv - ok
11:40:00.0240 2928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:40:00.0255 2928 WudfPf - ok
11:40:00.0286 2928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:40:00.0302 2928 WUDFRd - ok
11:40:00.0318 2928 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:40:00.0333 2928 wudfsvc - ok
11:40:00.0364 2928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:40:00.0380 2928 WwanSvc - ok
11:40:00.0442 2928 ZTEusbmdm6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
11:40:00.0458 2928 ZTEusbmdm6k - ok
11:40:00.0489 2928 ZTEusbnet (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
11:40:00.0489 2928 ZTEusbnet - ok
11:40:00.0536 2928 ZTEusbnmea (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
11:40:00.0552 2928 ZTEusbnmea - ok
11:40:00.0598 2928 ZTEusbser6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
11:40:00.0614 2928 ZTEusbser6k - ok
11:40:00.0645 2928 ZTEusbvoice (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
11:40:00.0661 2928 ZTEusbvoice - ok
11:40:00.0692 2928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:40:00.0708 2928 \Device\Harddisk1\DR1 - ok
11:40:00.0723 2928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:40:01.0160 2928 \Device\Harddisk0\DR0 - ok
11:40:01.0160 2928 Boot (0x1200) (4bfdc8ff9330cfadbe0ee101eb26bac7) \Device\Harddisk0\DR0\Partition0
11:40:01.0176 2928 \Device\Harddisk0\DR0\Partition0 - ok
11:40:01.0176 2928 Boot (0x1200) (7ce49a498b2f5324fd2c26732b94ebe9) \Device\Harddisk0\DR0\Partition1
11:40:01.0176 2928 \Device\Harddisk0\DR0\Partition1 - ok
11:40:01.0176 2928 ============================================================
11:40:01.0176 2928 Scan finished
11:40:01.0176 2928 ============================================================
11:40:01.0191 3508 Detected object count: 0
11:40:01.0191 3508 Actual detected object count: 0
11:40:28.0366 4744 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 25 July 2012 - 02:24 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 25 July 2012 - 03:35 PM

Here is the report from combofix (it's still showing me that I have a UK ip when i look at whatismyipaddress) but i think the redirect problem has so far seemed to be fixed:



ComboFix 12-07-25.04 - User 07/25/2012 23:19:16.1.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2046.1205 [GMT 3:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\User\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\L\00000004.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\L\201d3dde
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\00000004.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\00000008.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\000000cb.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\80000000.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\80000032.@
c:\windows\Installer\{e0c28785-7c4c-1218-5c83-c7376a929379}\U\80000064.@
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\tmp1E18.tmp
c:\windows\SysWow64\tmp1E57.tmp
c:\windows\SysWow64\tmp978D.tmp
c:\windows\SysWow64\tmp97CC.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 20:24 . 2012-07-25 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 10:04 . 2012-07-24 10:04 -------- d-----w- C:\_OTL
2012-07-23 09:22 . 2012-07-23 09:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 13:04 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-21 12:31 . 2012-07-24 13:33 -------- d-----w- c:\users\Mareks
2012-07-19 14:33 . 2012-07-25 10:28 -------- d-----r- c:\users\User\Dropbox
2012-07-19 14:30 . 2012-07-25 17:11 -------- d-----w- c:\users\User\AppData\Roaming\Dropbox
2012-07-13 15:06 . 2012-07-13 15:06 -------- d-----w- c:\users\User\AppData\Roaming\PDAppFlex
2012-07-13 14:48 . 2012-07-13 14:48 -------- d-----w- c:\programdata\Blumentals
2012-07-13 14:48 . 2012-07-13 14:48 -------- d-----w- c:\program files (x86)\Easy GIF Animator
2012-07-02 23:37 . 2012-07-02 23:37 -------- d-----w- c:\program files (x86)\Citrix
2012-07-01 20:21 . 2012-07-01 20:23 -------- d-----w- c:\users\User\AppData\Roaming\Mnemosyne
2012-07-01 20:20 . 2012-07-01 20:21 -------- d-----w- c:\users\User\.matplotlib
2012-07-01 20:18 . 2012-07-21 13:13 -------- d-----w- c:\program files (x86)\Mnemosyne
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 10:39 . 2012-04-17 07:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 10:39 . 2012-01-31 16:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-07 23:46 . 2012-06-20 00:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28468B0A-F74E-4347-9398-88DAE6C65D90}\offreg.dll
2012-05-31 22:24 . 2012-05-31 19:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-31 22:24 . 2012-05-31 19:03 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-31 22:24 . 2012-05-31 19:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-31 22:24 . 2012-05-31 19:03 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 11776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-31 19952]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 167424]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 150784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-31 283200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 10:39]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:02]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 80.232.230.242 195.122.12.242
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1n36rbfj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.humandemand.com/inventory/list-campaigns/
FF - prefs.js: network.proxy.ftp - 79.125.111.150
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.http - 79.125.111.150
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 79.125.111.150
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 79.125.111.150
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*D*T*›ķSJ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*w*Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*’Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*ū­^\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*PžvL\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*m*e*l*_*a*k*a*i*-*b*e*e*p*_*b*e*e*p*_*w*Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*m*e*l*_*a*k*a*i*-*b*e*e*p*_*b*e*e*p*_*’Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*r*i*c*o*_*b*e*r*n*a*s*c*o*n*i*-*g*a*n*g*s*t*a*s*_*p*a*r*a*d*Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*r*i*c*o*_*b*e*r*n*a*s*c*o*n*i*-*g*a*n*g*s*t*a*s*_*p*a*r*a*d*’Ģ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8"!]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8"!\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3202078163-775076453-767759930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8"!]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,55,73,65,72,5c,44,65,73,6b,74,6f,70,5c,4d,
75,73,69,63,5c,44,4a,20,46,72,65,73,68,20,2d,20,47,6f,6c,64,20,44,75,73,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-25 23:29:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 20:29
.
Pre-Run: 3,458,195,456 bytes free
Post-Run: 5,968,027,648 bytes free
.
- - End Of File - - 6947BA8BCC5756B7F3BC00E3D1849B96

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 25 July 2012 - 03:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 25 July 2012 - 06:27 PM

Hi, I did what you asked and have provided the report below and it looks like there are no more redirects BUT there is still one more problem that really worries me, the fact that it showing me the wrong ip and that i'm from the UK.. i know my ip should begin with 4x.xx.xx.xx but instead it does with 9x.xx.xxx.xx and plus it shows me that i'm in Leeds UK although it should show Riga, Latvia...

I even got asked to change my internet banking password today when i tried to login to my latvian internet banking, but i'm sure i haven't set any proxies up for myself which could be causing this... any ideas?


HERES THE NEW COMBOFIX REPORT BTW:



ComboFix 12-07-26.04 - Mareks 012.07.26. 2:10.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.2046.1191 [GMT 3:00]
Running from: c:\users\Mareks\Desktop\ComboFix.exe
Command switches used :: c:\users\Mareks\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 23:16 . 2012-07-25 23:16 -------- d-----w- c:\users\User\AppData\Local\temp
2012-07-25 23:16 . 2012-07-25 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 12:56 . 2012-07-24 12:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 12:56 . 2012-07-24 12:56 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 12:56 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 10:04 . 2012-07-24 10:04 -------- d-----w- C:\_OTL
2012-07-23 09:22 . 2012-07-23 09:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 13:04 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-21 12:31 . 2012-07-24 13:33 -------- d-----w- c:\users\Mareks
2012-07-19 14:33 . 2012-07-25 10:28 -------- d-----r- c:\users\User\Dropbox
2012-07-19 14:30 . 2012-07-25 17:11 -------- d-----w- c:\users\User\AppData\Roaming\Dropbox
2012-07-13 15:06 . 2012-07-13 15:06 -------- d-----w- c:\users\User\AppData\Roaming\PDAppFlex
2012-07-13 14:48 . 2012-07-13 14:48 -------- d-----w- c:\programdata\Blumentals
2012-07-13 14:48 . 2012-07-13 14:48 -------- d-----w- c:\program files (x86)\Easy GIF Animator
2012-07-02 23:37 . 2012-07-02 23:37 -------- d-----w- c:\program files (x86)\Citrix
2012-07-01 20:21 . 2012-07-01 20:23 -------- d-----w- c:\users\User\AppData\Roaming\Mnemosyne
2012-07-01 20:20 . 2012-07-01 20:21 -------- d-----w- c:\users\User\.matplotlib
2012-07-01 20:18 . 2012-07-21 13:13 -------- d-----w- c:\program files (x86)\Mnemosyne
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 10:39 . 2012-04-17 07:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 10:39 . 2012-01-31 16:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-07 23:46 . 2012-06-20 00:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28468B0A-F74E-4347-9398-88DAE6C65D90}\offreg.dll
2012-05-31 22:24 . 2012-05-31 19:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-31 22:24 . 2012-05-31 19:03 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-31 22:24 . 2012-05-31 19:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-31 22:24 . 2012-05-31 19:03 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_20.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-25 23:19 46064 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 23:19 42340 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-01-31 16:25 . 2012-07-25 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-31 16:25 . 2012-07-25 23:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-31 16:25 . 2012-07-25 23:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-31 16:25 . 2012-07-25 17:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-31 16:25 . 2012-07-25 17:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-31 16:25 . 2012-07-25 23:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-31 16:25 . 2012-07-25 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-31 16:25 . 2012-07-25 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-31 16:25 . 2012-07-25 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-31 16:25 . 2012-07-25 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-22 06:38 . 2012-07-25 23:19 3268 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3202078163-775076453-767759930-1003_UserData.bin
+ 2012-07-25 23:17 . 2012-07-25 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 20:25 . 2012-07-25 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 20:25 . 2012-07-25 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-25 23:17 . 2012-07-25 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-25 20:09 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-25 23:16 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-21 18:55 . 2012-07-25 20:09 9767352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3202078163-775076453-767759930-1003-12288.dat
+ 2012-07-21 18:55 . 2012-07-25 23:16 9767352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3202078163-775076453-767759930-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mareks\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-01-31 19952]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 167424]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 150784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-31 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 10:39]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:02]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.232.230.242 195.122.12.242
FF - ProfilePath - c:\users\Mareks\AppData\Roaming\Mozilla\Firefox\Profiles\qgluk588.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TigerVNC\winvnc4.exe
.
**************************************************************************
.
Completion time: 2012-07-26 02:22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 23:22
ComboFix2.txt 2012-07-25 20:29
.
Pre-Run: 5 734 129 664 bytes free
Post-Run: 5 661 204 480 bytes free
.
- - End Of File - - A1B74971214C84E7BB09C9BC05021EF9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 25 July 2012 - 08:22 PM

Hello

where do you see the IP address at - the one I see is - 80.232.230.242 and 195.122.12.242

and these point to Latvia(LV) in region Eastern Europe

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 26 July 2012 - 02:20 AM

Hi, I see the IP when I go to any of the "what is my ip" websites while searching on google, all of them show me that I have an IP of 91.105.14.190


HERE ARE THE LOGS FROM THE OTL:


OTL logfile created on: 2012.07.26. 10:11:19 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Mareks\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd.

