Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blue screen death


  • This topic is locked This topic is locked
32 replies to this topic

#1 dshah

dshah

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 01 August 2012 - 04:31 PM

Hello,
I have been keep getting blue screen death. My stop code is 0x0000000A, 0x0000007e, and 0x0000008e.

I ran the TDD kaspersky as I saw on the forum who had the same problem to remove virus that was infecting the computer. My computer does not go into the blue screen currently.

I also ran ESET online scanner, combofix, and OTL by Old timer. I am going to post the logs from all three scanner on the post here.

ComboFix 12-07-31.03 - b 08/01/2012 14:59:59.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3035.1722 [GMT -4:00]
Running from: c:\users\b\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\b\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\users\b\AppData\Local\temp
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 18:58 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04E4FCA8-90FC-4199-A378-6A59D2F23A9E}\mpengine.dll
2012-08-01 15:50 . 2012-08-01 15:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 15:48 . 2012-08-01 15:48 -------- d-----w- c:\program files\ESET
2012-08-01 13:55 . 2012-08-01 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-08-01 12:50 . 2012-08-01 12:50 -------- d-----w- c:\program files\CCleaner
2012-07-31 03:02 . 2012-07-31 03:02 -------- d-----w- c:\users\b\AppData\Roaming\PC Cleaners
2012-07-31 03:01 . 2012-07-31 03:02 -------- d-----w- c:\users\b\AppData\Roaming\PCPro
2012-07-31 03:01 . 2012-07-31 03:01 4142392 ----a-w- c:\windows\uninst.exe
2012-07-31 03:01 . 2012-07-31 03:01 -------- d-----w- c:\program files\PC Cleaners
2012-07-31 03:01 . 2012-07-31 03:01 -------- d-----w- c:\programdata\PC1Data
2012-07-31 02:55 . 2012-07-31 02:55 -------- d-----w- c:\users\b\AppData\Roaming\Uniblue
2012-07-31 02:55 . 2012-07-31 02:55 -------- d-----w- c:\program files\Uniblue
2012-07-31 01:13 . 2012-07-31 01:13 -------- d-----w- c:\program files\NirSoft
2012-07-31 00:55 . 2012-07-31 02:38 -------- d-----w- c:\programdata\Bomgar-SCC-50172D0D
2012-07-28 01:39 . 2012-07-28 01:39 -------- d-----w- c:\programdata\Tarma Installer
2012-07-28 01:27 . 2012-07-28 01:27 -------- d-----w- c:\program files\Noguska
2012-07-12 07:03 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:45 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:45 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:45 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:45 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:45 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:25 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:25 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 07:25 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:25 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:25 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 07:25 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 07:25 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 07:25 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-23 13:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 13:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 13:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 13:05 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 13:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-23 13:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2011-02-22 04:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-18 19:04 . 2012-01-18 22:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2010-11-20 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
.
c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\users\b\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2012-07-10 04:09 1250328 ----a-w- c:\users\b\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 01:38 138096 ----atw- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-22 01:59 136176 ----atw- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-09-23 22:42 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 22:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners]
2012-07-31 03:01 51979064 ----a-w- c:\program files\PC Cleaners\PCCleaners.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 20:19 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2012-07-08 18:39 68000 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-01 02:18 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMPingService;AMPingService;c:\users\b\AppData\Local\Temp\AMPing.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 01:38]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 01:38]
.
2012-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-25 22:42]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForb.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2012-07-22 c:\windows\Tasks\Norton Security Scan for b.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-03 07:42]
.
2012-07-31 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-31 18:39]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 15:16:17
ComboFix-quarantined-files.txt 2012-08-01 19:16
ComboFix2.txt 2012-08-01 14:54
.
Pre-Run: 75,355,377,664 bytes free
Post-Run: 75,602,325,504 bytes free
.
- - End Of File - - 24E9D5C8FA8544B623D9B29EFBDBDA16


ESET online scanner logs:

C:\Program Files\PC Cleaners\PCCleaners.exe a variant of Win32/PCCleaners application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\01.08.2012_11.46.18\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan
C:\Users\b\Downloads\cdbxp_setup_4.3.9.2783.exe Win32/OpenCandy application
C:\Users\b\Downloads\cnet2_CoreTempGadget_zip.exe a variant of Win32/InstallCore.D application
C:\Users\b\Downloads\cnet2_FlyDVDCopier49_exe.exe a variant of Win32/InstallCore.D application
C:\Users\b\Downloads\cnet2_PDFCompressor_exe.exe a variant of Win32/InstallCore.D application
C:\Users\b\Downloads\registryboosterplc.exe a variant of Win32/RegistryBooster application


OTL log:

OTL logfile created on: 8/1/2012 3:20:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\b\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.46% Memory free
5.93 Gb Paging File | 4.84 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.72 Gb Total Space | 70.55 Gb Free Space | 50.86% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.72 Gb Free Space | 16.66% Space Free | Partition Type: NTFS

Computer Name: B-PC | User Name: b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 15:19:59 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\b\Downloads\OTL.scr
PRC - [2012/07/18 15:04:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/23 15:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/23 15:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2008/02/12 16:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 15:04:27 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/18 19:08:39 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- C:\Users\b\AppData\Local\Temp\AMPing.exe -- (AMPingService)
SRV - [2012/07/18 15:04:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/25 10:29:06 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/03/23 15:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 16:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\AEstSrv.exe -- (AESTFilters)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\b\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/16 16:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 16:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/05/26 10:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/03/23 15:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/02/25 16:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/11/10 03:01:00 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 06:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/31 19:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/24 09:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {FD684B88-B04E-4E1E-9CE5-CBF2B4F343CF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3A616160-B085-4A12-8445-95480B2C4791}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{FD684B88-B04E-4E1E-9CE5-CBF2B4F343CF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {FD684B88-B04E-4E1E-9CE5-CBF2B4F343CF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A616160-B085-4A12-8445-95480B2C4791}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{FD684B88-B04E-4E1E-9CE5-CBF2B4F343CF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\b\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\b\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\b\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\b\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/02/27 20:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/30 22:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 15:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 00:00:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 15:04:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 00:00:09 | 000,000,000 | ---D | M]

[2012/01/18 18:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b\AppData\Roaming\Mozilla\Extensions
[2012/07/27 21:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\extensions
[2012/07/30 22:38:09 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\extensions\plugin@yontoo.com
[2012/01/18 18:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/18 15:04:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.msn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\b\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\b\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\b\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\b\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.5.1_0\plugins/npProductDetectPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\b\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\b\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\b\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\b\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.12_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.5.1_0\
CHR - Extension: Gmail = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/01 15:13:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{738C3D53-8CE9-4ABD-AB9C-91406690FF9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB1B0C6B-49AF-4750-897B-F593FA233E0B}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Bronze1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Bronze1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 15:16:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/01 15:16:18 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Local\temp
[2012/08/01 11:50:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/01 11:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/01 10:31:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/01 10:31:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/01 10:31:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/01 10:28:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 10:28:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 08:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/01 08:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/30 23:02:51 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Roaming\PC Cleaners
[2012/07/30 23:01:58 | 004,142,392 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/30 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Roaming\PCPro
[2012/07/30 23:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/07/30 23:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/07/30 23:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2012/07/30 22:55:33 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Roaming\Uniblue
[2012/07/30 22:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/07/30 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/07/30 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/07/30 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/07/30 20:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Bomgar-SCC-50172D0D
[2012/07/30 18:55:59 | 000,000,000 | ---D | C] -- C:\Users\b\Desktop\windows 7(32 bit)
[2012/07/27 21:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/07/27 21:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Noguska
[2012/07/27 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\b\Documents\Fall 2012
[2012/07/12 03:11:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 03:11:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 03:11:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 03:11:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/12 03:11:54 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 03:11:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 03:11:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/12 03:03:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 03:45:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 03:25:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 03:25:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/11/20 11:51:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\b\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/01 15:13:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/01 15:11:41 | 000,624,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/01 15:11:41 | 000,106,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/01 15:08:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
[2012/08/01 15:05:37 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 15:03:20 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 14:57:26 | 000,024,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:57:26 | 000,024,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 14:48:57 | 2386,792,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 12:14:16 | 000,011,808 | ---- | M] () -- C:\Users\b\Documents\Shah, Deval.htm
[2012/08/01 11:30:07 | 270,290,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/01 08:58:44 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/07/31 01:08:00 | 000,010,496 | ---- | M] () -- C:\bootsqm.dat
[2012/07/30 23:01:58 | 000,000,942 | ---- | M] () -- C:\Users\b\Desktop\PC Cleaner Pro.lnk
[2012/07/30 23:01:43 | 004,142,392 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/30 22:55:34 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/07/30 22:55:32 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2012/07/30 22:55:32 | 000,001,164 | ---- | M] () -- C:\Users\b\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2012/07/30 22:25:02 | 000,007,264 | ---- | M] () -- C:\Users\b\Desktop\Windows Compatibility Report.htm
[2012/07/27 21:25:34 | 000,720,896 | ---- | M] () -- C:\Users\b\Documents\Desktop Home inventory.accdb
[2012/07/27 21:18:59 | 000,202,693 | ---- | M] () -- C:\Users\b\Documents\HomeInventory.accdt
[2012/07/25 08:51:42 | 003,130,606 | ---- | M] () -- C:\Users\b\Documents\Nurse Practitioner Schools.zip
[2012/07/22 00:43:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
[2012/07/22 00:29:24 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for b.job
[2012/07/21 22:49:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
[2012/07/21 10:32:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/21 03:07:01 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
[2012/07/18 10:34:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForb.job
[2012/07/12 22:09:49 | 000,427,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 14:11:44 | 000,002,377 | ---- | M] () -- C:\Users\b\Desktop\Google Chrome.lnk
[2012/07/05 10:54:57 | 000,096,591 | ---- | M] () -- C:\Users\b\Documents\Deval Shah Rush University Withdrawal Form.pdf
[2012/07/05 01:39:12 | 000,220,406 | ---- | M] () -- C:\Users\b\Documents\non-adherence of oral medication in cancer treatements.pdf
[2012/07/05 01:22:25 | 000,141,496 | ---- | M] () -- C:\Users\b\Documents\iv vs oral medication.pdf
[2012/07/05 01:13:50 | 000,165,986 | ---- | M] () -- C:\Users\b\Documents\adherence to antibiotics.pdf
[2012/07/05 00:41:48 | 000,272,121 | ---- | M] () -- C:\Users\b\Documents\administration of drugs.pdf
[2012/07/02 23:47:34 | 000,011,687 | ---- | M] () -- C:\Users\b\Desktop\Health_Insurance_Coverage.pdf

========== Files Created - No Company Name ==========

[2012/08/01 12:14:05 | 000,011,808 | ---- | C] () -- C:\Users\b\Documents\Shah, Deval.htm
[2012/08/01 10:31:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/01 10:31:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/01 10:31:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/01 10:31:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/01 10:31:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 02:52:56 | 000,000,284 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2012/07/31 01:51:31 | 000,001,071 | ---- | C] () -- C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/07/31 01:08:00 | 000,010,496 | ---- | C] () -- C:\bootsqm.dat
[2012/07/30 23:01:58 | 000,000,942 | ---- | C] () -- C:\Users\b\Desktop\PC Cleaner Pro.lnk
[2012/07/30 22:55:34 | 000,000,208 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2012/07/30 22:55:32 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2012/07/30 22:55:32 | 000,001,164 | ---- | C] () -- C:\Users\b\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2012/07/30 22:25:02 | 000,007,264 | ---- | C] () -- C:\Users\b\Desktop\Windows Compatibility Report.htm
[2012/07/30 22:04:14 | 000,318,188 | ---- | C] () -- C:\Users\b\Desktop\Windows6.1-KB977186-x86.msu
[2012/07/30 19:15:42 | 002,027,056 | ---- | C] () -- C:\Users\b\Documents\Windows6.1-KB979444-x86.msu
[2012/07/30 19:10:52 | 002,027,056 | ---- | C] () -- C:\Windows6.1-KB979444-x86.msu
[2012/07/27 21:18:59 | 000,202,693 | ---- | C] () -- C:\Users\b\Documents\HomeInventory.accdt
[2012/07/27 21:18:58 | 000,720,896 | ---- | C] () -- C:\Users\b\Documents\Desktop Home inventory.accdb
[2012/07/25 08:51:41 | 003,130,606 | ---- | C] () -- C:\Users\b\Documents\Nurse Practitioner Schools.zip
[2012/07/05 10:54:57 | 000,096,591 | ---- | C] () -- C:\Users\b\Documents\Deval Shah Rush University Withdrawal Form.pdf
[2012/07/05 01:39:12 | 000,220,406 | ---- | C] () -- C:\Users\b\Documents\non-adherence of oral medication in cancer treatements.pdf
[2012/07/05 01:22:24 | 000,141,496 | ---- | C] () -- C:\Users\b\Documents\iv vs oral medication.pdf
[2012/07/05 01:13:50 | 000,165,986 | ---- | C] () -- C:\Users\b\Documents\adherence to antibiotics.pdf
[2012/07/05 00:41:48 | 000,272,121 | ---- | C] () -- C:\Users\b\Documents\administration of drugs.pdf
[2012/07/02 23:47:34 | 000,011,687 | ---- | C] () -- C:\Users\b\Desktop\Health_Insurance_Coverage.pdf
[2012/02/21 21:01:29 | 000,004,608 | ---- | C] () -- C:\Users\b\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 18:27:35 | 000,307,448 | ---- | C] () -- C:\Users\b\AppData\Local\census.cache
[2012/01/31 18:26:56 | 000,173,413 | ---- | C] () -- C:\Users\b\AppData\Local\ars.cache
[2012/01/31 18:14:09 | 000,000,036 | ---- | C] () -- C:\Users\b\AppData\Local\housecall.guid.cache
[2011/11/20 11:51:13 | 000,007,887 | ---- | C] () -- C:\Users\b\AppData\Roaming\pcouffin.cat
[2011/11/20 11:51:13 | 000,001,144 | ---- | C] () -- C:\Users\b\AppData\Roaming\pcouffin.inf
[2011/08/13 13:48:11 | 000,001,989 | ---- | C] () -- C:\Users\b\Adobe Reader X.lnk
[2011/06/03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/04/18 21:22:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/02 06:52:35 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/02 06:52:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/29 23:12:17 | 000,001,019 | ---- | C] () -- C:\Users\b\Documents - Shortcut.lnk
[2011/03/24 21:41:45 | 000,000,106 | ---- | C] () -- C:\Users\b\AppData\Roaming\wklnhst.dat
[2011/02/28 20:06:30 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
[2011/02/27 23:43:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/27 23:41:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/27 21:06:13 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >


EXTRAS OTL log:

OTL Extras logfile created on: 8/1/2012 3:20:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\b\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.46% Memory free
5.93 Gb Paging File | 4.84 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.72 Gb Total Space | 70.55 Gb Free Space | 50.86% Space Free | Partition Type: NTFS
Drive D: | 10.33 Gb Total Space | 1.72 Gb Free Space | 16.66% Space Free | Partition Type: NTFS

