Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Search Results keep redirecting in IE & FF


  • This topic is locked This topic is locked
16 replies to this topic

#1 rburgquist

rburgquist

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 01 August 2012 - 08:19 PM

Using Firefox and Internet Explorer my Yahoo search results regularly get redirected. Here is the link to my post in another Forum to show what has been tried and the specifics of the problem I am having.

http://www.bleepingcomputer.com/forums/topic462467.html/page__p__2779895__fromsearch__1#entry2779895

I am not sure that GMER worked the way it was supposed to for me. When I had C:\ selected I could only select Services, Registry, and Files. I was not able to hit the show all check box or the 8 other check boxes (System - Libraries).

Here is the DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Ryan at 19:06:36 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1742 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625174619.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Best Buy pc app] C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Mozilla] Rundll32.exe C:\Users\Ryan\AppData\Local\Mozilla\drrisiiv.dll,DllCanUnloadNow
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB}\275746E69636B6 : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625174619.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g4dugteb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-08-01 11:25:03 -------- d-----w- C:\Users\Ryan\AppData\Local\{CB7D6F31-940E-4624-8D01-4F0E2E2BAAEC}
2012-08-01 11:24:52 -------- d-----w- C:\Users\Ryan\AppData\Local\{2B367538-C83D-491C-8E15-322529C56DE8}
2012-08-01 11:24:41 -------- d-----w- C:\Users\Ryan\AppData\Local\{7CF96F5A-115F-4FBB-A1FA-8CEDBCF2EB00}
2012-08-01 11:24:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{0156A7B5-BC5F-4100-99E1-9B61E8030460}
2012-07-31 11:27:18 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91C35FFF-0895-48A3-A8DD-D8DCA1B783A2}\mpengine.dll
2012-07-30 00:50:50 -------- d-----w- C:\Users\Ryan\AppData\Local\{EB48EC7A-D8DE-41C4-AD97-F2F3B7E978C8}
2012-07-30 00:50:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{20C4CA83-8542-4475-91D4-421739C10A1C}
2012-07-30 00:49:38 -------- d-----w- C:\Users\Ryan\AppData\Local\{15FAEFCC-27CB-4249-8DEC-B8555C23D22D}
2012-07-27 15:17:24 -------- d-----r- C:\Users\Ryan\Dropbox
2012-07-27 15:14:01 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Dropbox
2012-07-27 00:27:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 11:48:46 992352 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-15 01:33:39 248320 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2012-07-15 01:31:24 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-07-15 01:31:08 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-07-15 01:29:03 136704 ----a-w- C:\windows\System32\hpf3l70v.dll
2012-07-15 01:27:50 -------- d-----w- C:\Program Files (x86)\HP
2012-07-15 01:24:30 -------- d-----w- C:\Program Files\HP
2012-07-15 01:23:36 642360 ----a-w- C:\windows\System32\hpzids40.dll
2012-07-15 01:23:35 880640 ----a-w- C:\windows\System32\hposwia_p02c.dll
2012-07-15 01:23:35 551424 ----a-w- C:\windows\System32\hppldcoi.dll
2012-07-15 01:23:35 1403904 ----a-w- C:\windows\System32\hpost_p02c.dll
2012-07-15 01:23:34 515072 ----a-w- C:\windows\System32\hposc_p02a.dll
2012-07-11 11:51:18 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 11:28:26 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 11:28:26 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 11:28:21 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 11:28:12 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-11 11:28:11 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 11:28:10 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-11 11:26:57 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 11:26:52 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 11:26:48 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-07-10 15:44:50 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-07-10 15:44:49 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Catalina Marketing Corp
2012-07-10 15:44:46 489712 ----a-w- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-09 02:09:34 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-22 22:37:16 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 22:37:16 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 19:09:02.60 ===============

Attached File  Attach.txt   9.81KB   1 downloads

Attached File  ark.txt   407bytes   0 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 06 August 2012 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463486 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 07 August 2012 - 07:35 PM

Here are the new DDS results. I have Windows 7 Home Premium 64-Bit.