2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,20% Memory free
4,00 Gb Paging File | 3,04 Gb Available in Paging File | 76,08% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,39 Gb Total Space | 6,02 Gb Free Space | 5,26% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 13,58 Gb Free Space | 5,83% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mareks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mareks\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TigerVNC\winvnc4.exe (TigerVNC Project)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinVNC4) -- C:\Program Files (x86)\TigerVNC\winvnc4.exe (TigerVNC Project)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ssm_mdm) -- C:\Windows\SysNative\drivers\ssm_mdm.sys (MCCI Corporation)
DRV:64bit: - (ssm_bus) -- C:\Windows\SysNative\drivers\ssm_bus.sys (MCCI Corporation)
DRV:64bit: - (ssm_mdfl) -- C:\Windows\SysNative\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (anvsnddrv) -- C:\Windows\SysNative\drivers\anvsnddrv.sys (AnvSoft Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3202078163-775076453-767759930-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv
IE - HKU\S-1-5-21-3202078163-775076453-767759930-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 B3 41 24 41 67 CD 01 [binary data]
IE - HKU\S-1-5-21-3202078163-775076453-767759930-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3202078163-775076453-767759930-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3202078163-775076453-767759930-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.10 15:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 16:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.07.21 16:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareks\AppData\Roaming\Mozilla\Extensions
[2012.07.21 16:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.14 03:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 03:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 03:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012.07.26 02:18:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 12
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3202078163-775076453-767759930-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3202078163-775076453-767759930-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3202078163-775076453-767759930-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.232.230.242 195.122.12.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B62DA1-2273-4BF6-902A-FC84E60118E4}: DhcpNameServer = 80.232.230.242 195.122.12.242
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 10:10:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mareks\Desktop\OTL.exe
[2012.07.26 10:08:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.25 23:29:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.25 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\temp
[2012.07.25 23:16:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.25 23:16:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.25 23:16:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.25 11:38:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mareks\Desktop\aswMBR.exe
[2012.07.25 11:38:21 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mareks\Desktop\tdsskiller.exe
[2012.07.25 10:48:39 | 004,719,627 | R--- | C] (Swearware) -- C:\Users\Mareks\Desktop\ComboFix.exe
[2012.07.24 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\FileZilla
[2012.07.24 16:33:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mareks\Desktop\dds.scr
[2012.07.24 15:56:19 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Malwarebytes
[2012.07.24 15:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 15:56:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.24 15:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 15:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 14:57:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.24 14:57:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.24 13:04:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.23 18:16:38 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\vlc
[2012.07.23 12:22:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.22 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\NVIDIA
[2012.07.21 17:51:35 | 000,000,000 | ---D | C] -- C:\Users\Mareks\Desktop\RIPPED FROM WHATRUNSWHERE
[2012.07.21 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Macromedia
[2012.07.21 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Producteev, Inc
[2012.07.21 16:23:25 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Deployment
[2012.07.21 16:18:00 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Mozilla
[2012.07.21 16:16:10 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Mnemosyne
[2012.07.21 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Mareks\.matplotlib
[2012.07.21 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Mozilla
[2012.07.21 16:10:44 | 000,000,000 | ---D | C] -- C:\Users\Mareks\Desktop\HD
[2012.07.21 16:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Foxit Software
[2012.07.21 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\WinRAR
[2012.07.21 16:06:01 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Apps
[2012.07.21 15:59:36 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Skype
[2012.07.21 15:33:12 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Adobe
[2012.07.21 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Adobe
[2012.07.21 15:32:44 | 000,000,000 | R--D | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.07.21 15:32:44 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Searches
[2012.07.21 15:32:44 | 000,000,000 | R--D | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.21 15:32:44 | 000,000,000 | -H-D | C] -- C:\Users\Mareks\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.07.21 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Identities
[2012.07.21 15:32:27 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Contacts
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\AppData\Local\Temporary Internet Files
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Templates
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Start Menu
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\SendTo
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Recent
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\PrintHood
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\NetHood
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Documents\My Videos
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Documents\My Pictures
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Documents\My Music
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\My Documents
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Local Settings
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\AppData\Local\History
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Cookies
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\Application Data
[2012.07.21 15:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Mareks\AppData\Local\Application Data
[2012.07.21 15:31:53 | 000,000,000 | --SD | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Videos
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Saved Games
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Pictures
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Music
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Links
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Favorites
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Downloads
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Documents
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\Desktop
[2012.07.21 15:31:53 | 000,000,000 | R--D | C] -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.21 15:31:53 | 000,000,000 | -H-D | C] -- C:\Users\Mareks\AppData
[2012.07.21 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Microsoft Help
[2012.07.21 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Local\Microsoft
[2012.07.21 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Media Center Programs
[2012.07.21 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mareks\AppData\Roaming\Macromedia
[2012.07.13 17:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Blumentals
[2012.07.13 17:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator
[2012.07.13 17:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy GIF Animator
[2012.07.03 02:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012.07.01 23:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mnemosyne
[2012.07.01 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mnemosyne