Computer Name: B-PC | User Name: b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043EBEF5-7F46-4819-9C41-8E4B00631574}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0AD0EB4D-2FC8-4C0F-9CBF-38EB6704B816}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EBF175E-BE52-4936-A0F5-7F56F8DF34AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12AEFF82-E6DB-4D52-A8E1-E72BF707E5AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{12F1E465-5260-4DF1-B072-7716F34693B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{282864DC-37FB-45A1-9CDC-C5F9B80CB76E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A096775-3611-49E0-B4B3-ABC32FB80875}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AC7559C-B971-47E3-84F8-27F7234BAF3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2AFB3E29-D55F-4922-9361-0CC7632B4FA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CCD80B3-B82C-4A89-96EF-0EFDD5AA5683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FBEEC7B-614D-45D4-89F8-E727E652AE7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3141327F-ADAF-4527-867F-657754DAACA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56480173-1F7E-4F3B-8AD8-324F01306C65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61BA4E52-514A-45A0-ACBB-C0911D81FC6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{62D73219-07B0-4CD9-A986-FEC18251094E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6F14F484-C08E-447A-979C-9C4E7139AEAD}" = rport=137 | protocol=17 | dir=out | app=system |
"{915996A4-A874-4600-A95E-779776D049D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAF5A16E-F4CF-4B2F-A106-AA205DE80F4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B29AD85C-9E1E-47CE-A5FD-1037AC547F03}" = lport=138 | protocol=17 | dir=in | app=system |
"{C87130A0-A586-459B-8E28-458A62FDA837}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D48AA8BB-1761-4A13-AEC4-2CE2399025A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE8A4405-66CB-4429-AA22-E597A2BE473B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF0059D8-E8CC-4343-925A-E92A9D97DC32}" = lport=445 | protocol=6 | dir=in | app=system |
"{F925D482-8398-40C6-9D59-0F556A64AC4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01407246-8B97-44F6-A098-58964A70F8AD}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{01ACC50C-8466-45C4-B119-E15721CF88CA}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{0975957A-D397-471B-8115-5184169E16CA}" = protocol=6 | dir=out | app=system |
"{0A1DCDCE-0AA5-4292-80BC-D495B68C3B50}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{21652543-0B4C-4AD1-A3CB-6CECE77CAEE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{23B8EC2C-E2E8-416F-BAFC-D3FBC1DA1E19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2627F5F7-7B88-4819-BA81-51DBC2EF7AAD}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{27430927-4D98-498B-A5F6-3CB43E5B2BBD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{318C1E3B-D91F-47BE-8903-25D5C20AC325}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{31DD2FF1-02D7-4730-933D-085545C1693F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37C7C285-7BF7-4165-A65F-FAE566ABE70D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E25567-AC16-4F5C-B9D3-8C107CD15FA8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3A0AB531-A50C-4302-8738-2DBD1A416B8B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{408345CE-9882-4EC8-B4E3-40E5DCB09914}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4CC4CFFB-7A4B-4BA0-AF1A-686F0D15E953}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{525F534F-39B7-43AB-87ED-4BB1C7C78960}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{53E813A8-D986-4012-982D-94107E403E20}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59F52252-9C18-4F63-88E4-8136761A0248}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{5B850295-2EB1-45CC-9A25-5352A27C8F97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6F2108F2-1E5B-4772-A43A-0B90A2D8B54F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CCD2706-295B-40DD-8D52-20EEB12232C5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7E8D1337-7C2F-4B9D-BB47-2BD0059ADB38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7FBA8159-EFF8-4F47-AA3F-627A4F636C7F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{85AB8F0E-8801-4F15-8FDA-8DD17E61BBE4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{88831333-AC07-4255-A22F-0CBFCD8B5111}" = dir=in | app=c:\users\b\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8E447BEE-4A8A-40E1-96A5-FDF24DCD2031}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974C21A1-B46B-40B7-BF0C-018F3BFB8C1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{996306AB-4657-45A4-8DB7-DE38EEBA7FAD}" = protocol=17 | dir=in | app=c:\users\b\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9BFACB3F-6CB0-4E95-A254-2714F599A096}" = protocol=6 | dir=in | app=c:\users\b\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9E5B3ADE-6BC8-4823-AFAB-001621EC3E88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A47D3D43-1C08-4C44-BCE9-6526E384EB1C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A7587DA9-2D46-4148-9EA5-C8C3B9C66493}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B4626131-450E-42C8-B8BE-F67DC94D8297}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B69B6C7B-7186-4B67-98E5-464E93E638B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B78F91A6-EEDA-4833-A23B-B212459489B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9BD1FED-63C6-488F-ABD3-BD3B26918042}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CC9BFC1A-0CF3-4906-880D-6E3E289C1428}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA9AF2E-7769-4F07-99D4-9F363B6EDCE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D1E43C02-4EE4-4A6B-B0EB-BDFBF76AB9C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D613F740-1CC4-41AF-93CE-7EFB6CADCA12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D61672DE-0E86-4B57-BDD6-AA559811C40E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EB5256A0-EE1E-40A9-ACB6-0C9F9E6070BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBE9CBA9-2FB7-413F-ADFE-07B47CFBD81D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EC1CFE02-70FC-40D0-860D-78B287A59355}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0586476-0FA7-4C0B-B0D5-FDF54207500E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F3548F54-C578-44E6-8B4F-97F5465DEEC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7330F8D-09BF-4D0C-9D81-13D444E22B44}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{03FD0983-94FE-4449-830B-99B0BCC3D1DA}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0B2A4A75-B76E-44C3-836C-B882DE63D0ED}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{1EDA3EEC-3BE8-44B6-846A-C0BCCFA94396}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{23BCA6F3-73F8-4822-82BC-37C0A17CE5A9}C:\users\b\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\b\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{5EA5F991-6EF3-4A51-8B6D-58D28DCD5E3D}C:\users\b\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\b\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{5ED078B9-F18F-43E1-93C0-DF290113BEAA}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A6923276-2B75-4947-BD89-755973E2FA6B}C:\users\b\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\b\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C1CAA5C5-0B40-4514-946A-C9B27AAE7F50}C:\users\b\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\b\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{DDFBF3C0-4E62-43B4-8721-CE0B57B2EC37}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{ED9E1B29-3105-439E-A6F2-3E4566C50EA7}C:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"UDP Query User{05BAC16C-4B88-4D21-B781-2DCECD6CD4A1}C:\users\b\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\b\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{19D14521-76ED-4FEF-B738-F09D7CE4FF17}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{47B32C26-4041-4F1B-A089-0F4A13340CAF}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{4DFB7F29-03C1-4240-A3E2-A1427EDB5EFE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{581B9C03-49FD-4365-8DFA-E0C468F3E3B2}C:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"UDP Query User{809DDF16-B020-4CEB-A595-5AB02BB81714}C:\users\b\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\b\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{AA5CF194-F082-45C9-8400-C11578B13798}C:\users\b\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\b\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DE2CAF88-9673-47F4-A8B5-D801F0A2CDD1}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{E7CA1629-47E4-4B8B-9EA6-9085CA65B140}C:\users\b\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\b\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{F3EE216E-B778-4992-B096-7847ABC7C127}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9C44DC3-CFD6-659E-D619-CE8B3DB9FCFA}" = ATI Catalyst Install Manager
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"GRE POWERPREP" = GRE POWERPREP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NSS" = Norton Security Scan
"PC Cleaners" = PC Cleaners
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"magicJack" = magicJack
"PhotoFiltre" = PhotoFiltre
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 2:14:46 PM | Computer Name = b-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FBIBLIO.DLL".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2012 2:14:51 PM | Computer Name = b-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FSTOCK.DLL".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2012 2:14:51 PM | Computer Name = b-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2012 2:14:51 PM | Computer Name = b-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FDATE.DLL".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2012 2:14:51 PM | Computer Name = b-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPLACE.DLL".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2012 2:19:32 PM | Computer Name = b-PC | Source = PerfNet | ID = 2004
Description =

Error - 8/1/2012 2:21:37 PM | Computer Name = b-PC | Source = PerfNet | ID = 2004
Description =

Error - 8/1/2012 2:27:37 PM | Computer Name = b-PC | Source = PerfNet | ID = 2004
Description =

Error - 8/1/2012 2:35:37 PM | Computer Name = b-PC | Source = PerfNet | ID = 2004
Description =

Error - 8/1/2012 2:43:37 PM | Computer Name = b-PC | Source = PerfNet | ID = 2004
Description =

Error - 8/1/2012 2:50:49 PM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/16/2011 2:22:10 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 1:22:10 AM - Error connecting to the internet. 1:22:10 AM - Unable
to contact server..

Error - 11/16/2011 2:22:17 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 1:22:15 AM - Error connecting to the internet. 1:22:15 AM - Unable
to contact server..

Error - 11/16/2011 3:22:23 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 2:22:23 AM - Error connecting to the internet. 2:22:23 AM - Unable
to contact server..

Error - 11/16/2011 3:22:30 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 2:22:28 AM - Error connecting to the internet. 2:22:28 AM - Unable
to contact server..

Error - 11/16/2011 4:22:36 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 3:22:36 AM - Error connecting to the internet. 3:22:36 AM - Unable
to contact server..

Error - 11/16/2011 4:22:43 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 3:22:41 AM - Error connecting to the internet. 3:22:41 AM - Unable
to contact server..

Error - 11/16/2011 5:22:49 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 4:22:49 AM - Error connecting to the internet. 4:22:49 AM - Unable
to contact server..

Error - 11/16/2011 5:22:56 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 4:22:54 AM - Error connecting to the internet. 4:22:54 AM - Unable
to contact server..

Error - 11/19/2011 2:05:44 PM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 1:05:44 PM - Error connecting to the internet. 1:05:44 PM - Unable
to contact server..

Error - 11/19/2011 2:05:58 PM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 1:05:50 PM - Error connecting to the internet. 1:05:50 PM - Unable
to contact server..

[ OSession Events ]
Error - 1/19/2012 11:02:53 AM | Computer Name = b-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2012 2:31:27 AM | Computer Name = b-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 7172 seconds with 780 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 8/1/2012 3:04:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/1/2012 3:04:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/1/2012 3:04:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/1/2012 3:04:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/1/2012 3:04:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/1/2012 3:05:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 8/1/2012 3:06:12 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/1/2012 3:06:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/1/2012 3:06:34 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 8/1/2012 3:13:33 PM | Computer Name = b-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

*Moderator Edit: Moved topic from Introductions to the more appropriate forum. Combofix logs should be posted in MRL. They are not allowed in other forums. ~ Queen-Evie*

Edited by Queen-Evie, 01 August 2012 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 06 August 2012 - 04:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463465 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 06 August 2012 - 08:33 PM

I have been keep getting blue screen death. My stop code is 0x0000000A, 0x0000007e, and 0x0000008e.

I ran the TDD kaspersky as I saw on the forum who had the same problem to remove virus that was infecting the computer. My computer does not go into the blue screen currently.

I also ran ESET online scanner, combofix, and OTL by Old timer. I am going to post the logs from all three scanner on the post here.

I have posted log from all those scanners in my original post.

I am posting log from DDS scanner:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by b at 20:48:30 on 2012-08-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3035.1495 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\b\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\b\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{738C3D53-8CE9-4ABD-AB9C-91406690FF9D} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2131603 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2534356 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2634656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\8797A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FB1B0C6B-49AF-4750-897B-F593FA233E0B} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\pebbyxtb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\b\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\b\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\b\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-8-4 21728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-8-4 20384]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_229f3aff50320689\AEstSrv.exe [2011-2-21 73728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 652872]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2011-8-4 278528]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-25 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-14 116648]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-8-4 1484800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-14 116648]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2011-8-4 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-27 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-27 52224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 AMPingService;AMPingService;c:\users\b\appdata\local\temp\amping.exe --> c:\users\b\appdata\local\temp\AMPing.exe [?]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-28 227896]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2011-2-21 24652]
.
=============== Created Last 30 ================
.
2012-08-03 17:24:34 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8633d4d9-b7f0-46bf-9527-9ed5767a807f}\mpengine.dll
2012-08-01 21:09:26 -------- d-----w- c:\users\b\appdata\roaming\Auslogics
2012-08-01 21:09:22 -------- d-----w- c:\program files\Auslogics
2012-08-01 19:16:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-01 19:16:18 -------- d-----w- c:\users\b\appdata\local\temp
2012-08-01 15:50:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 15:48:32 -------- d-----w- c:\program files\ESET
2012-08-01 14:31:08 98816 ----a-w- c:\windows\sed.exe
2012-08-01 14:31:08 518144 ----a-w- c:\windows\SWREG.exe
2012-08-01 14:31:08 256000 ----a-w- c:\windows\PEV.exe
2012-08-01 14:31:08 208896 ----a-w- c:\windows\MBR.exe
2012-08-01 12:50:04 -------- d-----w- c:\program files\CCleaner
2012-07-31 03:02:51 -------- d-----w- c:\users\b\appdata\roaming\PC Cleaners
2012-07-31 03:01:58 4142392 ----a-w- c:\windows\uninst.exe
2012-07-31 03:01:58 -------- d-----w- c:\users\b\appdata\roaming\PCPro
2012-07-31 03:01:57 -------- d-----w- c:\programdata\PC1Data
2012-07-31 01:13:55 -------- d-----w- c:\program files\NirSoft
2012-07-31 00:55:41 -------- d-----w- c:\programdata\Bomgar-SCC-50172D0D
2012-07-28 01:39:55 -------- d-----w- c:\programdata\Tarma Installer
2012-07-28 01:27:49 -------- d-----w- c:\program files\Noguska
2012-07-12 07:03:16 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:45:35 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:45:35 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:45:35 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:45:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:45:34 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:25:16 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:25:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:25:15 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:25:12 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:25:12 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-11 07:25:12 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 07:25:11 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-11 07:25:11 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-07-11 07:25:11 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-11 07:25:11 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
.
==================== Find3M ====================
.
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:29 AM

Posted 10 August 2012 - 11:48 AM

Greetings dshah and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:

I see you are still with us as of yesterday and would like to thank you for your patience. Since it has been 4 days since you last posted a DDS log I would like you to post a fresh one. I would also like to look at the TDSSKiller log from the previous run and I will give you instructions regarding that. Finally please run GMER as instructed in the previous posts.

While you perform the things requested please allow me a bit of time to review the information already posted.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log
  • TDSSKiller log

Edited by Oh My, 10 August 2012 - 11:52 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 August 2012 - 12:33 PM

Here is the TDSS rootkit log:

11:46:17.0866 1060 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:46:18.0134 1060 ============================================================
11:46:18.0134 1060 Current date / time: 2012/08/01 11:46:18.0134
11:46:18.0134 1060 SystemInfo:
11:46:18.0134 1060
11:46:18.0134 1060 OS Version: 6.1.7601 ServicePack: 1.0
11:46:18.0134 1060 Product type: Workstation
11:46:18.0134 1060 ComputerName: B-PC
11:46:18.0135 1060 UserName: b
11:46:18.0135 1060 Windows directory: C:\Windows
11:46:18.0135 1060 System windows directory: C:\Windows
11:46:18.0135 1060 Processor architecture: Intel x86
11:46:18.0135 1060 Number of processors: 2
11:46:18.0135 1060 Page size: 0x1000
11:46:18.0135 1060 Boot type: Safe boot with network
11:46:18.0135 1060 ============================================================
11:46:19.0507 1060 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
11:46:19.0509 1060 ============================================================
11:46:19.0509 1060 \Device\Harddisk0\DR0:
11:46:19.0509 1060 MBR partitions:
11:46:19.0509 1060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1156FFC1
11:46:19.0509 1060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11570000, BlocksNum 0x14A8000
11:46:19.0509 1060 ============================================================
11:46:19.0569 1060 C: <-> \Device\Harddisk0\DR0\Partition0
11:46:19.0614 1060 D: <-> \Device\Harddisk0\DR0\Partition1
11:46:19.0614 1060 ============================================================
11:46:19.0614 1060 Initialize success
11:46:19.0614 1060 ============================================================
11:46:21.0124 1520 ============================================================
11:46:21.0124 1520 Scan started
11:46:21.0124 1520 Mode: Manual;
11:46:21.0124 1520 ============================================================
11:46:23.0964 1520 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:46:23.0968 1520 1394ohci - ok
11:46:24.0054 1520 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:46:24.0054 1520 Accelerometer - ok
11:46:24.0117 1520 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:46:24.0121 1520 ACPI - ok
11:46:24.0179 1520 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:46:24.0180 1520 AcpiPmi - ok
11:46:24.0264 1520 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:24.0271 1520 adp94xx - ok
11:46:24.0311 1520 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:24.0316 1520 adpahci - ok
11:46:24.0332 1520 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:24.0335 1520 adpu320 - ok
11:46:24.0389 1520 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:46:24.0391 1520 AeLookupSvc - ok
11:46:24.0611 1520 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe
11:46:24.0614 1520 AESTFilters - ok
11:46:24.0700 1520 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:46:24.0705 1520 AFD - ok
11:46:24.0822 1520 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
11:46:24.0837 1520 AgereSoftModem - ok
11:46:24.0878 1520 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:46:24.0880 1520 agp440 - ok
11:46:24.0939 1520 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:46:24.0942 1520 aic78xx - ok
11:46:25.0004 1520 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:46:25.0005 1520 ALG - ok
11:46:25.0048 1520 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:46:25.0049 1520 aliide - ok
11:46:25.0087 1520 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:46:25.0088 1520 amdagp - ok
11:46:25.0109 1520 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:46:25.0110 1520 amdide - ok
11:46:25.0153 1520 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:25.0155 1520 AmdK8 - ok
11:46:25.0167 1520 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:25.0168 1520 AmdPPM - ok
11:46:25.0228 1520 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:46:25.0229 1520 amdsata - ok
11:46:25.0246 1520 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:25.0248 1520 amdsbs - ok
11:46:25.0272 1520 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:46:25.0273 1520 amdxata - ok
11:46:25.0779 1520 AMPingService - ok
11:46:25.0835 1520 ApfiltrService (b90e6ec1c41e3c6cc4f69baa9d74515c) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:46:25.0836 1520 ApfiltrService - ok
11:46:25.0891 1520 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:46:25.0893 1520 AppID - ok
11:46:25.0945 1520 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:46:25.0946 1520 AppIDSvc - ok
11:46:25.0989 1520 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:46:25.0990 1520 Appinfo - ok
11:46:26.0268 1520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:46:26.0272 1520 Apple Mobile Device - ok
11:46:26.0322 1520 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:46:26.0325 1520 AppMgmt - ok
11:46:26.0740 1520 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:46:26.0742 1520 arc - ok
11:46:26.0811 1520 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:26.0813 1520 arcsas - ok
11:46:26.0835 1520 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:26.0836 1520 AsyncMac - ok
11:46:26.0879 1520 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:46:26.0880 1520 atapi - ok
11:46:27.0036 1520 athur (49df1c094c56688fd64c211f57c7a3ad) C:\Windows\system32\DRIVERS\athur.sys
11:46:27.0059 1520 athur - ok
11:46:27.0776 1520 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:46:27.0784 1520 AudioEndpointBuilder - ok
11:46:27.0791 1520 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:46:27.0794 1520 Audiosrv - ok
11:46:27.0851 1520 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:46:27.0853 1520 AxInstSV - ok
11:46:28.0060 1520 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:46:28.0067 1520 b06bdrv - ok
11:46:28.0114 1520 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:46:28.0118 1520 b57nd60x - ok
11:46:28.0453 1520 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:46:28.0458 1520 BBSvc - ok
11:46:28.0586 1520 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:46:28.0591 1520 BBUpdate - ok
11:46:28.0811 1520 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:46:28.0826 1520 BCM43XX - ok
11:46:29.0242 1520 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:46:29.0244 1520 BDESVC - ok
11:46:29.0452 1520 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:46:29.0452 1520 Beep - ok
11:46:29.0574 1520 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:46:29.0582 1520 BFE - ok
11:46:29.0708 1520 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
11:46:29.0720 1520 BITS - ok
11:46:29.0727 1520 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:29.0728 1520 blbdrive - ok
11:46:29.0907 1520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:46:29.0914 1520 Bonjour Service - ok
11:46:29.0988 1520 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:46:29.0989 1520 bowser - ok
11:46:30.0018 1520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:30.0019 1520 BrFiltLo - ok
11:46:30.0037 1520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:30.0038 1520 BrFiltUp - ok
11:46:30.0058 1520 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:46:30.0060 1520 BridgeMP - ok
11:46:30.0116 1520 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:46:30.0118 1520 Browser - ok
11:46:30.0164 1520 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:46:30.0169 1520 Brserid - ok
11:46:30.0186 1520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:30.0187 1520 BrSerWdm - ok
11:46:30.0200 1520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:30.0201 1520 BrUsbMdm - ok
11:46:30.0216 1520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:30.0217 1520 BrUsbSer - ok
11:46:30.0241 1520 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:30.0243 1520 BTHMODEM - ok
11:46:30.0321 1520 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:46:30.0323 1520 bthserv - ok
11:46:30.0920 1520 catchme - ok
11:46:30.0970 1520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:46:30.0972 1520 cdfs - ok
11:46:31.0084 1520 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:46:31.0086 1520 cdrom - ok
11:46:31.0174 1520 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:46:31.0176 1520 CertPropSvc - ok
11:46:31.0230 1520 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:46:31.0232 1520 circlass - ok
11:46:31.0292 1520 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:46:31.0297 1520 CLFS - ok
11:46:31.0547 1520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:31.0552 1520 clr_optimization_v2.0.50727_32 - ok
11:46:31.0684 1520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:46:31.0760 1520 clr_optimization_v4.0.30319_32 - ok
11:46:31.0791 1520 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:31.0792 1520 CmBatt - ok
11:46:31.0852 1520 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:46:31.0853 1520 cmdide - ok
11:46:31.0897 1520 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
11:46:31.0903 1520 CNG - ok
11:46:32.0126 1520 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:46:32.0131 1520 Com4QLBEx - ok
11:46:32.0192 1520 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:46:32.0193 1520 Compbatt - ok
11:46:32.0252 1520 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:46:32.0253 1520 CompositeBus - ok
11:46:32.0278 1520 COMSysApp - ok
11:46:32.0286 1520 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:32.0287 1520 crcdisk - ok
11:46:32.0364 1520 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
11:46:32.0367 1520 CryptSvc - ok
11:46:32.0426 1520 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:46:32.0433 1520 CSC - ok
11:46:32.0509 1520 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:46:32.0518 1520 CscService - ok
11:46:32.0552 1520 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:46:32.0558 1520 DcomLaunch - ok
11:46:32.0614 1520 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:46:32.0618 1520 defragsvc - ok
11:46:32.0802 1520 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:46:32.0804 1520 DfsC - ok
11:46:32.0886 1520 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:46:32.0891 1520 Dhcp - ok
11:46:32.0938 1520 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:46:32.0939 1520 discache - ok
11:46:32.0964 1520 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:46:32.0966 1520 Disk - ok
11:46:33.0013 1520 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:46:33.0016 1520 Dnscache - ok
11:46:33.0062 1520 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:46:33.0068 1520 dot3svc - ok
11:46:33.0114 1520 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:46:33.0118 1520 DPS - ok
11:46:33.0168 1520 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:46:33.0168 1520 drmkaud - ok
11:46:33.0683 1520 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:46:33.0694 1520 DXGKrnl - ok
11:46:33.0758 1520 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:46:33.0760 1520 EapHost - ok
11:46:34.0015 1520 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:46:34.0060 1520 ebdrv - ok
11:46:34.0479 1520 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:46:34.0480 1520 EFS - ok
11:46:34.0656 1520 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:46:34.0665 1520 ehRecvr - ok
11:46:34.0714 1520 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:46:34.0716 1520 ehSched - ok
11:46:34.0920 1520 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:46:34.0927 1520 elxstor - ok
11:46:34.0974 1520 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
11:46:34.0975 1520 enecir - ok
11:46:35.0009 1520 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:46:35.0010 1520 ErrDev - ok
11:46:35.0088 1520 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:46:35.0093 1520 EventSystem - ok
11:46:35.0126 1520 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:46:35.0129 1520 exfat - ok
11:46:35.0142 1520 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:46:35.0145 1520 fastfat - ok
11:46:35.0237 1520 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:46:35.0245 1520 Fax - ok
11:46:35.0250 1520 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:46:35.0251 1520 fdc - ok
11:46:35.0275 1520 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:46:35.0276 1520 fdPHost - ok
11:46:35.0282 1520 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:46:35.0284 1520 FDResPub - ok
11:46:35.0290 1520 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:46:35.0292 1520 FileInfo - ok
11:46:35.0296 1520 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:46:35.0297 1520 Filetrace - ok
11:46:35.0301 1520 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:35.0302 1520 flpydisk - ok
11:46:35.0342 1520 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:46:35.0346 1520 FltMgr - ok
11:46:35.0444 1520 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:46:35.0460 1520 FontCache - ok
11:46:35.0650 1520 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:46:35.0653 1520 FontCache3.0.0.0 - ok
11:46:35.0660 1520 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:46:35.0661 1520 FsDepends - ok
11:46:35.0707 1520 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:46:35.0708 1520 Fs_Rec - ok
11:46:35.0787 1520 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:46:35.0790 1520 fvevol - ok
11:46:35.0836 1520 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:35.0837 1520 gagp30kx - ok
11:46:35.0893 1520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:35.0894 1520 GEARAspiWDM - ok
11:46:35.0972 1520 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:46:35.0982 1520 gpsvc - ok
11:46:36.0218 1520 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
11:46:36.0220 1520 gupdate - ok
11:46:36.0224 1520 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
11:46:36.0225 1520 gupdatem - ok
11:46:36.0276 1520 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:46:36.0280 1520 gusvc - ok
11:46:36.0313 1520 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:46:36.0314 1520 hcw85cir - ok
11:46:36.0374 1520 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:46:36.0375 1520 HDAudBus - ok
11:46:36.0380 1520 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:36.0381 1520 HidBatt - ok
11:46:36.0412 1520 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:46:36.0414 1520 HidBth - ok
11:46:36.0419 1520 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:46:36.0421 1520 HidIr - ok
11:46:36.0462 1520 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
11:46:36.0465 1520 hidserv - ok
11:46:36.0512 1520 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:46:36.0513 1520 HidUsb - ok
11:46:36.0553 1520 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:46:36.0556 1520 hkmsvc - ok
11:46:36.0603 1520 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:46:36.0607 1520 HomeGroupListener - ok
11:46:36.0706 1520 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:46:36.0710 1520 HomeGroupProvider - ok
11:46:36.0853 1520 HP Health Check Service (d13e6bfd7e9189d26a42e94cb2447044) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
11:46:36.0856 1520 HP Health Check Service - ok
11:46:36.0885 1520 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:46:36.0886 1520 hpdskflt - ok
11:46:36.0908 1520 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:46:36.0909 1520 HpqKbFiltr - ok
11:46:36.0988 1520 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:46:36.0993 1520 hpqwmiex - ok
11:46:37.0080 1520 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:46:37.0082 1520 HpSAMD - ok
11:46:37.0086 1520 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\Windows\system32\Hpservice.exe
11:46:37.0089 1520 hpsrv - ok
11:46:37.0166 1520 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:46:37.0174 1520 HTTP - ok
11:46:37.0207 1520 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:46:37.0207 1520 hwpolicy - ok
11:46:37.0276 1520 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:46:37.0278 1520 i8042prt - ok
11:46:37.0385 1520 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:46:37.0391 1520 iaStorV - ok
11:46:37.0573 1520 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:46:37.0576 1520 IDriverT - ok
11:46:37.0832 1520 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:46:37.0846 1520 idsvc - ok
11:46:38.0916 1520 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:46:39.0128 1520 igfx - ok
11:46:39.0695 1520 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:46:39.0696 1520 iirsp - ok
11:46:39.0802 1520 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:46:39.0813 1520 IKEEXT - ok
11:46:39.0890 1520 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
11:46:39.0892 1520 IntcHdmiAddService - ok
11:46:39.0929 1520 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:46:39.0930 1520 intelide - ok
11:46:39.0964 1520 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:46:39.0965 1520 intelppm - ok
11:46:40.0022 1520 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:46:40.0025 1520 IPBusEnum - ok
11:46:40.0032 1520 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:40.0034 1520 IpFilterDriver - ok
11:46:40.0128 1520 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:46:40.0137 1520 iphlpsvc - ok
11:46:40.0162 1520 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:46:40.0163 1520 IPMIDRV - ok
11:46:40.0200 1520 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:46:40.0202 1520 IPNAT - ok
11:46:40.0425 1520 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
11:46:40.0438 1520 iPod Service - ok
11:46:40.0466 1520 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:46:40.0467 1520 IRENUM - ok
11:46:40.0623 1520 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:46:40.0625 1520 isapnp - ok
11:46:40.0670 1520 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:46:40.0674 1520 iScsiPrt - ok
11:46:40.0704 1520 JMCR (858ce8ccd0fa4845aeb1a9c89ec3a0f2) C:\Windows\system32\DRIVERS\jmcr.sys
11:46:40.0706 1520 JMCR - ok
11:46:40.0922 1520 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
11:46:40.0937 1520 jswpsapi - ok
11:46:41.0000 1520 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
11:46:41.0001 1520 jswpslwf - ok
11:46:41.0044 1520 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:46:41.0044 1520 kbdclass - ok
11:46:41.0085 1520 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:46:41.0086 1520 kbdhid - ok
11:46:41.0139 1520 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:46:41.0140 1520 KeyIso - ok
11:46:41.0193 1520 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
11:46:41.0194 1520 KSecDD - ok
11:46:41.0217 1520 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
11:46:41.0219 1520 KSecPkg - ok
11:46:41.0270 1520 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:46:41.0277 1520 KtmRm - ok
11:46:41.0323 1520 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
11:46:41.0328 1520 LanmanServer - ok
11:46:41.0372 1520 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:46:41.0376 1520 LanmanWorkstation - ok
11:46:41.0589 1520 LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:46:41.0592 1520 LightScribeService - ok
11:46:41.0666 1520 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:46:41.0668 1520 lltdio - ok
11:46:41.0723 1520 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:46:41.0727 1520 lltdsvc - ok
11:46:41.0732 1520 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:46:41.0733 1520 lmhosts - ok
11:46:41.0795 1520 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:46:41.0797 1520 LSI_FC - ok
11:46:41.0813 1520 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:46:41.0815 1520 LSI_SAS - ok
11:46:41.0821 1520 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:46:41.0823 1520 LSI_SAS2 - ok
11:46:41.0832 1520 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:46:41.0834 1520 LSI_SCSI - ok
11:46:41.0842 1520 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:46:41.0844 1520 luafv - ok
11:46:41.0926 1520 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
11:46:41.0927 1520 MBAMProtector - ok
11:46:42.0052 1520 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:46:42.0064 1520 MBAMService - ok
11:46:42.0156 1520 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
11:46:42.0160 1520 mcdbus - ok
11:46:42.0198 1520 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:46:42.0201 1520 Mcx2Svc - ok
11:46:42.0241 1520 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:46:42.0243 1520 megasas - ok
11:46:42.0289 1520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:46:42.0294 1520 MegaSR - ok
11:46:42.0438 1520 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:46:42.0440 1520 Microsoft Office Groove Audit Service - ok
11:46:42.0486 1520 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:46:42.0489 1520 MMCSS - ok
11:46:42.0497 1520 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:46:42.0498 1520 Modem - ok
11:46:42.0535 1520 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:46:42.0536 1520 monitor - ok
11:46:42.0586 1520 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:46:42.0587 1520 mouclass - ok
11:46:42.0612 1520 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:46:42.0613 1520 mouhid - ok
11:46:42.0670 1520 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:46:42.0671 1520 mountmgr - ok
11:46:42.0773 1520 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:46:42.0776 1520 MozillaMaintenance - ok
11:46:42.0822 1520 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:46:42.0824 1520 mpio - ok
11:46:42.0850 1520 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:46:42.0852 1520 mpsdrv - ok
11:46:42.0928 1520 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:46:42.0937 1520 MpsSvc - ok
11:46:42.0968 1520 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:46:42.0971 1520 MRxDAV - ok
11:46:43.0041 1520 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:43.0043 1520 mrxsmb - ok
11:46:43.0085 1520 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:43.0089 1520 mrxsmb10 - ok
11:46:43.0110 1520 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:43.0112 1520 mrxsmb20 - ok
11:46:43.0137 1520 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:46:43.0138 1520 msahci - ok
11:46:43.0185 1520 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:46:43.0187 1520 msdsm - ok
11:46:43.0244 1520 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:46:43.0248 1520 MSDTC - ok
11:46:43.0296 1520 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:46:43.0297 1520 Msfs - ok
11:46:43.0300 1520 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:46:43.0301 1520 mshidkmdf - ok
11:46:43.0321 1520 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:46:43.0322 1520 msisadrv - ok
11:46:43.0400 1520 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:46:43.0404 1520 MSiSCSI - ok
11:46:43.0407 1520 msiserver - ok
11:46:43.0432 1520 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:43.0433 1520 MSKSSRV - ok
11:46:43.0473 1520 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:43.0474 1520 MSPCLOCK - ok
11:46:43.0505 1520 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:46:43.0505 1520 MSPQM - ok
11:46:43.0531 1520 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:46:43.0534 1520 MsRPC - ok
11:46:43.0597 1520 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:46:43.0598 1520 mssmbios - ok
11:46:43.0601 1520 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:46:43.0602 1520 MSTEE - ok
11:46:43.0607 1520 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:43.0608 1520 MTConfig - ok
11:46:43.0615 1520 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:46:43.0616 1520 Mup - ok
11:46:43.0681 1520 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:46:43.0688 1520 napagent - ok
11:46:43.0744 1520 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:43.0749 1520 NativeWifiP - ok
11:46:43.0843 1520 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:46:43.0854 1520 NDIS - ok
11:46:43.0879 1520 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:43.0880 1520 NdisCap - ok
11:46:43.0904 1520 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:43.0906 1520 NdisTapi - ok
11:46:43.0950 1520 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:43.0952 1520 Ndisuio - ok
11:46:43.0996 1520 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:43.0999 1520 NdisWan - ok
11:46:44.0052 1520 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:46:44.0054 1520 NDProxy - ok
11:46:44.0087 1520 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:46:44.0088 1520 NetBIOS - ok
11:46:44.0142 1520 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:46:44.0145 1520 NetBT - ok
11:46:44.0182 1520 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:46:44.0184 1520 Netlogon - ok