Attached File  Attach2.txt   8.13KB   0 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Ryan at 19:29:18 on 2012-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1448 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\rundll32.exe
C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625174619.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Best Buy pc app] C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Mozilla] Rundll32.exe C:\Users\Ryan\AppData\Local\Mozilla\drrisiiv.dll,DllCanUnloadNow
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB}\275746E69636B6 : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{7915401C-7380-4EC0-A843-CCC579920BEB}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625174619.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g4dugteb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-8 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-8 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-8 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-8 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-6-3 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-6-3 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2011-3-19 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2011-3-19 579400]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-08-07 22:42:30 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E35B593-3EAC-4484-BF77-F07074FA3FF1}\mpengine.dll
2012-08-05 16:12:37 38912 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-08-03 01:11:03 -------- d-----w- C:\Users\Ryan\AppData\Local\Google
2012-08-03 00:47:10 -------- d-----w- C:\Users\Ryan\AppData\Local\{D484F2B2-B1D6-4BC5-94ED-0B03252CFBD0}
2012-08-03 00:46:55 -------- d-----w- C:\Users\Ryan\AppData\Local\{41D523EA-D3F9-47F1-B720-99C78AF1D055}
2012-08-03 00:34:30 -------- d-----w- C:\windows\en
2012-08-03 00:33:40 -------- d-----w- C:\Users\Ryan\AppData\Local\{DE461D71-691E-48DC-8CE4-6AC32D93A436}
2012-08-03 00:32:43 -------- d-----w- C:\Users\Ryan\AppData\Local\{28FAC7BA-9143-4EF9-A00D-854BFC7F9A6D}
2012-08-03 00:32:28 -------- d-----w- C:\Users\Ryan\AppData\Local\{81524453-36DA-4916-8403-C48313774ABA}
2012-08-03 00:31:09 -------- d-----w- C:\Users\Ryan\AppData\Local\{BE534F29-E40F-4348-BD28-7A15D9E4C977}
2012-08-03 00:31:03 -------- d-----w- C:\Users\Ryan\AppData\Local\{AB785571-2B40-4EF0-A9C2-8F420DE2E61E}
2012-08-03 00:30:52 -------- d-----w- C:\Users\Ryan\AppData\Local\{E9A80321-9A32-4B36-B53A-6E5BAA361E3F}
2012-08-03 00:30:42 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-03 00:29:10 -------- d-----w- C:\Users\Ryan\AppData\Local\{63BDE1D8-0F0E-4888-83EE-25926AAA8135}
2012-08-03 00:29:01 -------- d-----w- C:\Users\Ryan\AppData\Local\{C6DADBB4-8822-428E-ABF3-DD8C9417A783}
2012-08-03 00:26:53 -------- d-----w- C:\Users\Ryan\AppData\Local\{66D8D0DF-1A23-4867-969C-76772297B6BA}
2012-08-03 00:26:28 -------- d-----w- C:\Users\Ryan\AppData\Local\{154F2717-81C2-4D98-ACB0-56BC55A08813}
2012-08-03 00:25:57 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DSETUP.dll
2012-08-03 00:25:57 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DXSETUP.exe
2012-08-03 00:25:57 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\dsetup32.dll
2012-08-03 00:25:23 -------- d-----w- C:\Users\Ryan\AppData\Local\{527E3903-5FCD-437C-8D34-7FC28CB80A36}
2012-08-03 00:25:12 -------- d-----w- C:\Users\Ryan\AppData\Local\{73FE899D-9323-47CE-8DB2-614EFA8DF097}
2012-08-03 00:25:01 -------- d-----w- C:\Users\Ryan\AppData\Local\{F4AE9368-3A38-42DF-8F2C-FBE4A9B3B741}
2012-08-03 00:24:50 -------- d-----w- C:\Users\Ryan\AppData\Local\{BBB44399-790E-4B8A-B67E-C3E7144C0350}
2012-08-03 00:24:39 -------- d-----w- C:\Users\Ryan\AppData\Local\{575816AD-A6DE-4D2F-98F8-87985B530AA0}
2012-08-03 00:24:17 -------- d-----w- C:\Users\Ryan\AppData\Local\{02AFCF1E-DBE8-4298-8CBE-FB1ACF035E66}
2012-08-02 23:58:09 -------- d-----w- C:\Users\Ryan\AppData\Local\{46A81187-21BA-4D7C-A758-F3A638244474}
2012-08-02 23:57:57 -------- d-----w- C:\Users\Ryan\AppData\Local\{6A2B6A32-0E7C-43E7-8E95-74E6D0BB865D}
2012-08-02 23:57:33 -------- d-----w- C:\Users\Ryan\AppData\Local\{72F49EF0-BCC4-4A1B-B8B4-7A687A549D8E}