========== Files - Modified Within 30 Days ==========

[2012.07.26 10:10:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mareks\Desktop\OTL.exe
[2012.07.26 10:07:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.26 10:06:49 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000UA.job
[2012.07.26 10:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 02:26:20 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 02:26:20 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 02:18:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 02:18:13 | 000,000,426 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.07.26 02:17:39 | 1608,687,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 02:17:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3202078163-775076453-767759930-1000Core.job
[2012.07.26 02:09:00 | 004,719,627 | R--- | M] (Swearware) -- C:\Users\Mareks\Desktop\ComboFix.exe
[2012.07.26 02:08:16 | 000,001,436 | ---- | M] () -- C:\Users\Mareks\Desktop\ComboFix.exe - Shortcut.lnk
[2012.07.25 11:49:18 | 000,000,512 | ---- | M] () -- C:\Users\Mareks\Desktop\MBR.dat
[2012.07.25 11:39:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mareks\Desktop\aswMBR.exe
[2012.07.25 11:38:27 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mareks\Desktop\tdsskiller.exe
[2012.07.25 11:01:53 | 001,012,656 | ---- | M] () -- C:\Users\Mareks\Desktop\rkill.exe
[2012.07.25 10:43:49 | 000,881,494 | ---- | M] () -- C:\Users\Mareks\Desktop\SecurityCheck.exe
[2012.07.24 20:55:38 | 000,110,842 | ---- | M] () -- C:\Users\Mareks\Desktop\leadbolthotspot1.png
[2012.07.24 17:22:36 | 029,739,276 | ---- | M] () -- C:\Users\Mareks\Documents\VIDEO 6 - TRACKING CONVERSIONS.mp4
[2012.07.24 16:39:58 | 000,003,083 | ---- | M] () -- C:\Users\Mareks\Desktop\Attach.zip
[2012.07.24 16:34:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mareks\Desktop\dds.scr
[2012.07.24 16:33:34 | 000,000,000 | ---- | M] () -- C:\Users\Mareks\defogger_reenable
[2012.07.24 16:01:25 | 000,000,173 | ---- | M] () -- C:\Users\Mareks\Desktop\test.bat
[2012.07.24 15:56:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 13:39:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.23 13:39:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.21 16:23:40 | 000,000,414 | ---- | M] () -- C:\Users\Mareks\Desktop\Producteev For Windows.appref-ms
[2012.07.21 16:15:22 | 000,001,952 | ---- | M] () -- C:\Users\Mareks\Desktop\PRBuzz.lnk
[2012.07.21 16:12:33 | 000,001,138 | ---- | M] () -- C:\Users\Mareks\Desktop\Dropbox.lnk
[2012.07.21 16:09:34 | 000,001,969 | ---- | M] () -- C:\Users\Mareks\Desktop\Dreamweave.lnk
[2012.07.21 16:08:47 | 000,001,810 | ---- | M] () -- C:\Users\Mareks\Desktop\Photoshop.lnk
[2012.07.21 16:07:28 | 000,002,023 | ---- | M] () -- C:\Users\Mareks\Desktop\US Proxy + Landing Page Tester.lnk
[2012.07.21 16:07:12 | 000,001,957 | ---- | M] () -- C:\Users\Mareks\Desktop\StackThatMoney.lnk
[2012.07.21 16:04:31 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.21 16:02:46 | 000,001,437 | ---- | M] () -- C:\Users\Mareks\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.07.20 13:28:54 | 000,032,912 | ---- | M] () -- C:\Users\Mareks\Desktop\TOP 10 OFFER KissMyAds Ltd. 2012_07_20.pdf
[2012.07.18 00:32:49 | 000,785,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 00:32:49 | 000,656,454 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 00:32:49 | 000,122,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 14:53:22 | 000,599,692 | ---- | M] () -- C:\Users\Mareks\Desktop\airpushguide.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012.07.26 02:08:16 | 000,001,436 | ---- | C] () -- C:\Users\Mareks\Desktop\ComboFix.exe - Shortcut.lnk
[2012.07.25 23:16:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.25 23:16:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.25 23:16:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.25 23:16:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.25 23:16:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.25 11:49:18 | 000,000,512 | ---- | C] () -- C:\Users\Mareks\Desktop\MBR.dat
[2012.07.25 11:01:40 | 001,012,656 | ---- | C] () -- C:\Users\Mareks\Desktop\rkill.exe
[2012.07.25 10:43:42 | 000,881,494 | ---- | C] () -- C:\Users\Mareks\Desktop\SecurityCheck.exe
[2012.07.24 20:55:30 | 000,110,842 | ---- | C] () -- C:\Users\Mareks\Desktop\leadbolthotspot1.png
[2012.07.24 17:19:44 | 029,739,276 | ---- | C] () -- C:\Users\Mareks\Documents\VIDEO 6 - TRACKING CONVERSIONS.mp4
[2012.07.24 16:39:58 | 000,003,083 | ---- | C] () -- C:\Users\Mareks\Desktop\Attach.zip
[2012.07.24 16:33:34 | 000,000,000 | ---- | C] () -- C:\Users\Mareks\defogger_reenable
[2012.07.24 16:01:06 | 000,000,173 | ---- | C] () -- C:\Users\Mareks\Desktop\test.bat
[2012.07.24 15:56:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 12:18:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.21 16:23:40 | 000,000,414 | ---- | C] () -- C:\Users\Mareks\Desktop\Producteev For Windows.appref-ms
[2012.07.21 16:15:22 | 000,001,952 | ---- | C] () -- C:\Users\Mareks\Desktop\PRBuzz.lnk
[2012.07.21 16:12:33 | 000,001,138 | ---- | C] () -- C:\Users\Mareks\Desktop\Dropbox.lnk
[2012.07.21 16:09:34 | 000,001,969 | ---- | C] () -- C:\Users\Mareks\Desktop\Dreamweave.lnk
[2012.07.21 16:08:47 | 000,001,810 | ---- | C] () -- C:\Users\Mareks\Desktop\Photoshop.lnk
[2012.07.21 16:07:12 | 000,002,023 | ---- | C] () -- C:\Users\Mareks\Desktop\US Proxy + Landing Page Tester.lnk
[2012.07.21 16:07:12 | 000,001,957 | ---- | C] () -- C:\Users\Mareks\Desktop\StackThatMoney.lnk
[2012.07.21 16:04:31 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.21 16:02:46 | 000,001,437 | ---- | C] () -- C:\Users\Mareks\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.07.21 15:32:50 | 000,001,409 | ---- | C] () -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.07.21 15:32:46 | 000,001,443 | ---- | C] () -- C:\Users\Mareks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.21 15:31:54 | 000,000,290 | ---- | C] () -- C:\Users\Mareks\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.07.21 15:31:54 | 000,000,272 | ---- | C] () -- C:\Users\Mareks\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.07.20 18:17:30 | 000,032,912 | ---- | C] () -- C:\Users\Mareks\Desktop\TOP 10 OFFER KissMyAds Ltd. 2012_07_20.pdf
[2012.07.19 01:22:16 | 000,599,692 | ---- | C] () -- C:\Users\Mareks\Desktop\airpushguide.pdf
[2012.07.13 17:59:46 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2012.07.13 17:57:42 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.07.13 17:57:39 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.07.13 17:57:28 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.07.13 17:57:07 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.04.15 10:43:07 | 000,000,284 | ---- | C] () -- C:\Windows\n02.ini
[2012.04.14 20:27:36 | 000,001,552 | ---- | C] () -- C:\Windows\kaillera.ini
[2012.03.09 22:58:00 | 000,000,998 | ---- | C] () -- C:\Program Files (x86)\Backlink Skyrocket.lnk
[2012.03.09 22:58:00 | 000,000,953 | ---- | C] () -- C:\Program Files (x86)\Update Skyrocket.lnk
[2012.03.09 11:56:05 | 000,000,124 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.26 15:30:50 | 000,187,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.10 16:28:15 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{e0c28785-7c4c-1218-5c83-c7376a929379}\@
[2012.02.10 15:09:58 | 000,221,288 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.02.10 15:09:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.02.07 19:35:32 | 000,790,648 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