11:46:44.0242 1520 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:46:44.0248 1520 Netman - ok
11:46:44.0300 1520 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:46:44.0308 1520 netprofm - ok
11:46:44.0498 1520 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:46:44.0501 1520 NetTcpPortSharing - ok
11:46:44.0556 1520 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:44.0557 1520 nfrd960 - ok
11:46:44.0605 1520 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:46:44.0610 1520 NlaSvc - ok
11:46:44.0646 1520 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:46:44.0647 1520 Npfs - ok
11:46:44.0695 1520 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:46:44.0696 1520 nsi - ok
11:46:44.0701 1520 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:46:44.0702 1520 nsiproxy - ok
11:46:44.0822 1520 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:46:44.0840 1520 Ntfs - ok
11:46:44.0884 1520 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:46:44.0884 1520 Null - ok
11:46:44.0934 1520 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:46:44.0937 1520 nvraid - ok
11:46:44.0963 1520 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:46:44.0966 1520 nvstor - ok
11:46:45.0013 1520 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:46:45.0015 1520 nv_agp - ok
11:46:45.0280 1520 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:46:45.0287 1520 odserv - ok
11:46:45.0327 1520 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:46:45.0329 1520 ohci1394 - ok
11:46:45.0387 1520 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:46:45.0391 1520 ose - ok
11:46:45.0469 1520 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:46:45.0476 1520 p2pimsvc - ok
11:46:45.0548 1520 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:46:45.0556 1520 p2psvc - ok
11:46:45.0598 1520 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:46:45.0600 1520 Parport - ok
11:46:45.0641 1520 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:46:45.0643 1520 partmgr - ok
11:46:45.0646 1520 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:46:45.0647 1520 Parvdm - ok
11:46:45.0661 1520 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:46:45.0666 1520 PcaSvc - ok
11:46:45.0728 1520 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:46:45.0732 1520 pci - ok
11:46:45.0757 1520 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:46:45.0758 1520 pciide - ok
11:46:45.0795 1520 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:45.0798 1520 pcmcia - ok
11:46:45.0872 1520 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:46:45.0874 1520 pcouffin - ok
11:46:45.0881 1520 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:46:45.0883 1520 pcw - ok
11:46:45.0951 1520 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:46:45.0960 1520 PEAUTH - ok
11:46:46.0073 1520 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:46:46.0090 1520 PeerDistSvc - ok
11:46:46.0294 1520 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:46:46.0319 1520 pla - ok
11:46:46.0767 1520 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:46:46.0774 1520 PlugPlay - ok
11:46:46.0829 1520 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:46:46.0831 1520 PNRPAutoReg - ok
11:46:46.0854 1520 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:46:46.0857 1520 PNRPsvc - ok
11:46:46.0926 1520 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:46:46.0933 1520 PolicyAgent - ok
11:46:46.0978 1520 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:46:46.0981 1520 Power - ok
11:46:47.0186 1520 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:47.0187 1520 PptpMiniport - ok
11:46:47.0202 1520 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:46:47.0204 1520 Processor - ok
11:46:47.0260 1520 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
11:46:47.0265 1520 ProfSvc - ok
11:46:47.0314 1520 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:46:47.0315 1520 ProtectedStorage - ok
11:46:47.0347 1520 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:46:47.0348 1520 Psched - ok
11:46:47.0441 1520 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:47.0463 1520 ql2300 - ok
11:46:48.0017 1520 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:48.0019 1520 ql40xx - ok
11:46:48.0297 1520 QPCapSvc (6803b69c14696cc4907c5f77fbb04a14) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
11:46:48.0306 1520 QPCapSvc - ok
11:46:48.0316 1520 QPSched (95a0b86b9f1d27b613830864341a8252) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
11:46:48.0319 1520 QPSched - ok
11:46:48.0383 1520 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:46:48.0389 1520 QWAVE - ok
11:46:48.0400 1520 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:46:48.0401 1520 QWAVEdrv - ok
11:46:48.0416 1520 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:48.0417 1520 RasAcd - ok
11:46:48.0458 1520 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:48.0460 1520 RasAgileVpn - ok
11:46:48.0476 1520 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:46:48.0480 1520 RasAuto - ok
11:46:48.0490 1520 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:48.0492 1520 Rasl2tp - ok
11:46:48.0555 1520 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:46:48.0562 1520 RasMan - ok
11:46:48.0572 1520 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:48.0574 1520 RasPppoe - ok
11:46:48.0587 1520 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:48.0589 1520 RasSstp - ok
11:46:48.0641 1520 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:48.0646 1520 rdbss - ok
11:46:48.0671 1520 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:48.0672 1520 rdpbus - ok
11:46:48.0717 1520 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:48.0718 1520 RDPCDD - ok
11:46:48.0766 1520 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:46:48.0769 1520 RDPDR - ok
11:46:48.0788 1520 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:46:48.0788 1520 RDPENCDD - ok
11:46:48.0795 1520 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:46:48.0796 1520 RDPREFMP - ok
11:46:48.0935 1520 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:46:48.0936 1520 RdpVideoMiniport - ok
11:46:49.0000 1520 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
11:46:49.0003 1520 RDPWD - ok
11:46:49.0085 1520 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:46:49.0089 1520 rdyboost - ok
11:46:49.0205 1520 Recovery Service for Windows (431723f23d0e065bef502389e8ffdc10) C:\Windows\SMINST\BLService.exe
11:46:49.0213 1520 Recovery Service for Windows - ok
11:46:49.0272 1520 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:46:49.0275 1520 RemoteAccess - ok
11:46:49.0321 1520 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:46:49.0325 1520 RemoteRegistry - ok
11:46:49.0527 1520 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
11:46:49.0533 1520 RichVideo - ok
11:46:49.0583 1520 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:46:49.0585 1520 RpcEptMapper - ok
11:46:49.0621 1520 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:46:49.0623 1520 RpcLocator - ok
11:46:49.0676 1520 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:46:49.0680 1520 RpcSs - ok
11:46:49.0879 1520 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:49.0880 1520 rspndr - ok
11:46:49.0953 1520 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
11:46:49.0956 1520 RTL8167 - ok
11:46:50.0022 1520 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:46:50.0024 1520 RTL8169 - ok
11:46:50.0055 1520 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:46:50.0056 1520 s3cap - ok
11:46:50.0094 1520 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:46:50.0096 1520 SamSs - ok
11:46:50.0128 1520 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:46:50.0130 1520 sbp2port - ok
11:46:50.0296 1520 scan (90e4994582ca688cd6f93af4e2870188) C:\Program Files\Immunet Protect\tetra\scan.dll
11:46:50.0303 1520 scan - ok
11:46:50.0348 1520 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:46:50.0352 1520 SCardSvr - ok
11:46:50.0396 1520 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:50.0398 1520 scfilter - ok
11:46:50.0475 1520 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:46:50.0489 1520 Schedule - ok
11:46:50.0552 1520 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
11:46:50.0553 1520 SCMNdisP - ok
11:46:50.0595 1520 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:46:50.0596 1520 SCPolicySvc - ok
11:46:50.0627 1520 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:46:50.0631 1520 SDRSVC - ok
11:46:50.0680 1520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:46:50.0681 1520 secdrv - ok
11:46:50.0725 1520 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:46:50.0728 1520 seclogon - ok
11:46:50.0769 1520 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
11:46:50.0773 1520 SENS - ok
11:46:50.0806 1520 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:46:50.0809 1520 SensrSvc - ok
11:46:50.0813 1520 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:46:50.0815 1520 Serenum - ok
11:46:50.0823 1520 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:46:50.0825 1520 Serial - ok
11:46:50.0850 1520 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:50.0851 1520 sermouse - ok
11:46:50.0895 1520 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:46:50.0899 1520 SessionEnv - ok
11:46:50.0932 1520 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:46:50.0933 1520 sffdisk - ok
11:46:50.0976 1520 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:46:50.0978 1520 sffp_mmc - ok
11:46:50.0998 1520 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:46:50.0999 1520 sffp_sd - ok
11:46:51.0022 1520 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:51.0023 1520 sfloppy - ok
11:46:51.0095 1520 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:46:51.0101 1520 SharedAccess - ok
11:46:51.0157 1520 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:46:51.0164 1520 ShellHWDetection - ok
11:46:51.0182 1520 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:46:51.0184 1520 sisagp - ok
11:46:51.0230 1520 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:51.0231 1520 SiSRaid2 - ok
11:46:51.0240 1520 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:51.0242 1520 SiSRaid4 - ok
11:46:51.0267 1520 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:46:51.0268 1520 Smb - ok
11:46:51.0311 1520 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:46:51.0314 1520 SNMPTRAP - ok
11:46:51.0318 1520 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:46:51.0319 1520 spldr - ok
11:46:51.0387 1520 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:46:51.0394 1520 Spooler - ok
11:46:51.0643 1520 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:46:51.0693 1520 sppsvc - ok
11:46:52.0119 1520 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:46:52.0123 1520 sppuinotify - ok
11:46:52.0326 1520 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:46:52.0332 1520 srv - ok
11:46:52.0364 1520 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:46:52.0370 1520 srv2 - ok
11:46:52.0393 1520 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:52.0395 1520 srvnet - ok
11:46:52.0441 1520 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:46:52.0446 1520 SSDPSRV - ok
11:46:52.0457 1520 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:46:52.0461 1520 SstpSvc - ok
11:46:52.0737 1520 STacSV (fe7f776f2590c8331123bda3a3a21de6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
11:46:52.0743 1520 STacSV - ok
11:46:52.0785 1520 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:52.0786 1520 stexstor - ok
11:46:52.0855 1520 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
11:46:52.0862 1520 STHDA - ok
11:46:52.0927 1520 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:46:52.0928 1520 StillCam - ok
11:46:53.0013 1520 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:46:53.0023 1520 StiSvc - ok
11:46:53.0060 1520 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:46:53.0062 1520 storflt - ok
11:46:53.0103 1520 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:46:53.0105 1520 storvsc - ok
11:46:53.0288 1520 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
11:46:53.0294 1520 SupportSoft RemoteAssist - ok
11:46:53.0312 1520 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:46:53.0313 1520 swenum - ok
11:46:53.0380 1520 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:46:53.0387 1520 swprv - ok
11:46:53.0404 1520 Synth3dVsc - ok
11:46:53.0521 1520 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:46:53.0540 1520 SysMain - ok
11:46:53.0573 1520 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:46:53.0576 1520 TabletInputService - ok
11:46:53.0634 1520 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:46:53.0641 1520 TapiSrv - ok
11:46:53.0685 1520 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:46:53.0689 1520 TBS - ok
11:46:53.0946 1520 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:46:53.0966 1520 Tcpip - ok
11:46:54.0003 1520 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:46:54.0011 1520 TCPIP6 - ok
11:46:54.0059 1520 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:46:54.0060 1520 tcpipreg - ok
11:46:54.0097 1520 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:46:54.0098 1520 TDPIPE - ok
11:46:54.0143 1520 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:46:54.0144 1520 TDTCP - ok
11:46:54.0182 1520 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:46:54.0184 1520 tdx - ok
11:46:54.0209 1520 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:46:54.0210 1520 TermDD - ok
11:46:54.0283 1520 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:46:54.0292 1520 TermService - ok
11:46:54.0330 1520 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:46:54.0333 1520 Themes - ok
11:46:54.0386 1520 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:46:54.0387 1520 THREADORDER - ok
11:46:54.0427 1520 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:46:54.0430 1520 TrkWks - ok
11:46:54.0508 1520 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:46:54.0512 1520 TrustedInstaller - ok
11:46:54.0555 1520 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:54.0557 1520 tssecsrv - ok
11:46:54.0627 1520 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:46:54.0629 1520 TsUsbFlt - ok
11:46:54.0632 1520 tsusbhub - ok
11:46:54.0697 1520 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:46:54.0699 1520 tunnel - ok
11:46:54.0745 1520 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:46:54.0747 1520 uagp35 - ok
11:46:54.0797 1520 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:46:54.0802 1520 udfs - ok
11:46:54.0848 1520 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:46:54.0851 1520 UI0Detect - ok
11:46:54.0894 1520 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:46:54.0896 1520 uliagpkx - ok
11:46:54.0945 1520 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:46:54.0947 1520 umbus - ok
11:46:54.0986 1520 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:46:54.0987 1520 UmPass - ok
11:46:55.0070 1520 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:46:55.0075 1520 UmRdpService - ok
11:46:55.0117 1520 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:46:55.0125 1520 upnphost - ok
11:46:55.0180 1520 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:46:55.0181 1520 USBAAPL - ok
11:46:55.0268 1520 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
11:46:55.0270 1520 usbaudio - ok
11:46:55.0304 1520 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:55.0306 1520 usbccgp - ok
11:46:55.0368 1520 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:46:55.0370 1520 usbcir - ok
11:46:55.0401 1520 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:46:55.0403 1520 usbehci - ok
11:46:55.0459 1520 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:46:55.0463 1520 usbhub - ok
11:46:55.0513 1520 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
11:46:55.0514 1520 usbohci - ok
11:46:55.0556 1520 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:46:55.0557 1520 usbprint - ok
11:46:55.0600 1520 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:46:55.0601 1520 usbscan - ok
11:46:55.0634 1520 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:55.0636 1520 USBSTOR - ok
11:46:55.0678 1520 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:46:55.0679 1520 usbuhci - ok
11:46:55.0745 1520 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
11:46:55.0748 1520 usbvideo - ok
11:46:55.0794 1520 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:46:55.0797 1520 UxSms - ok
11:46:55.0850 1520 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:46:55.0852 1520 VaultSvc - ok
11:46:55.0901 1520 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:46:55.0902 1520 vdrvroot - ok
11:46:55.0973 1520 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:46:55.0982 1520 vds - ok
11:46:56.0038 1520 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:56.0039 1520 vga - ok
11:46:56.0061 1520 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:46:56.0062 1520 VgaSave - ok
11:46:56.0095 1520 VGPU - ok
11:46:56.0168 1520 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:46:56.0174 1520 vhdmp - ok
11:46:56.0246 1520 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:46:56.0247 1520 viaagp - ok
11:46:56.0270 1520 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:46:56.0272 1520 ViaC7 - ok
11:46:56.0297 1520 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:46:56.0298 1520 viaide - ok
11:46:56.0484 1520 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
11:46:56.0485 1520 Viewpoint Manager Service - ok
11:46:56.0517 1520 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:46:56.0525 1520 vmbus - ok
11:46:56.0547 1520 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:46:56.0549 1520 VMBusHID - ok
11:46:56.0578 1520 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:46:56.0579 1520 volmgr - ok
11:46:56.0634 1520 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:46:56.0639 1520 volmgrx - ok
11:46:56.0673 1520 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:46:56.0678 1520 volsnap - ok
11:46:56.0708 1520 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:46:56.0711 1520 vsmraid - ok
11:46:56.0809 1520 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:46:56.0827 1520 VSS - ok
11:46:56.0851 1520 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:46:56.0853 1520 vwifibus - ok
11:46:56.0865 1520 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:46:56.0867 1520 vwififlt - ok
11:46:56.0897 1520 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:46:56.0898 1520 vwifimp - ok
11:46:56.0971 1520 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:46:56.0979 1520 W32Time - ok
11:46:56.0992 1520 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:46:56.0993 1520 WacomPen - ok
11:46:57.0056 1520 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:57.0058 1520 WANARP - ok
11:46:57.0064 1520 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:57.0065 1520 Wanarpv6 - ok
11:46:57.0174 1520 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:46:57.0196 1520 wbengine - ok
11:46:57.0244 1520 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:46:57.0251 1520 WbioSrvc - ok
11:46:57.0313 1520 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:46:57.0319 1520 wcncsvc - ok
11:46:57.0355 1520 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:46:57.0358 1520 WcsPlugInService - ok
11:46:57.0529 1520 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:46:57.0530 1520 Wd - ok
11:46:57.0563 1520 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:46:57.0571 1520 Wdf01000 - ok
11:46:57.0588 1520 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:46:57.0592 1520 WdiServiceHost - ok
11:46:57.0595 1520 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:46:57.0598 1520 WdiSystemHost - ok
11:46:57.0650 1520 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:46:57.0656 1520 WebClient - ok
11:46:57.0693 1520 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:46:57.0698 1520 Wecsvc - ok
11:46:57.0721 1520 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:46:57.0725 1520 wercplsupport - ok
11:46:57.0763 1520 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:46:57.0767 1520 WerSvc - ok
11:46:57.0822 1520 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:57.0823 1520 WfpLwf - ok
11:46:57.0850 1520 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:46:57.0852 1520 WIMMount - ok
11:46:58.0109 1520 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:46:58.0120 1520 WinDefend - ok
11:46:58.0127 1520 WinHttpAutoProxySvc - ok
11:46:58.0320 1520 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:46:58.0324 1520 Winmgmt - ok
11:46:58.0441 1520 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:46:58.0463 1520 WinRM - ok
11:46:58.0684 1520 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:46:58.0685 1520 WinUsb - ok
11:46:58.0782 1520 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:46:58.0797 1520 Wlansvc - ok
11:46:59.0114 1520 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:46:59.0139 1520 wlidsvc - ok
11:46:59.0678 1520 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:46:59.0679 1520 WmiAcpi - ok
11:46:59.0836 1520 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:46:59.0840 1520 wmiApSrv - ok
11:47:00.0071 1520 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:47:00.0089 1520 WMPNetworkSvc - ok
11:47:00.0143 1520 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:47:00.0146 1520 WPCSvc - ok
11:47:00.0189 1520 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:47:00.0193 1520 WPDBusEnum - ok
11:47:00.0377 1520 WPFFontCache_v0400 - ok
11:47:00.0603 1520 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:47:00.0604 1520 ws2ifsl - ok
11:47:00.0635 1520 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
11:47:00.0639 1520 wscsvc - ok
11:47:00.0642 1520 WSearch - ok
11:47:00.0834 1520 WSWNA1100 (3e366f57cbb540c965bab1f2be6d7998) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
11:47:00.0839 1520 WSWNA1100 - ok
11:47:00.0989 1520 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:47:01.0020 1520 wuauserv - ok
11:47:01.0594 1520 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:47:01.0596 1520 WudfPf - ok
11:47:01.0661 1520 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:01.0664 1520 WUDFRd - ok
11:47:01.0704 1520 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:47:01.0707 1520 wudfsvc - ok
11:47:01.0746 1520 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:47:01.0752 1520 WwanSvc - ok
11:47:01.0815 1520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:47:01.0847 1520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:47:01.0847 1520 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:47:01.0850 1520 Boot (0x1200) (39aded3e78e6cb9f3fdb55ef046f43b3) \Device\Harddisk0\DR0\Partition0
11:47:01.0852 1520 \Device\Harddisk0\DR0\Partition0 - ok
11:47:01.0902 1520 Boot (0x1200) (ac9af14f19dd108b244ba74e7a63f756) \Device\Harddisk0\DR0\Partition1
11:47:01.0904 1520 \Device\Harddisk0\DR0\Partition1 - ok
11:47:01.0904 1520 ============================================================
11:47:01.0904 1520 Scan finished
11:47:01.0904 1520 ============================================================
11:47:01.0915 1344 Detected object count: 1
11:47:01.0915 1344 Actual detected object count: 1
11:50:34.0009 1344 \Device\Harddisk0\DR0\# - copied to quarantine
11:50:34.0010 1344 \Device\Harddisk0\DR0 - copied to quarantine
11:50:34.0054 1344 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:50:34.0088 1344 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:50:34.0091 1344 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:50:34.0096 1344 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:50:34.0101 1344 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:50:34.0113 1344 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:50:34.0124 1344 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:50:34.0125 1344 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:50:34.0127 1344 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:50:34.0130 1344 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:50:34.0133 1344 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:50:34.0135 1344 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:50:34.0159 1344 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:50:34.0161 1344 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:50:34.0167 1344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:50:34.0169 1344 \Device\Harddisk0\DR0 - ok
11:50:34.0507 1344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:47:07.0063 0708 Deinitialize success