2012-08-02 23:57:19 -------- d-----w- C:\Users\Ryan\AppData\Local\{0EFE747A-5262-4F5E-9D13-E114EB71D575}
2012-08-02 23:53:17 -------- d-----w- C:\Users\Ryan\AppData\Local\{6C9CDB2D-70AD-453E-837F-811B30AA2510}
2012-08-02 23:53:06 -------- d-----w- C:\Users\Ryan\AppData\Local\{C936338E-DBFC-4575-97C0-0AD552AE3AF2}
2012-08-02 23:52:43 -------- d-----w- C:\Users\Ryan\AppData\Local\{E0A266B3-E87E-4756-B040-B5B7CE03B920}
2012-08-02 23:52:30 -------- d-----w- C:\Users\Ryan\AppData\Local\{CED113A1-EEDE-4F6F-942F-6E98A81A9AAF}
2012-08-02 23:52:11 -------- d-----w- C:\Users\Ryan\AppData\Local\{D5C9A793-7EC3-4B8F-B908-A21A95E7A9E7}
2012-08-02 23:52:00 -------- d-----w- C:\Users\Ryan\AppData\Local\{34A9E49F-915B-42BE-84C9-3D263B108A45}
2012-08-02 23:51:47 -------- d-----w- C:\Users\Ryan\AppData\Local\{EFAB76CC-0DE1-4235-8707-673C9411A5FD}
2012-08-02 23:51:24 -------- d-----w- C:\Users\Ryan\AppData\Local\{CAC23EDE-6433-473F-9460-73DD36342B85}
2012-08-02 23:51:05 -------- d-----w- C:\Users\Ryan\AppData\Local\{E98F9054-D465-4587-8B3E-E64865BBFCE6}
2012-08-01 11:25:03 -------- d-----w- C:\Users\Ryan\AppData\Local\{CB7D6F31-940E-4624-8D01-4F0E2E2BAAEC}
2012-08-01 11:24:52 -------- d-----w- C:\Users\Ryan\AppData\Local\{2B367538-C83D-491C-8E15-322529C56DE8}
2012-08-01 11:24:41 -------- d-----w- C:\Users\Ryan\AppData\Local\{7CF96F5A-115F-4FBB-A1FA-8CEDBCF2EB00}
2012-08-01 11:24:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{0156A7B5-BC5F-4100-99E1-9B61E8030460}
2012-07-30 00:50:50 -------- d-----w- C:\Users\Ryan\AppData\Local\{EB48EC7A-D8DE-41C4-AD97-F2F3B7E978C8}
2012-07-30 00:50:18 -------- d-----w- C:\Users\Ryan\AppData\Local\{20C4CA83-8542-4475-91D4-421739C10A1C}
2012-07-30 00:49:38 -------- d-----w- C:\Users\Ryan\AppData\Local\{15FAEFCC-27CB-4249-8DEC-B8555C23D22D}
2012-07-27 15:17:24 -------- d-----r- C:\Users\Ryan\Dropbox
2012-07-27 15:14:01 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Dropbox
2012-07-27 00:27:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-17 11:48:46 992352 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-15 01:33:39 248320 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2012-07-15 01:31:24 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-07-15 01:31:08 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-07-15 01:29:03 136704 ----a-w- C:\windows\System32\hpf3l70v.dll
2012-07-15 01:27:50 -------- d-----w- C:\Program Files (x86)\HP
2012-07-15 01:24:30 -------- d-----w- C:\Program Files\HP
2012-07-15 01:23:36 642360 ----a-w- C:\windows\System32\hpzids40.dll
2012-07-15 01:23:35 880640 ----a-w- C:\windows\System32\hposwia_p02c.dll
2012-07-15 01:23:35 551424 ----a-w- C:\windows\System32\hppldcoi.dll
2012-07-15 01:23:35 1403904 ----a-w- C:\windows\System32\hpost_p02c.dll
2012-07-15 01:23:34 515072 ----a-w- C:\windows\System32\hposc_p02a.dll
2012-07-11 11:51:18 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 11:28:26 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 11:28:26 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 11:28:21 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 11:28:12 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-11 11:28:11 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 11:28:10 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-11 11:26:57 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 11:26:52 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 11:26:48 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-07-10 15:44:50 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-07-10 15:44:49 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Catalina Marketing Corp
2012-07-10 15:44:46 489712 ----a-w- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-09 02:09:34 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-22 22:37:16 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 22:37:16 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
.
============= FINISH: 19:31:02.26 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 08 August 2012 - 07:55 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 August 2012 - 04:22 PM