========== Files - Unicode (All) ==========
[2012.03.12 19:41:47 | 000,001,150 | ---- | M] ()(C:\Windows\SysNative\??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????I?h???????????????????????????????????????????????????????????3usi??J?y.mp3.lnk) -- C:\Windows\SysNative\㩃啜敳獲啜敳屲敄歳潴屰畍楳屣㤰栭杩彨潣瑮慲瑳ⴭ潮彴慷楶杮扟瑵摟潲湷湩彧昨慥⹴江湵彧湡彤敪獳役污敬⥮漭慭洮㍰㌀ₘǙẠ旽传蠀␐ǝ鼀ϡ鿈ϡ龠ϡ鿰ϡꂐϡꂸϡ㛸ϡ볐ˬ뻐ˬ㮐ϡ䗨ϡ䀈ϡ뵨ˬ㴠ϡ㾸ϡ㛐ϡ䘸ϡ㰈ϡ䂨ϡ㱘ϡ㾐ϡ礰˶㯠ϡ稠˶㗠ϡ벀ˬ㮸ϡ믠ˬ뮐ˬ竨˶㲨ϡố旽I耀h楤杮愠渠睥䴠䱒琠敲散瑮漠敮㩳䌠尺獕牥屳獕牥䑜獥瑫灯䵜獵捩ぜⴴ楨桧损湯牴獡⵴愭浬獯彴畨慭彮昨慥⹴损慬敲浟条極敲⴩浯⹡灭3usiỂ旽J耀y.mp3.lnk
[2012.03.12 19:41:47 | 000,001,150 | ---- | C] ()(C:\Windows\SysNative\??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????I?h???????????????????????????????????????????????????????????3usi??J?y.mp3.lnk) -- C:\Windows\SysNative\㩃啜敳獲啜敳屲敄歳潴屰畍楳屣㤰栭杩彨潣瑮慲瑳ⴭ潮彴慷楶杮扟瑵摟潲湷湩彧昨慥⹴江湵彧湡彤敪獳役污敬⥮漭慭洮㍰㌀ₘǙẠ旽传蠀␐ǝ鼀ϡ鿈ϡ龠ϡ鿰ϡꂐϡꂸϡ㛸ϡ볐ˬ뻐ˬ㮐ϡ䗨ϡ䀈ϡ뵨ˬ㴠ϡ㾸ϡ㛐ϡ䘸ϡ㰈ϡ䂨ϡ㱘ϡ㾐ϡ礰˶㯠ϡ稠˶㗠ϡ벀ˬ㮸ϡ믠ˬ뮐ˬ竨˶㲨ϡố旽I耀h楤杮愠渠睥䴠䱒琠敲散瑮漠敮㩳䌠尺獕牥屳獕牥䑜獥瑫灯䵜獵捩ぜⴴ楨桧损湯牴獡⵴愭浬獯彴畨慭彮昨慥⹴损慬敲浟条極敲⴩浯⹡灭3usiỂ旽J耀y.mp3.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 26 July 2012 - 02:36 AM