#6 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 August 2012 - 12:36 PM

DDS log: .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by b at 13:33:58 on 2012-08-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3035.1638 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\b\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\b\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{738C3D53-8CE9-4ABD-AB9C-91406690FF9D} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2131603 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2534356 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2634656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\8797A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FB1B0C6B-49AF-4750-897B-F593FA233E0B} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\pebbyxtb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\b\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\b\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-8-4 21728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-8-4 20384]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_229f3aff50320689\AEstSrv.exe [2011-2-21 73728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-31 652872]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2011-8-4 278528]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-25 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-14 116648]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-8-4 1484800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-14 116648]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2011-8-4 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-27 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-27 52224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 AMPingService;AMPingService;c:\users\b\appdata\local\temp\amping.exe --> c:\users\b\appdata\local\temp\AMPing.exe [?]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-28 227896]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2011-2-21 24652]
.
=============== Created Last 30 ================
.
2012-08-10 11:41:10 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ae603427-4d00-4c15-998a-330647589118}\mpengine.dll
2012-08-01 21:09:26 -------- d-----w- c:\users\b\appdata\roaming\Auslogics
2012-08-01 21:09:22 -------- d-----w- c:\program files\Auslogics
2012-08-01 19:16:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-01 19:16:18 -------- d-----w- c:\users\b\appdata\local\temp
2012-08-01 15:50:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 15:48:32 -------- d-----w- c:\program files\ESET
2012-08-01 14:31:08 98816 ----a-w- c:\windows\sed.exe
2012-08-01 14:31:08 518144 ----a-w- c:\windows\SWREG.exe
2012-08-01 14:31:08 256000 ----a-w- c:\windows\PEV.exe
2012-08-01 14:31:08 208896 ----a-w- c:\windows\MBR.exe
2012-08-01 12:50:04 -------- d-----w- c:\program files\CCleaner
2012-07-31 03:02:51 -------- d-----w- c:\users\b\appdata\roaming\PC Cleaners
2012-07-31 03:01:58 4142392 ----a-w- c:\windows\uninst.exe
2012-07-31 03:01:58 -------- d-----w- c:\users\b\appdata\roaming\PCPro
2012-07-31 03:01:57 -------- d-----w- c:\programdata\PC1Data
2012-07-31 01:13:55 -------- d-----w- c:\program files\NirSoft
2012-07-31 00:55:41 -------- d-----w- c:\programdata\Bomgar-SCC-50172D0D
2012-07-28 01:39:55 -------- d-----w- c:\programdata\Tarma Installer
2012-07-28 01:27:49 -------- d-----w- c:\program files\Noguska
2012-07-12 07:03:16 2345984 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:35:19.32 ===============

#7 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 August 2012 - 12:37 PM

Attach text log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2011 9:02:04 PM
System Uptime: 8/8/2012 5:32:32 PM (44 hours ago)
.
Motherboard: Compal | | 30F7
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 73.945 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.721 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP291: 8/2/2012 3:00:17 AM - Windows Update
RP292: 8/3/2012 3:00:10 AM - Windows Update
RP293: 8/4/2012 3:00:14 AM - Windows Update
RP294: 8/5/2012 3:00:14 AM - Windows Update
RP295: 8/6/2012 3:00:14 AM - Windows Update
RP296: 8/7/2012 3:00:10 AM - Windows Update
RP297: 8/8/2012 3:00:17 AM - Windows Update
RP298: 8/9/2012 3:00:14 AM - Windows Update
RP299: 8/10/2012 3:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player
Agere Systems HDA Modem
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
ATI Catalyst Install Manager
Auslogics Disk Defrag
Bing Rewards Client Installer
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Cards_Calendar_OrderGift_DoMorePlugout
CDBurnerXP
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite
CyberLink YouCam
Download Updater (AOL LLC)
ESET Online Scanner v3
ESU for Microsoft Vista
Facebook Video Calling 1.2.0.159
Google Chrome
Google Earth Plug-in
Google Update Helper
Google Updater
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0101
HP Wireless Assistant
HPDiagnosticAlert
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
I.R.I.S. OCR
IDT Audio
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 29
Java™ 6 Update 5
Java™ 7 Update 4
JavaFX 2.1.0
JMicron JMB38X Flash Media Controller
LabelPrint
LightScribe System Software 1.12.33.2
magicJack
Malwarebytes Anti-Malware version 1.60.0.1800
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
NETGEAR WNA1100 wireless USB 2.0 adapter
NirSoft BlueScreenView
Norton Security Scan
PhotoFiltre
Picasa 3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PSSWCORE
QLBCASL
QuickPlay SlingPlayer 0.4.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
RealUpgrade 1.1
runtime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
Slingbox Flash Tour
SlingPlayer
Spybot - Search & Destroy
System Requirements Lab for Intel
Touch Pad Driver
TWC Customer Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VideoToolkit01
Viewpoint Media Player
VLC media player 2.0.1
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 7 (32-bit)
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 1:43:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x854ff7c0, 0x00030030, 0x854ff7c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080712-31106-01.
8/10/2012 3:01:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
.
==== End Of File ===========================

#8 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 August 2012 - 04:19 PM

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-10 17:09:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-12
Running: 9d725rij.exe; Driver: C:\Users\b\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4C3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E85D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE peauth.sys 9C567B9B 72 Bytes JMP 99ADAC7B
? C:\Users\b\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4504] USER32.dll!RegisterMessagePumpHook + 2F1 75D08B9E 7 Bytes JMP 6122C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4504] USER32.dll!IsDialogMessageW + 340 75D14444 7 Bytes JMP 6122C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4504] USER32.dll!GetWindowInfo 75D14B5E 5 Bytes JMP 60FEBACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4504] USER32.dll!ToUnicodeEx + 71 75D22223 7 Bytes JMP 60FEC0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[4844] kernel32.dll!SetUnhandledExceptionFilter 775DF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5580] ntdll.dll!LdrGetProcedureAddress + 26 776D2239 7 Bytes JMP 60E6B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5580] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 775D93D6 7 Bytes JMP 6111B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5580] kernel32.dll!QueryPerformanceCounter + 13 775DC435 7 Bytes JMP 6111B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5580] GDI32.dll!GetViewportOrgEx + 26C 76E8884B 7 Bytes JMP 6111B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E6B47C90-917D-4FE4-A166-5333FF59C8DD}\Connection@Name isatap.{CB9A08EB-E228-410E-9218-DDAB59B271C5}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{C6751139-63A3-462B-B1DB-C4D215D2B772}?\Device\{E6B47C90-917D-4FE4-A166-5333FF59C8DD}?\Device\{8D152AA8-8CA5-4225-98FD-B730EA920C36}?\Device\{1D5B5560-CFD8-444C-A34C-7402C1D6A065}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{C6751139-63A3-462B-B1DB-C4D215D2B772}"?"{E6B47C90-917D-4FE4-A166-5333FF59C8DD}"?"{8D152AA8-8CA5-4225-98FD-B730EA920C36}"?"{1D5B5560-CFD8-444C-A34C-7402C1D6A065}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{C6751139-63A3-462B-B1DB-C4D215D2B772}?\Device\TCPIP6TUNNEL_{E6B47C90-917D-4FE4-A166-5333FF59C8DD}?\Device\TCPIP6TUNNEL_{8D152AA8-8CA5-4225-98FD-B730EA920C36}?\Device\TCPIP6TUNNEL_{1D5B5560-CFD8-444C-A34C-7402C1D6A065}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E6B47C90-917D-4FE4-A166-5333FF59C8DD}@InterfaceName isatap.{CB9A08EB-E228-410E-9218-DDAB59B271C5}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E6B47C90-917D-4FE4-A166-5333FF59C8DD}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:29 AM

Posted 10 August 2012 - 06:11 PM

Greetings dshah,

Thank you for the information. There is a little bit I would like you to do in this first post and several things I would like you to consider.

Please review and then perform the following.


===================================================


BACKDOOR WARNING!

You log shows that TDSSKiller removed Rootkit.Boot.Pihar.c which is a backdoor trojan as described below.

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Posting Previous ComboFix Log

--------------------

It appears that Combofix was run sometime prior to my request and I would like to evaluate that information. Please copy and paste the listed file in your reply.

  • c:\qoobox\combofix2.txt

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • BSOD.txt
  • Combofix2.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 10 August 2012 - 07:22 PM

I do not want to reinstall my operating system. I would like to clean up my system.

log of blue screen view death:

==================================================
Dump File : 080712-31106-01.dmp
Crash Time : 8/7/2012 1:43:38 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000003
Parameter 2 : 0x854ff7c0
Parameter 3 : 0x00030030
Parameter 4 : 0x854ff7c0
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+1fe7e
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+12068c
Stack Address 1 : fltmgr.sys+1fe7e
Stack Address 2 : fltmgr.sys+20df4
Stack Address 3 : fltmgr.sys+21505
Computer Name :
Full Path : C:\Windows\Minidump\080712-31106-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 080112-28220-01.dmp
Crash Time : 8/1/2012 11:30:23 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8359a487
Parameter 3 : 0xb41abf7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\080112-28220-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 080112-30732-01.dmp
Crash Time : 8/1/2012 9:01:54 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000076
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ed58cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080112-30732-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,800
==================================================

==================================================
Dump File : 080112-44491-01.dmp
Crash Time : 8/1/2012 8:52:57 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x824670a8
Parameter 3 : 0x8b81f864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\080112-44491-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 139,216
==================================================

==================================================
Dump File : 073112-34663-01.dmp
Crash Time : 7/31/2012 11:49:50 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835cb487
Parameter 3 : 0xb74bef7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-34663-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-34117-01.dmp
Crash Time : 7/31/2012 6:04:58 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x008407b9
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e958cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34117-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-30903-01.dmp
Crash Time : 7/31/2012 5:13:31 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82eb7c50
Parameter 3 : 0xb96f4b4c
Parameter 4 : 0xb96f4730
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a1c50
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a1c50
Stack Address 1 : ntkrnlpa.exe+a89e7
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-30903-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-32073-01.dmp
Crash Time : 7/31/2012 5:08:32 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x04190077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ed18cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-32073-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-30451-01.dmp
Crash Time : 7/31/2012 5:04:26 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835c7487
Parameter 3 : 0xae3d6f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-30451-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-28407-01.dmp
Crash Time : 7/31/2012 3:20:55 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x824640a8
Parameter 3 : 0x8b82b864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\073112-28407-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 139,216
==================================================

==================================================
Dump File : 073112-31231-01.dmp
Crash Time : 7/31/2012 3:12:40 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x08180077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x822d98cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-31231-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 139,216
==================================================

==================================================
Dump File : 073112-34569-02.dmp
Crash Time : 7/31/2012 3:09:53 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x08210006
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82eb29fc
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+799fc
Stack Address 2 : ntkrnlpa.exe+77553
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34569-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-29952-01.dmp
Crash Time : 7/31/2012 6:05:36 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82ef3c50
Parameter 3 : 0x8d313b4c
Parameter 4 : 0x8d313730
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a1c50
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a1c50
Stack Address 1 : ntkrnlpa.exe+a89e7
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-29952-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-36753-01.dmp
Crash Time : 7/31/2012 6:00:37 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x0000327d
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e8f8cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-36753-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-33119-01.dmp
Crash Time : 7/31/2012 5:54:30 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x830300a8
Parameter 3 : 0xb2e44864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\073112-33119-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,800
==================================================

==================================================
Dump File : 073112-35037-01.dmp
Crash Time : 7/31/2012 5:43:25 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000074
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e958cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-35037-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-34881-01.dmp
Crash Time : 7/31/2012 5:37:31 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e908cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34881-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-33930-01.dmp
Crash Time : 7/31/2012 5:31:18 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x830730a8
Parameter 3 : 0xb25dc864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\073112-33930-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,800
==================================================

==================================================
Dump File : 073112-34632-01.dmp
Crash Time : 7/31/2012 5:20:18 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x008407b9
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ebf8cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34632-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-34133-01.dmp
Crash Time : 7/31/2012 5:14:06 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x0000007b
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ec68cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34133-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-34523-01.dmp
Crash Time : 7/31/2012 5:07:54 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x04090077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ed68cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34523-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-36083-01.dmp
Crash Time : 7/31/2012 5:01:46 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x0012020a
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ea28cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-36083-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-38547-01.dmp
Crash Time : 7/31/2012 4:55:19 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00101699
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e868cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-38547-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-32900-01.dmp
Crash Time : 7/31/2012 4:48:50 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x83598487
Parameter 3 : 0xb36d6f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-32900-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-37299-01.dmp
Crash Time : 7/31/2012 4:40:40 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835cb487
Parameter 3 : 0xaf13af7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-37299-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-33602-01.dmp
Crash Time : 7/31/2012 4:32:31 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x830740a8
Parameter 3 : 0x8d44a864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\073112-33602-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,800
==================================================

==================================================
Dump File : 073112-34538-01.dmp
Crash Time : 7/31/2012 4:21:45 AM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x00000004
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82f634c1
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+1204c1
Stack Address 2 : ntkrnlpa.exe+85fd5
Stack Address 3 : ntkrnlpa.exe+94482
Computer Name :
Full Path : C:\Windows\Minidump\073112-34538-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-43695-01.dmp
Crash Time : 7/31/2012 4:15:46 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8359a487
Parameter 3 : 0xb1e12f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-43695-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-33774-01.dmp
Crash Time : 7/31/2012 4:06:34 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835c3487
Parameter 3 : 0xbb6eaf7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-33774-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-35084-01.dmp
Crash Time : 7/31/2012 3:58:42 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8303f0a8
Parameter 3 : 0x978df864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+22d0a8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+22d0a8
Stack Address 1 : ntkrnlpa.exe+240f5d
Stack Address 2 : ntkrnlpa.exe+223d4a
Stack Address 3 : ntkrnlpa.exe+224360
Computer Name :
Full Path : C:\Windows\Minidump\073112-35084-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-36348-01.dmp
Crash Time : 7/31/2012 3:52:50 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835c3487
Parameter 3 : 0xb2ec6f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-36348-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-34741-01.dmp
Crash Time : 7/31/2012 3:44:40 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x04190077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ece8cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-34741-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-40544-01.dmp
Crash Time : 7/31/2012 3:38:47 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8377e487
Parameter 3 : 0xbf1c0f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-40544-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-36925-01.dmp
Crash Time : 7/31/2012 3:29:29 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000074
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ebd8cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-36925-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-38048-01.dmp
Crash Time : 7/31/2012 3:23:04 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82eb79fc
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+799fc
Stack Address 2 : ntkrnlpa.exe+77553
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-38048-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-35521-01.dmp
Crash Time : 7/31/2012 3:16:53 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000074
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ec18cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-35521-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-33540-01.dmp
Crash Time : 7/31/2012 3:10:57 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82eb4c50
Parameter 3 : 0xaea45b4c
Parameter 4 : 0xaea45730
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a1c50
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a1c50
Stack Address 1 : ntkrnlpa.exe+a89e7
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073112-33540-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,800
==================================================

==================================================
Dump File : 073112-37658-01.dmp
Crash Time : 7/31/2012 3:00:14 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x837b9487
Parameter 3 : 0xb65d2f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-37658-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,864
==================================================

==================================================
Dump File : 073112-30030-01.dmp
Crash Time : 7/31/2012 2:01:00 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835a4487
Parameter 3 : 0xaeb4ef7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-30030-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 073112-27534-01.dmp
Crash Time : 7/31/2012 1:15:12 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x835bc487
Parameter 3 : 0xb55c2f7c
Parameter 4 : 0x00000000
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+6487
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ataport.SYS+6487
Stack Address 1 : ntkrnlpa.exe+375be
Stack Address 2 : ntkrnlpa.exe+1f6a34
Stack Address 3 : mbam.sys+b4a
Computer Name :
Full Path : C:\Windows\Minidump\073112-27534-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,864
==================================================

==================================================
Dump File : 073012-39047-01.dmp
Crash Time : 7/30/2012 10:44:06 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x08870077
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82ea18cb
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4165b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17803 (win7sp1_gdr.120330-1504)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4165b
Stack Address 1 : ntkrnlpa.exe+838cb
Stack Address 2 : ntkrnlpa.exe+9be09
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\073012-39047-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,848
==================================================

==================================================
Dump File : 072311-50466-01.dmp
Crash Time : 7/23/2011 2:58:23 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x0000007f
Parameter 1 : 0x00000000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : igdkmd32.sys
Caused By Address : igdkmd32.sys+12e489
File Description : Intel Graphics Kernel Mode Driver
Product Name : Intel Graphics Accelerator Drivers for Windows XP®
Company : Intel Corporation
File Version : 8.15.10.2413
Processor : 32-bit
Crash Address : ntkrnlpa.exe+3f04b
Stack Address 1 : igdkmd32.sys+12e489
Stack Address 2 : igdkmd32.sys+1435c7
Stack Address 3 : igdkmd32.sys+14348e
Computer Name :
Full Path : C:\Windows\Minidump\072311-50466-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 145,272
==================================================

combofix log:

ComboFix 12-07-31.03 - b 08/01/2012 14:59:59.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3035.1722 [GMT -4:00]
Running from: c:\users\b\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\b\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\users\b\AppData\Local\temp
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-01 19:13 . 2012-08-01 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 18:58 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04E4FCA8-90FC-4199-A378-6A59D2F23A9E}\mpengine.dll
2012-08-01 15:50 . 2012-08-01 15:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 15:48 . 2012-08-01 15:48 -------- d-----w- c:\program files\ESET
2012-08-01 13:55 . 2012-08-01 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-08-01 12:50 . 2012-08-01 12:50 -------- d-----w- c:\program files\CCleaner
2012-07-31 03:02 . 2012-07-31 03:02 -------- d-----w- c:\users\b\AppData\Roaming\PC Cleaners
2012-07-31 03:01 . 2012-07-31 03:02 -------- d-----w- c:\users\b\AppData\Roaming\PCPro
2012-07-31 03:01 . 2012-07-31 03:01 4142392 ----a-w- c:\windows\uninst.exe
2012-07-31 03:01 . 2012-07-31 03:01 -------- d-----w- c:\program files\PC Cleaners
2012-07-31 03:01 . 2012-07-31 03:01 -------- d-----w- c:\programdata\PC1Data
2012-07-31 02:55 . 2012-07-31 02:55 -------- d-----w- c:\users\b\AppData\Roaming\Uniblue
2012-07-31 02:55 . 2012-07-31 02:55 -------- d-----w- c:\program files\Uniblue
2012-07-31 01:13 . 2012-07-31 01:13 -------- d-----w- c:\program files\NirSoft
2012-07-31 00:55 . 2012-07-31 02:38 -------- d-----w- c:\programdata\Bomgar-SCC-50172D0D
2012-07-28 01:39 . 2012-07-28 01:39 -------- d-----w- c:\programdata\Tarma Installer
2012-07-28 01:27 . 2012-07-28 01:27 -------- d-----w- c:\program files\Noguska
2012-07-12 07:03 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:45 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:45 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:45 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:45 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:45 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:25 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:25 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 07:25 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:25 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:25 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 07:25 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 07:25 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 07:25 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-23 13:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 13:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 13:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 13:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 13:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 13:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 13:05 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 13:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-23 13:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2011-02-22 04:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-18 19:04 . 2012-01-18 22:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2010-11-20 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
.
c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\users\b\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2012-07-10 04:09 1250328 ----a-w- c:\users\b\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 01:38 138096 ----atw- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-22 01:59 136176 ----atw- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-09-23 22:42 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 22:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners]
2012-07-31 03:01 51979064 ----a-w- c:\program files\PC Cleaners\PCCleaners.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 20:19 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2012-07-08 18:39 68000 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-01 02:18 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMPingService;AMPingService;c:\users\b\AppData\Local\Temp\AMPing.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 01:38]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
- c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 01:38]
.
2012-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-25 22:42]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForb.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2012-07-22 c:\windows\Tasks\Norton Security Scan for b.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-03 07:42]
.
2012-07-31 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-31 18:39]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 15:16:17
ComboFix-quarantined-files.txt 2012-08-01 19:16
ComboFix2.txt 2012-08-01 14:54
.
Pre-Run: 75,355,377,664 bytes free
Post-Run: 75,602,325,504 bytes free
.
- - End Of File - - 24E9D5C8FA8544B623D9B29EFBDBDA16

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:29 AM

Posted 10 August 2012 - 07:56 PM

Greetings dshah,

Thank you for the information. We are going to follow up on some information contained in the BSOD report.

Please perform the following for me.


===================================================


Run sfc /scannow from Elevated Command

--------------------

  • Click Start and Type cmd
  • Right click on Posted Image and select Posted Image
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter

    sfc /scannow

  • Upon completion, if you are notified corrupted files were found and repaired please do the following
  • Copy and paste the following after the command prompt and press Enter

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your desktop
  • Copy and paste the contents of that file in your reply
  • If sfc /scannow detected corrupted files please reboot your computer to see if you notice any difference

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were any files repaired and if so I would like to see sfcdetails.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 11 August 2012 - 08:51 AM

Windows protection did not find any integrity violations.

my computer is running about the same. It runs slow, pop up comes up, slow to boot up and some of the programs take while to respond especially Adobe.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:29 AM

Posted 11 August 2012 - 01:46 PM

Greetings dshah,

Please perform the following for me.


===================================================


FixTDSS.exe

--------------------

  • Download FixTDSS.exe and save it to your desktop
  • Close all running programs
  • Double-click the FixTDSS.exe file to start the removal tool.
  • Click Start and allow process to complete
  • Restart the computer when prompted to do so
  • Upon restart you will be informed about the state of infection. Include that information in your reply

===================================================


Please re-run TDSSKiller


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Results from FixTDSS
  • TDSSKiller log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 12 August 2012 - 08:14 AM

FIX tdss said that backdoor trojan were not found in my computer.

my computer have been running kind of same. i dont think i have noticed any changes.


TDSSkiller log:

09:12:25.0892 3880 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:12:26.0166 3880 ============================================================
09:12:26.0166 3880 Current date / time: 2012/08/12 09:12:26.0166
09:12:26.0166 3880 SystemInfo:
09:12:26.0166 3880
09:12:26.0166 3880 OS Version: 6.1.7601 ServicePack: 1.0
09:12:26.0166 3880 Product type: Workstation
09:12:26.0166 3880 ComputerName: B-PC
09:12:26.0183 3880 UserName: b
09:12:26.0184 3880 Windows directory: C:\Windows
09:12:26.0184 3880 System windows directory: C:\Windows
09:12:26.0184 3880 Processor architecture: Intel x86
09:12:26.0184 3880 Number of processors: 2
09:12:26.0184 3880 Page size: 0x1000
09:12:26.0184 3880 Boot type: Normal boot
09:12:26.0184 3880 ============================================================
09:12:28.0062 3880 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:12:28.0066 3880 ============================================================
09:12:28.0066 3880 \Device\Harddisk0\DR0:
09:12:28.0066 3880 MBR partitions:
09:12:28.0066 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1156FFC1
09:12:28.0066 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11570000, BlocksNum 0x14A8000
09:12:28.0066 3880 ============================================================
09:12:28.0097 3880 C: <-> \Device\Harddisk0\DR0\Partition0
09:12:28.0141 3880 D: <-> \Device\Harddisk0\DR0\Partition1
09:12:28.0142 3880 ============================================================
09:12:28.0142 3880 Initialize success
09:12:28.0142 3880 ============================================================
09:12:29.0786 3376 ============================================================
09:12:29.0786 3376 Scan started
09:12:29.0786 3376 Mode: Manual;
09:12:29.0786 3376 ============================================================
09:12:31.0600 3376 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:12:31.0605 3376 1394ohci - ok
09:12:31.0678 3376 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:12:31.0679 3376 Accelerometer - ok
09:12:31.0750 3376 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:12:31.0756 3376 ACPI - ok
09:12:31.0829 3376 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:12:31.0831 3376 AcpiPmi - ok
09:12:32.0022 3376 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:12:32.0023 3376 AdobeARMservice - ok
09:12:32.0134 3376 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:12:32.0145 3376 adp94xx - ok
09:12:32.0194 3376 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:12:32.0202 3376 adpahci - ok
09:12:32.0259 3376 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:12:32.0264 3376 adpu320 - ok
09:12:32.0335 3376 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:12:32.0337 3376 AeLookupSvc - ok
09:12:32.0565 3376 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe
09:12:32.0566 3376 AESTFilters - ok
09:12:32.0671 3376 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:12:32.0677 3376 AFD - ok
09:12:32.0816 3376 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
09:12:32.0835 3376 AgereSoftModem - ok
09:12:32.0878 3376 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:12:32.0880 3376 agp440 - ok
09:12:32.0953 3376 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:12:32.0955 3376 aic78xx - ok
09:12:33.0015 3376 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:12:33.0019 3376 ALG - ok
09:12:33.0081 3376 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:12:33.0082 3376 aliide - ok
09:12:33.0122 3376 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:12:33.0124 3376 amdagp - ok
09:12:33.0142 3376 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:12:33.0143 3376 amdide - ok
09:12:33.0209 3376 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:12:33.0211 3376 AmdK8 - ok
09:12:33.0219 3376 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:12:33.0221 3376 AmdPPM - ok
09:12:33.0261 3376 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:12:33.0263 3376 amdsata - ok
09:12:33.0299 3376 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:12:33.0304 3376 amdsbs - ok
09:12:33.0327 3376 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:12:33.0328 3376 amdxata - ok
09:12:33.0552 3376 AMPingService - ok
09:12:33.0628 3376 ApfiltrService (b90e6ec1c41e3c6cc4f69baa9d74515c) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:12:33.0630 3376 ApfiltrService - ok
09:12:33.0693 3376 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:12:33.0695 3376 AppID - ok
09:12:33.0735 3376 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:12:33.0739 3376 AppIDSvc - ok
09:12:33.0834 3376 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:12:33.0836 3376 Appinfo - ok
09:12:33.0971 3376 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:12:33.0974 3376 Apple Mobile Device - ok
09:12:34.0036 3376 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:12:34.0041 3376 AppMgmt - ok
09:12:34.0117 3376 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:12:34.0119 3376 arc - ok
09:12:34.0135 3376 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:12:34.0138 3376 arcsas - ok
09:12:34.0162 3376 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:12:34.0164 3376 AsyncMac - ok
09:12:34.0206 3376 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:12:34.0207 3376 atapi - ok
09:12:34.0366 3376 athur (49df1c094c56688fd64c211f57c7a3ad) C:\Windows\system32\DRIVERS\athur.sys
09:12:34.0391 3376 athur - ok
09:12:34.0678 3376 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:12:34.0686 3376 AudioEndpointBuilder - ok
09:12:34.0695 3376 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:12:34.0699 3376 Audiosrv - ok
09:12:34.0759 3376 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:12:34.0762 3376 AxInstSV - ok
09:12:34.0899 3376 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:12:34.0911 3376 b06bdrv - ok
09:12:34.0977 3376 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:12:34.0986 3376 b57nd60x - ok
09:12:35.0370 3376 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:12:35.0415 3376 BCM43XX - ok
09:12:35.0779 3376 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:12:35.0783 3376 BDESVC - ok
09:12:35.0886 3376 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:12:35.0887 3376 Beep - ok
09:12:36.0004 3376 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:12:36.0017 3376 BFE - ok
09:12:36.0124 3376 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
09:12:36.0144 3376 BITS - ok
09:12:36.0156 3376 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:12:36.0159 3376 blbdrive - ok
09:12:36.0291 3376 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:12:36.0301 3376 Bonjour Service - ok
09:12:36.0358 3376 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:12:36.0361 3376 bowser - ok
09:12:36.0386 3376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:12:36.0389 3376 BrFiltLo - ok
09:12:36.0400 3376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:12:36.0406 3376 BrFiltUp - ok
09:12:36.0428 3376 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:12:36.0431 3376 BridgeMP - ok
09:12:36.0508 3376 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:12:36.0512 3376 Browser - ok
09:12:36.0576 3376 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:12:36.0583 3376 Brserid - ok
09:12:36.0597 3376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:12:36.0601 3376 BrSerWdm - ok
09:12:36.0613 3376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:12:36.0615 3376 BrUsbMdm - ok
09:12:36.0632 3376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:12:36.0634 3376 BrUsbSer - ok
09:12:36.0659 3376 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:12:36.0662 3376 BTHMODEM - ok
09:12:36.0768 3376 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:12:36.0772 3376 bthserv - ok
09:12:36.0979 3376 catchme - ok
09:12:37.0043 3376 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:12:37.0046 3376 cdfs - ok
09:12:37.0148 3376 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
09:12:37.0151 3376 cdrom - ok
09:12:37.0224 3376 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:12:37.0228 3376 CertPropSvc - ok
09:12:37.0272 3376 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:12:37.0274 3376 circlass - ok
09:12:37.0349 3376 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:12:37.0356 3376 CLFS - ok
09:12:37.0521 3376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:37.0525 3376 clr_optimization_v2.0.50727_32 - ok
09:12:37.0645 3376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:12:37.0687 3376 clr_optimization_v4.0.30319_32 - ok
09:12:37.0718 3376 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:12:37.0720 3376 CmBatt - ok
09:12:37.0758 3376 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:12:37.0760 3376 cmdide - ok
09:12:37.0829 3376 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
09:12:37.0838 3376 CNG - ok
09:12:38.0003 3376 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:12:38.0012 3376 Com4QLBEx - ok
09:12:38.0074 3376 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:12:38.0075 3376 Compbatt - ok
09:12:38.0134 3376 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:12:38.0136 3376 CompositeBus - ok
09:12:38.0166 3376 COMSysApp - ok
09:12:38.0184 3376 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:12:38.0186 3376 crcdisk - ok
09:12:38.0259 3376 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
09:12:38.0271 3376 CryptSvc - ok
09:12:38.0368 3376 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:12:38.0378 3376 CSC - ok
09:12:38.0462 3376 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:12:38.0476 3376 CscService - ok
09:12:38.0535 3376 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:12:38.0550 3376 DcomLaunch - ok
09:12:38.0631 3376 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:12:38.0639 3376 defragsvc - ok
09:12:38.0742 3376 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:12:38.0745 3376 DfsC - ok
09:12:38.0846 3376 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:12:38.0854 3376 Dhcp - ok
09:12:38.0909 3376 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:12:38.0911 3376 discache - ok
09:12:38.0957 3376 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:12:38.0959 3376 Disk - ok
09:12:39.0021 3376 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:12:39.0026 3376 Dnscache - ok
09:12:39.0106 3376 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:12:39.0114 3376 dot3svc - ok
09:12:39.0166 3376 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:12:39.0172 3376 DPS - ok
09:12:39.0240 3376 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:12:39.0242 3376 drmkaud - ok
09:12:39.0375 3376 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:12:39.0386 3376 DXGKrnl - ok
09:12:39.0454 3376 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:12:39.0459 3376 EapHost - ok
09:12:39.0846 3376 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:12:39.0920 3376 ebdrv - ok
09:12:40.0118 3376 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:12:40.0123 3376 EFS - ok
09:12:40.0255 3376 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:12:40.0269 3376 ehRecvr - ok
09:12:40.0311 3376 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:12:40.0315 3376 ehSched - ok
09:12:40.0467 3376 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:12:40.0479 3376 elxstor - ok
09:12:40.0548 3376 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
09:12:40.0550 3376 enecir - ok
09:12:40.0594 3376 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:12:40.0596 3376 ErrDev - ok
09:12:40.0691 3376 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:12:40.0700 3376 EventSystem - ok
09:12:40.0738 3376 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:12:40.0743 3376 exfat - ok
09:12:40.0769 3376 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:12:40.0774 3376 fastfat - ok
09:12:40.0902 3376 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:12:40.0917 3376 Fax - ok
09:12:40.0928 3376 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:12:40.0930 3376 fdc - ok
09:12:40.0958 3376 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:12:40.0966 3376 fdPHost - ok
09:12:40.0979 3376 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:12:40.0982 3376 FDResPub - ok
09:12:41.0004 3376 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:12:41.0006 3376 FileInfo - ok
09:12:41.0019 3376 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:12:41.0021 3376 Filetrace - ok
09:12:41.0035 3376 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:12:41.0037 3376 flpydisk - ok
09:12:41.0071 3376 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:12:41.0076 3376 FltMgr - ok
09:12:41.0224 3376 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:12:41.0245 3376 FontCache - ok
09:12:41.0434 3376 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:41.0437 3376 FontCache3.0.0.0 - ok
09:12:41.0476 3376 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:12:41.0479 3376 FsDepends - ok
09:12:41.0534 3376 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
09:12:41.0536 3376 Fs_Rec - ok
09:12:41.0620 3376 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:12:41.0625 3376 fvevol - ok
09:12:41.0687 3376 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:12:41.0690 3376 gagp30kx - ok
09:12:41.0756 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:12:41.0758 3376 GEARAspiWDM - ok
09:12:41.0881 3376 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:12:41.0897 3376 gpsvc - ok
09:12:42.0074 3376 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:42.0077 3376 gupdate - ok
09:12:42.0094 3376 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:12:42.0097 3376 gupdatem - ok
09:12:42.0165 3376 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:12:42.0171 3376 gusvc - ok
09:12:42.0239 3376 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:12:42.0241 3376 hcw85cir - ok
09:12:42.0315 3376 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:12:42.0318 3376 HDAudBus - ok
09:12:42.0333 3376 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:12:42.0335 3376 HidBatt - ok
09:12:42.0363 3376 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:12:42.0366 3376 HidBth - ok
09:12:42.0399 3376 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:12:42.0401 3376 HidIr - ok
09:12:42.0467 3376 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:12:42.0471 3376 hidserv - ok
09:12:42.0526 3376 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:12:42.0528 3376 HidUsb - ok
09:12:42.0580 3376 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:12:42.0586 3376 hkmsvc - ok
09:12:42.0645 3376 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:12:42.0654 3376 HomeGroupListener - ok
09:12:42.0715 3376 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:12:42.0726 3376 HomeGroupProvider - ok
09:12:42.0858 3376 HP Health Check Service (d13e6bfd7e9189d26a42e94cb2447044) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:12:42.0863 3376 HP Health Check Service - ok
09:12:42.0889 3376 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:12:42.0891 3376 hpdskflt - ok
09:12:42.0955 3376 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:12:42.0957 3376 HpqKbFiltr - ok
09:12:43.0045 3376 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:12:43.0053 3376 hpqwmiex - ok
09:12:43.0141 3376 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:12:43.0145 3376 HpSAMD - ok
09:12:43.0155 3376 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\Windows\system32\Hpservice.exe
09:12:43.0160 3376 hpsrv - ok
09:12:43.0254 3376 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:12:43.0268 3376 HTTP - ok
09:12:43.0298 3376 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:12:43.0300 3376 hwpolicy - ok
09:12:43.0357 3376 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:12:43.0365 3376 i8042prt - ok
09:12:43.0488 3376 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:12:43.0498 3376 iaStorV - ok
09:12:43.0640 3376 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:12:43.0650 3376 IDriverT - ok
09:12:43.0897 3376 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:12:43.0919 3376 idsvc - ok
09:12:45.0088 3376 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:12:45.0376 3376 igfx - ok
09:12:45.0622 3376 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:12:45.0625 3376 iirsp - ok
09:12:45.0737 3376 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:12:45.0756 3376 IKEEXT - ok
09:12:45.0839 3376 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
09:12:45.0848 3376 IntcHdmiAddService - ok
09:12:45.0910 3376 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:12:45.0913 3376 intelide - ok
09:12:45.0952 3376 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:12:45.0954 3376 intelppm - ok
09:12:46.0043 3376 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:12:46.0050 3376 IPBusEnum - ok
09:12:46.0069 3376 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:12:46.0072 3376 IpFilterDriver - ok
09:12:46.0194 3376 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:12:46.0209 3376 iphlpsvc - ok
09:12:46.0282 3376 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:12:46.0285 3376 IPMIDRV - ok
09:12:46.0308 3376 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:12:46.0316 3376 IPNAT - ok
09:12:46.0539 3376 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
09:12:46.0560 3376 iPod Service - ok
09:12:46.0601 3376 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:12:46.0603 3376 IRENUM - ok
09:12:46.0684 3376 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:12:46.0688 3376 isapnp - ok
09:12:46.0742 3376 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:12:46.0749 3376 iScsiPrt - ok
09:12:46.0936 3376 JMCR (858ce8ccd0fa4845aeb1a9c89ec3a0f2) C:\Windows\system32\DRIVERS\jmcr.sys
09:12:46.0939 3376 JMCR - ok
09:12:47.0159 3376 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
09:12:47.0188 3376 jswpsapi - ok
09:12:47.0273 3376 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
09:12:47.0275 3376 jswpslwf - ok
09:12:47.0347 3376 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:12:47.0348 3376 kbdclass - ok
09:12:47.0398 3376 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:12:47.0400 3376 kbdhid - ok
09:12:47.0451 3376 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:12:47.0456 3376 KeyIso - ok
09:12:47.0507 3376 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
09:12:47.0509 3376 KSecDD - ok
09:12:47.0544 3376 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
09:12:47.0548 3376 KSecPkg - ok
09:12:47.0672 3376 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:12:47.0694 3376 KtmRm - ok
09:12:47.0786 3376 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:12:47.0807 3376 LanmanServer - ok
09:12:47.0880 3376 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:12:47.0890 3376 LanmanWorkstation - ok
09:12:48.0069 3376 LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:12:48.0073 3376 LightScribeService - ok
09:12:48.0156 3376 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:12:48.0158 3376 lltdio - ok
09:12:48.0231 3376 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:12:48.0240 3376 lltdsvc - ok
09:12:48.0250 3376 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:12:48.0257 3376 lmhosts - ok
09:12:48.0315 3376 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:12:48.0320 3376 LSI_FC - ok
09:12:48.0353 3376 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:12:48.0357 3376 LSI_SAS - ok
09:12:48.0383 3376 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:12:48.0386 3376 LSI_SAS2 - ok
09:12:48.0411 3376 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:12:48.0414 3376 LSI_SCSI - ok
09:12:48.0437 3376 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:12:48.0440 3376 luafv - ok
09:12:48.0547 3376 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:12:48.0548 3376 MBAMProtector - ok
09:12:49.0027 3376 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:12:49.0043 3376 MBAMService - ok
09:12:49.0118 3376 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
09:12:49.0122 3376 mcdbus - ok
09:12:49.0162 3376 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:12:49.0169 3376 Mcx2Svc - ok
09:12:49.0227 3376 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:12:49.0230 3376 megasas - ok
09:12:49.0287 3376 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:12:49.0299 3376 MegaSR - ok
09:12:49.0424 3376 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:12:49.0439 3376 Microsoft Office Groove Audit Service - ok
09:12:49.0506 3376 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:12:49.0512 3376 MMCSS - ok
09:12:49.0535 3376 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:12:49.0538 3376 Modem - ok
09:12:49.0573 3376 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:12:49.0576 3376 monitor - ok
09:12:49.0650 3376 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:12:49.0652 3376 mouclass - ok
09:12:49.0689 3376 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:12:49.0692 3376 mouhid - ok
09:12:49.0745 3376 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:12:49.0748 3376 mountmgr - ok
09:12:49.0933 3376 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:12:49.0939 3376 MozillaMaintenance - ok
09:12:49.0998 3376 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:12:50.0008 3376 mpio - ok
09:12:50.0069 3376 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:12:50.0072 3376 mpsdrv - ok
09:12:50.0198 3376 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:12:50.0216 3376 MpsSvc - ok
09:12:50.0297 3376 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:12:50.0306 3376 MRxDAV - ok
09:12:50.0358 3376 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:12:50.0363 3376 mrxsmb - ok
09:12:50.0438 3376 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:12:50.0444 3376 mrxsmb10 - ok
09:12:50.0497 3376 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:12:50.0500 3376 mrxsmb20 - ok
09:12:50.0555 3376 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:12:50.0556 3376 msahci - ok
09:12:50.0600 3376 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:12:50.0604 3376 msdsm - ok
09:12:50.0667 3376 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:12:50.0676 3376 MSDTC - ok
09:12:50.0745 3376 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:12:50.0747 3376 Msfs - ok
09:12:50.0752 3376 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:12:50.0753 3376 mshidkmdf - ok
09:12:50.0792 3376 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:12:50.0793 3376 msisadrv - ok
09:12:50.0869 3376 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:12:50.0878 3376 MSiSCSI - ok
09:12:50.0904 3376 msiserver - ok
09:12:50.0937 3376 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:12:50.0939 3376 MSKSSRV - ok
09:12:50.0992 3376 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:12:50.0993 3376 MSPCLOCK - ok
09:12:51.0034 3376 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:12:51.0034 3376 MSPQM - ok
09:12:51.0123 3376 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:12:51.0126 3376 MsRPC - ok
09:12:51.0167 3376 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:12:51.0168 3376 mssmbios - ok
09:12:51.0186 3376 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:12:51.0188 3376 MSTEE - ok
09:12:51.0202 3376 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:12:51.0205 3376 MTConfig - ok
09:12:51.0218 3376 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:12:51.0219 3376 Mup - ok
09:12:51.0366 3376 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:12:51.0376 3376 napagent - ok
09:12:51.0442 3376 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:12:51.0448 3376 NativeWifiP - ok
09:12:51.0562 3376 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:12:51.0576 3376 NDIS - ok
09:12:51.0659 3376 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:12:51.0661 3376 NdisCap - ok
09:12:51.0668 3376 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:12:51.0671 3376 NdisTapi - ok
09:12:51.0708 3376 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:12:51.0710 3376 Ndisuio - ok
09:12:51.0757 3376 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:12:51.0760 3376 NdisWan - ok
09:12:51.0811 3376 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:12:51.0815 3376 NDProxy - ok
09:12:51.0829 3376 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:12:51.0832 3376 NetBIOS - ok
09:12:51.0895 3376 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:12:51.0901 3376 NetBT - ok
09:12:51.0985 3376 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:12:51.0990 3376 Netlogon - ok
09:12:52.0089 3376 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:12:52.0101 3376 Netman - ok
09:12:52.0169 3376 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:12:52.0204 3376 netprofm - ok
09:12:52.0382 3376 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:52.0387 3376 NetTcpPortSharing - ok
09:12:52.0446 3376 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:12:52.0449 3376 nfrd960 - ok
09:12:52.0515 3376 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:12:52.0526 3376 NlaSvc - ok
09:12:52.0591 3376 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:12:52.0594 3376 Npfs - ok
09:12:52.0665 3376 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:12:52.0670 3376 nsi - ok
09:12:52.0713 3376 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:12:52.0718 3376 nsiproxy - ok
09:12:52.0908 3376 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:12:52.0938 3376 Ntfs - ok
09:12:52.0994 3376 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:12:52.0996 3376 Null - ok
09:12:53.0062 3376 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:12:53.0067 3376 nvraid - ok
09:12:53.0102 3376 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:12:53.0108 3376 nvstor - ok
09:12:53.0161 3376 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:12:53.0166 3376 nv_agp - ok
09:12:53.0375 3376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:12:53.0387 3376 odserv - ok
09:12:53.0439 3376 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:12:53.0443 3376 ohci1394 - ok
09:12:53.0511 3376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:12:53.0517 3376 ose - ok
09:12:53.0630 3376 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:12:53.0642 3376 p2pimsvc - ok
09:12:53.0738 3376 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:12:53.0751 3376 p2psvc - ok
09:12:53.0813 3376 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:12:53.0816 3376 Parport - ok
09:12:53.0873 3376 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
09:12:53.0875 3376 partmgr - ok
09:12:53.0898 3376 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:12:53.0900 3376 Parvdm - ok
09:12:53.0928 3376 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:12:53.0937 3376 PcaSvc - ok
09:12:53.0994 3376 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:12:53.0998 3376 pci - ok
09:12:54.0021 3376 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:12:54.0028 3376 pciide - ok
09:12:54.0080 3376 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:12:54.0087 3376 pcmcia - ok
09:12:54.0149 3376 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
09:12:54.0151 3376 pcouffin - ok
09:12:54.0164 3376 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:12:54.0167 3376 pcw - ok
09:12:54.0255 3376 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:12:54.0270 3376 PEAUTH - ok
09:12:54.0438 3376 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:12:54.0469 3376 PeerDistSvc - ok
09:12:54.0781 3376 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:12:54.0823 3376 pla - ok
09:12:55.0064 3376 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:12:55.0077 3376 PlugPlay - ok
09:12:55.0138 3376 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:12:55.0145 3376 PNRPAutoReg - ok
09:12:55.0194 3376 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:12:55.0204 3376 PNRPsvc - ok
09:12:55.0305 3376 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:12:55.0317 3376 PolicyAgent - ok
09:12:55.0378 3376 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:12:55.0388 3376 Power - ok
09:12:55.0484 3376 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:12:55.0488 3376 PptpMiniport - ok
09:12:55.0513 3376 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:12:55.0516 3376 Processor - ok
09:12:55.0585 3376 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
09:12:55.0595 3376 ProfSvc - ok
09:12:55.0656 3376 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:12:55.0660 3376 ProtectedStorage - ok
09:12:55.0703 3376 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:12:55.0706 3376 Psched - ok
09:12:55.0874 3376 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:12:55.0909 3376 ql2300 - ok
09:12:56.0119 3376 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:12:56.0124 3376 ql40xx - ok
09:12:56.0386 3376 QPCapSvc (6803b69c14696cc4907c5f77fbb04a14) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
09:12:56.0393 3376 QPCapSvc - ok
09:12:56.0414 3376 QPSched (95a0b86b9f1d27b613830864341a8252) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
09:12:56.0417 3376 QPSched - ok
09:12:56.0504 3376 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:12:56.0515 3376 QWAVE - ok
09:12:56.0555 3376 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:12:56.0558 3376 QWAVEdrv - ok
09:12:56.0582 3376 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:12:56.0584 3376 RasAcd - ok
09:12:56.0636 3376 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:12:56.0639 3376 RasAgileVpn - ok
09:12:56.0669 3376 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:12:56.0678 3376 RasAuto - ok
09:12:56.0700 3376 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:12:56.0704 3376 Rasl2tp - ok
09:12:56.0807 3376 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:12:56.0820 3376 RasMan - ok
09:12:56.0867 3376 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:12:56.0871 3376 RasPppoe - ok
09:12:56.0911 3376 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:12:56.0914 3376 RasSstp - ok
09:12:56.0969 3376 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:12:56.0976 3376 rdbss - ok
09:12:56.0987 3376 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:12:56.0989 3376 rdpbus - ok
09:12:57.0026 3376 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:12:57.0028 3376 RDPCDD - ok
09:12:57.0089 3376 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:12:57.0094 3376 RDPDR - ok
09:12:57.0122 3376 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:12:57.0124 3376 RDPENCDD - ok
09:12:57.0169 3376 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:12:57.0171 3376 RDPREFMP - ok
09:12:57.0317 3376 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
09:12:57.0319 3376 RdpVideoMiniport - ok
09:12:57.0393 3376 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
09:12:57.0399 3376 RDPWD - ok
09:12:57.0517 3376 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:12:57.0522 3376 rdyboost - ok
09:12:57.0637 3376 Recovery Service for Windows (431723f23d0e065bef502389e8ffdc10) C:\Windows\SMINST\BLService.exe
09:12:57.0651 3376 Recovery Service for Windows - ok
09:12:57.0715 3376 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:12:57.0722 3376 RemoteAccess - ok
09:12:57.0777 3376 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:12:57.0787 3376 RemoteRegistry - ok
09:12:57.0956 3376 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:12:57.0961 3376 RichVideo - ok
09:12:57.0990 3376 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:12:57.0998 3376 RpcEptMapper - ok
09:12:58.0040 3376 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:12:58.0045 3376 RpcLocator - ok
09:12:58.0119 3376 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:12:58.0131 3376 RpcSs - ok
09:12:58.0277 3376 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:12:58.0280 3376 rspndr - ok
09:12:58.0361 3376 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:12:58.0367 3376 RTL8167 - ok
09:12:58.0441 3376 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:12:58.0446 3376 RTL8169 - ok
09:12:58.0494 3376 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:12:58.0496 3376 s3cap - ok
09:12:58.0568 3376 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:12:58.0572 3376 SamSs - ok
09:12:58.0631 3376 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:12:58.0635 3376 sbp2port - ok
09:12:58.0735 3376 scan (90e4994582ca688cd6f93af4e2870188) C:\Program Files\Immunet Protect\tetra\scan.dll
09:12:58.0746 3376 scan - ok
09:12:58.0815 3376 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:12:58.0826 3376 SCardSvr - ok
09:12:58.0881 3376 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:12:58.0884 3376 scfilter - ok
09:12:59.0009 3376 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:12:59.0033 3376 Schedule - ok
09:12:59.0070 3376 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
09:12:59.0072 3376 SCMNdisP - ok
09:12:59.0128 3376 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:12:59.0131 3376 SCPolicySvc - ok
09:12:59.0192 3376 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:12:59.0202 3376 SDRSVC - ok
09:12:59.0264 3376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:12:59.0266 3376 secdrv - ok
09:12:59.0320 3376 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:12:59.0327 3376 seclogon - ok
09:12:59.0399 3376 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:12:59.0407 3376 SENS - ok
09:12:59.0445 3376 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:12:59.0453 3376 SensrSvc - ok
09:12:59.0482 3376 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:12:59.0485 3376 Serenum - ok
09:12:59.0523 3376 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:12:59.0526 3376 Serial - ok
09:12:59.0567 3376 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:12:59.0569 3376 sermouse - ok
09:12:59.0637 3376 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:12:59.0647 3376 SessionEnv - ok
09:12:59.0681 3376 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:12:59.0683 3376 sffdisk - ok
09:12:59.0708 3376 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:12:59.0710 3376 sffp_mmc - ok
09:12:59.0728 3376 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:12:59.0730 3376 sffp_sd - ok
09:12:59.0745 3376 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:12:59.0748 3376 sfloppy - ok
09:12:59.0869 3376 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:12:59.0880 3376 SharedAccess - ok
09:12:59.0953 3376 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:12:59.0967 3376 ShellHWDetection - ok
09:12:59.0998 3376 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:13:00.0002 3376 sisagp - ok
09:13:00.0051 3376 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:13:00.0054 3376 SiSRaid2 - ok
09:13:00.0075 3376 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:13:00.0079 3376 SiSRaid4 - ok
09:13:00.0119 3376 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:13:00.0123 3376 Smb - ok
09:13:00.0215 3376 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:13:00.0222 3376 SNMPTRAP - ok
09:13:00.0235 3376 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:13:00.0237 3376 spldr - ok
09:13:00.0312 3376 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:13:00.0326 3376 Spooler - ok
09:13:00.0699 3376 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:13:00.0798 3376 sppsvc - ok
09:13:00.0992 3376 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:13:01.0001 3376 sppuinotify - ok
09:13:01.0096 3376 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:13:01.0105 3376 srv - ok
09:13:01.0166 3376 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:13:01.0175 3376 srv2 - ok
09:13:01.0211 3376 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:13:01.0215 3376 srvnet - ok
09:13:01.0273 3376 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:13:01.0284 3376 SSDPSRV - ok
09:13:01.0303 3376 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:13:01.0312 3376 SstpSvc - ok
09:13:01.0519 3376 STacSV (fe7f776f2590c8331123bda3a3a21de6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
09:13:01.0525 3376 STacSV - ok
09:13:01.0578 3376 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:13:01.0581 3376 stexstor - ok
09:13:01.0677 3376 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
09:13:01.0690 3376 STHDA - ok
09:13:01.0754 3376 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:13:01.0756 3376 StillCam - ok
09:13:01.0848 3376 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:13:01.0867 3376 StiSvc - ok
09:13:01.0954 3376 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:13:01.0956 3376 storflt - ok
09:13:01.0986 3376 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:13:01.0989 3376 storvsc - ok
09:13:02.0143 3376 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
09:13:02.0151 3376 SupportSoft RemoteAssist - ok
09:13:02.0182 3376 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:13:02.0183 3376 swenum - ok
09:13:02.0259 3376 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:13:02.0275 3376 swprv - ok
09:13:02.0299 3376 Synth3dVsc - ok
09:13:02.0482 3376 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:13:02.0515 3376 SysMain - ok
09:13:02.0566 3376 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:13:02.0577 3376 TabletInputService - ok
09:13:02.0646 3376 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:13:02.0658 3376 TapiSrv - ok
09:13:02.0714 3376 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:13:02.0723 3376 TBS - ok
09:13:02.0992 3376 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
09:13:03.0023 3376 Tcpip - ok
09:13:03.0099 3376 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
09:13:03.0120 3376 TCPIP6 - ok
09:13:03.0185 3376 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:13:03.0187 3376 tcpipreg - ok
09:13:03.0233 3376 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:13:03.0236 3376 TDPIPE - ok
09:13:03.0290 3376 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:13:03.0292 3376 TDTCP - ok
09:13:03.0340 3376 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:13:03.0344 3376 tdx - ok
09:13:03.0391 3376 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:13:03.0393 3376 TermDD - ok
09:13:03.0494 3376 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:13:03.0514 3376 TermService - ok
09:13:03.0576 3376 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:13:03.0584 3376 Themes - ok
09:13:03.0643 3376 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:13:03.0653 3376 THREADORDER - ok
09:13:03.0696 3376 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:13:03.0705 3376 TrkWks - ok
09:13:03.0792 3376 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:13:03.0799 3376 TrustedInstaller - ok
09:13:03.0845 3376 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:13:03.0852 3376 tssecsrv - ok
09:13:03.0928 3376 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:13:03.0931 3376 TsUsbFlt - ok
09:13:03.0954 3376 tsusbhub - ok
09:13:04.0032 3376 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:13:04.0036 3376 tunnel - ok
09:13:04.0092 3376 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:13:04.0096 3376 uagp35 - ok
09:13:04.0159 3376 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:13:04.0167 3376 udfs - ok
09:13:04.0237 3376 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:13:04.0245 3376 UI0Detect - ok
09:13:04.0328 3376 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:13:04.0331 3376 uliagpkx - ok
09:13:04.0381 3376 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
09:13:04.0383 3376 umbus - ok
09:13:04.0430 3376 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:13:04.0432 3376 UmPass - ok
09:13:04.0507 3376 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:13:04.0519 3376 UmRdpService - ok
09:13:04.0601 3376 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:13:04.0614 3376 upnphost - ok
09:13:04.0690 3376 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
09:13:04.0693 3376 USBAAPL - ok
09:13:04.0770 3376 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
09:13:04.0774 3376 usbaudio - ok
09:13:04.0816 3376 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:13:04.0819 3376 usbccgp - ok
09:13:04.0858 3376 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:13:04.0862 3376 usbcir - ok
09:13:04.0901 3376 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:13:04.0906 3376 usbehci - ok
09:13:04.0956 3376 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:13:04.0965 3376 usbhub - ok
09:13:05.0034 3376 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:13:05.0036 3376 usbohci - ok
09:13:05.0089 3376 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:13:05.0091 3376 usbprint - ok
09:13:05.0145 3376 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:13:05.0148 3376 usbscan - ok
09:13:05.0191 3376 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:13:05.0195 3376 USBSTOR - ok
09:13:05.0245 3376 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:13:05.0247 3376 usbuhci - ok
09:13:05.0334 3376 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
09:13:05.0340 3376 usbvideo - ok
09:13:05.0392 3376 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:13:05.0400 3376 UxSms - ok
09:13:05.0449 3376 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:13:05.0454 3376 VaultSvc - ok
09:13:05.0500 3376 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:13:05.0503 3376 vdrvroot - ok
09:13:05.0634 3376 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:13:05.0654 3376 vds - ok
09:13:05.0703 3376 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:13:05.0706 3376 vga - ok
09:13:05.0720 3376 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:13:05.0722 3376 VgaSave - ok
09:13:05.0747 3376 VGPU - ok
09:13:05.0814 3376 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:13:05.0820 3376 vhdmp - ok
09:13:05.0879 3376 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:13:05.0882 3376 viaagp - ok
09:13:05.0896 3376 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:13:05.0899 3376 ViaC7 - ok
09:13:05.0951 3376 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:13:05.0953 3376 viaide - ok
09:13:06.0094 3376 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
09:13:06.0097 3376 Viewpoint Manager Service - ok
09:13:06.0142 3376 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:13:06.0148 3376 vmbus - ok
09:13:06.0168 3376 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:13:06.0170 3376 VMBusHID - ok
09:13:06.0199 3376 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:13:06.0201 3376 volmgr - ok
09:13:06.0287 3376 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:13:06.0296 3376 volmgrx - ok
09:13:06.0357 3376 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:13:06.0364 3376 volsnap - ok
09:13:06.0415 3376 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:13:06.0420 3376 vsmraid - ok
09:13:06.0580 3376 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:13:06.0613 3376 VSS - ok
09:13:06.0637 3376 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:13:06.0640 3376 vwifibus - ok
09:13:06.0676 3376 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:13:06.0679 3376 vwififlt - ok
09:13:06.0708 3376 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
09:13:06.0710 3376 vwifimp - ok
09:13:06.0793 3376 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:13:06.0807 3376 W32Time - ok
09:13:06.0825 3376 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:13:06.0827 3376 WacomPen - ok
09:13:06.0899 3376 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:13:06.0902 3376 WANARP - ok
09:13:06.0922 3376 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:13:06.0924 3376 Wanarpv6 - ok
09:13:07.0107 3376 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:13:07.0143 3376 wbengine - ok
09:13:07.0213 3376 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:13:07.0227 3376 WbioSrvc - ok
09:13:07.0304 3376 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:13:07.0318 3376 wcncsvc - ok
09:13:07.0352 3376 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:13:07.0365 3376 WcsPlugInService - ok
09:13:07.0460 3376 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:13:07.0462 3376 Wd - ok
09:13:07.0522 3376 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:13:07.0533 3376 Wdf01000 - ok
09:13:07.0565 3376 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:13:07.0581 3376 WdiServiceHost - ok
09:13:07.0592 3376 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:13:07.0601 3376 WdiSystemHost - ok
09:13:07.0686 3376 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:13:07.0699 3376 WebClient - ok
09:13:07.0738 3376 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:13:07.0749 3376 Wecsvc - ok
09:13:07.0774 3376 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:13:07.0782 3376 wercplsupport - ok
09:13:07.0817 3376 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:13:07.0826 3376 WerSvc - ok
09:13:07.0877 3376 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:13:07.0879 3376 WfpLwf - ok
09:13:07.0914 3376 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:13:07.0919 3376 WIMMount - ok
09:13:08.0120 3376 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:13:08.0135 3376 WinDefend - ok
09:13:08.0149 3376 WinHttpAutoProxySvc - ok
09:13:08.0280 3376 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:13:08.0285 3376 Winmgmt - ok
09:13:08.0463 3376 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:13:08.0498 3376 WinRM - ok
09:13:08.0614 3376 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:13:08.0617 3376 WinUsb - ok
09:13:08.0762 3376 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:13:08.0788 3376 Wlansvc - ok
09:13:09.0079 3376 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:13:09.0116 3376 wlidsvc - ok
09:13:09.0344 3376 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:13:09.0345 3376 WmiAcpi - ok
09:13:09.0459 3376 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:13:09.0463 3376 wmiApSrv - ok
09:13:09.0733 3376 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:13:09.0761 3376 WMPNetworkSvc - ok
09:13:09.0819 3376 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:13:09.0828 3376 WPCSvc - ok
09:13:09.0891 3376 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:13:09.0900 3376 WPDBusEnum - ok
09:13:10.0041 3376 WPFFontCache_v0400 - ok
09:13:10.0158 3376 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:13:10.0161 3376 ws2ifsl - ok
09:13:10.0202 3376 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:13:10.0228 3376 wscsvc - ok
09:13:10.0277 3376 WSearch - ok
09:13:10.0404 3376 WSWNA1100 (3e366f57cbb540c965bab1f2be6d7998) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
09:13:10.0414 3376 WSWNA1100 - ok
09:13:10.0691 3376 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:13:10.0745 3376 wuauserv - ok
09:13:10.0988 3376 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:13:10.0992 3376 WudfPf - ok
09:13:11.0087 3376 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:13:11.0093 3376 WUDFRd - ok
09:13:11.0183 3376 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:13:11.0194 3376 wudfsvc - ok
09:13:11.0265 3376 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:13:11.0285 3376 WwanSvc - ok
09:13:11.0415 3376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:13:12.0461 3376 \Device\Harddisk0\DR0 - ok
09:13:12.0509 3376 Boot (0x1200) (39aded3e78e6cb9f3fdb55ef046f43b3) \Device\Harddisk0\DR0\Partition0
09:13:12.0516 3376 \Device\Harddisk0\DR0\Partition0 - ok
09:13:12.0560 3376 Boot (0x1200) (ac9af14f19dd108b244ba74e7a63f756) \Device\Harddisk0\DR0\Partition1
09:13:12.0563 3376 \Device\Harddisk0\DR0\Partition1 - ok
09:13:12.0565 3376 ============================================================
09:13:12.0565 3376 Scan finished
09:13:12.0565 3376 ============================================================
09:13:12.0589 2232 Detected object count: 0
09:13:12.0589 2232 Actual detected object count: 0