Greetings


I am going to go over this report later as it is allot to go thru but I wanted you to see this

http://network-tools.com/default.asp?prog=lookup&host=91.105.14.190+



91.105.14.190 is from Latvia(LV) in region Eastern Europe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 26 July 2012 - 12:34 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
    @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
    :Files
    C:\Users\User\AppData\Local\{e0c28785-7c4c-1218-5c83-c7376a929379}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Marekso

Marekso
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 26 July 2012 - 01:19 PM

Things are looking good now, and the OTL didn't ask me to restart my PC or anything after finish the fix.


Here are the reports:




========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
========== FILES ==========
C:\Users\User\AppData\Local\{e0c28785-7c4c-1218-5c83-c7376a929379}\U folder moved successfully.
C:\Users\User\AppData\Local\{e0c28785-7c4c-1218-5c83-c7376a929379}\L folder moved successfully.
C:\Users\User\AppData\Local\{e0c28785-7c4c-1218-5c83-c7376a929379} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mareks\Desktop\cmd.bat deleted successfully.
C:\Users\Mareks\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mareks
->Java cache emptied: 0 bytes

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mareks
->Flash cache emptied: 61667 bytes

User: Public

User: User
->Flash cache emptied: 175320 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07262012_211427

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 AM

Posted 26 July 2012 - 02:45 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users