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:29 AM

Posted 12 August 2012 - 08:40 PM

Greetings dshah,

Thank you for the information and your patience as I evaluate your issues.

I would like to check your disk for errors and also get a better look at your Master Boot Record (MBR).

Please perform the following for me.


===================================================


chkdsk /r Command from the Run Box in Windows 7/Vista

--------------------

  • Press the windows key Posted Image + r on your keyboard at the same time
  • Copy and paste the following in the Run box then hit Enter

    CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30
  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will reboot
  • Press windows key Posted Image + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Expand Windows Logs, then select Application
  • Locate the entry for today's date and time of running chkdsk /r for an entry similar to this:

    Posted Image
  • Left click on the entry then copy and paste the information under the General tab in your reply

===================================================


MBRCheck Report

--------------------

  • Please download MBRCheck.exe to your desktop
  • Double click MBRCheck.exe and the select Run. Vista/Windows 7 users right click the icon and select Run as Administrator
  • A black screen with some data on it will open
  • If you are given an option to fix, please do not fix anything
  • When complete, you should see Done! Press ENTER
  • Press Enter again on the keyboard
  • A log named MBRCheck_date_time.txt (with today's date) will be created on the desktop
  • Copy and paste the contents of that log in your next reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • chkdsk event viewer information
  • MBRCheck.txt
  • Any difference with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users