Here are the results. I have tested a little bit and haven't been redirected yet..

Security Check:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````


Combofix:

ComboFix 12-08-09.01 - Ryan 08/10/2012 16:06:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1533 [GMT -5:00]
Running from: c:\users\Ryan\Tracing\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Ryan\OfficeEnterpriseEdition2007.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 21:14 . 2012-08-10 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 21:09 . 2012-08-10 21:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E35B593-3EAC-4484-BF77-F07074FA3FF1}\offreg.dll
2012-08-07 22:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E35B593-3EAC-4484-BF77-F07074FA3FF1}\mpengine.dll
2012-08-05 16:12 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-08-03 01:11 . 2012-08-03 01:12 -------- d-----w- c:\users\Ryan\AppData\Local\Google
2012-08-03 00:34 . 2012-08-03 00:34 -------- d-----w- c:\windows\en
2012-08-03 00:30 . 2012-08-03 00:30 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-03 00:25 . 2012-08-03 00:25 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DSETUP.dll
2012-08-03 00:25 . 2012-08-03 00:25 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DXSETUP.exe
2012-08-03 00:25 . 2012-08-03 00:25 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\dsetup32.dll
2012-07-29 15:30 . 2012-07-29 15:31 -------- d-----w- c:\users\Marie
2012-07-27 15:17 . 2012-08-10 20:57 -------- d-----r- c:\users\Ryan\Dropbox
2012-07-27 15:14 . 2012-08-10 20:57 -------- d-----w- c:\users\Ryan\AppData\Roaming\Dropbox
2012-07-27 00:27 . 2012-07-27 00:27 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 11:48 . 2012-07-17 11:48 992352 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-15 01:33 . 2009-04-16 19:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
2012-07-15 01:31 . 2012-07-15 01:31 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-07-15 01:31 . 2012-07-15 01:31 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-07-15 01:29 . 2009-04-16 19:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll
2012-07-15 01:27 . 2012-07-15 01:29 -------- d-----w- c:\program files (x86)\HP
2012-07-15 01:24 . 2012-07-15 01:24 -------- d-----w- c:\program files\HP
2012-07-15 01:23 . 2012-07-15 01:23 -------- d-----w- c:\programdata\HP
2012-07-15 01:23 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-07-15 01:23 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_p02c.dll
2012-07-15 01:23 . 2009-02-11 11:03 1403904 ----a-w- c:\windows\system32\hpost_p02c.dll
2012-07-15 01:23 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-07-15 01:23 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_p02a.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 11:47 . 2011-05-24 01:58 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-10 15:44 . 2012-07-10 15:44 489712 ----a-w- c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-03 18:46 . 2012-04-01 23:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 22:37 . 2012-06-22 22:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 22:37 . 2011-05-18 11:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:08 . 2012-07-11 11:51 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-08 23:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-08 23:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-08 23:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2011-06-04 01:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-12 22:57 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 22:57 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 22:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-19 98304]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-04-02 27936]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-19 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-19 203264]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-19 7448576]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-19 268288]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102988707-2808339527-4182012599-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:10]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102988707-2808339527-4182012599-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-20 11448424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-20 2120808]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g4dugteb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 16:17:05
ComboFix-quarantined-files.txt 2012-08-10 21:17
.
Pre-Run: 197,602,930,688 bytes free
Post-Run: 197,348,962,304 bytes free
.
- - End Of File - - C3417DDE0AA28ABE6D39CE9CE4A20AEF

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 10 August 2012 - 04:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 August 2012 - 07:49 PM

Hello,

Here are the reports:

tdsskiller:

19:27:13.0586 5540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:27:14.0756 5540 ============================================================
19:27:14.0756 5540 Current date / time: 2012/08/10 19:27:14.0756
19:27:14.0756 5540 SystemInfo:
19:27:14.0756 5540
19:27:14.0756 5540 OS Version: 6.1.7601 ServicePack: 1.0
19:27:14.0756 5540 Product type: Workstation
19:27:14.0756 5540 ComputerName: RYAN-PC
19:27:14.0756 5540 UserName: Ryan
19:27:14.0756 5540 Windows directory: C:\windows
19:27:14.0756 5540 System windows directory: C:\windows
19:27:14.0756 5540 Running under WOW64
19:27:14.0756 5540 Processor architecture: Intel x64
19:27:14.0756 5540 Number of processors: 2
19:27:14.0756 5540 Page size: 0x1000
19:27:14.0756 5540 Boot type: Normal boot
19:27:14.0756 5540 ============================================================
19:27:16.0316 5540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:16.0316 5540 ============================================================
19:27:16.0316 5540 \Device\Harddisk0\DR0:
19:27:16.0316 5540 MBR partitions:
19:27:16.0316 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:27:16.0316 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
19:27:16.0331 5540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
19:27:16.0331 5540 ============================================================
19:27:16.0378 5540 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:16.0425 5540 D: <-> \Device\Harddisk0\DR0\Partition2
19:27:16.0425 5540 ============================================================
19:27:16.0425 5540 Initialize success
19:27:16.0425 5540 ============================================================
19:27:18.0235 3232 ============================================================
19:27:18.0235 3232 Scan started
19:27:18.0235 3232 Mode: Manual;
19:27:18.0235 3232 ============================================================
19:27:19.0529 3232 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:27:19.0654 3232 1394ohci - ok
19:27:19.0732 3232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:27:19.0873 3232 ACPI - ok
19:27:19.0904 3232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:27:20.0029 3232 AcpiPmi - ok
19:27:20.0075 3232 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
19:27:20.0185 3232 ACPIVPC - ok
19:27:20.0325 3232 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:20.0450 3232 AdobeARMservice - ok
19:27:20.0543 3232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:27:20.0575 3232 adp94xx - ok
19:27:20.0637 3232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:27:20.0668 3232 adpahci - ok
19:27:20.0699 3232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:27:20.0715 3232 adpu320 - ok
19:27:20.0762 3232 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:27:20.0762 3232 AeLookupSvc - ok
19:27:20.0855 3232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:27:20.0965 3232 AFD - ok
19:27:21.0027 3232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:27:21.0043 3232 agp440 - ok
19:27:21.0074 3232 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:27:21.0089 3232 ALG - ok
19:27:21.0121 3232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:27:21.0136 3232 aliide - ok
19:27:21.0214 3232 AMD External Events Utility (5d39a8a3c5f1af5a8c91ce0658314664) C:\windows\system32\atiesrxx.exe
19:27:21.0308 3232 AMD External Events Utility - ok
19:27:21.0323 3232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:27:21.0323 3232 amdide - ok
19:27:21.0355 3232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:27:21.0370 3232 AmdK8 - ok
19:27:21.0979 3232 amdkmdag (59a119e7ae39a95755bb1c0e889c7fad) C:\windows\system32\DRIVERS\atikmdag.sys
19:27:22.0400 3232 amdkmdag - ok
19:27:22.0587 3232 amdkmdap (dc746fe518c2e63db4c8954772fa4f71) C:\windows\system32\DRIVERS\atikmpag.sys
19:27:22.0681 3232 amdkmdap - ok
19:27:22.0727 3232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:27:22.0727 3232 AmdPPM - ok
19:27:22.0790 3232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:27:22.0915 3232 amdsata - ok
19:27:22.0961 3232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:27:22.0977 3232 amdsbs - ok
19:27:23.0008 3232 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:27:23.0133 3232 amdxata - ok
19:27:23.0180 3232 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:27:23.0289 3232 AppID - ok
19:27:23.0305 3232 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:27:23.0320 3232 AppIDSvc - ok
19:27:23.0367 3232 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:27:23.0461 3232 Appinfo - ok
19:27:23.0554 3232 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:23.0679 3232 Apple Mobile Device - ok
19:27:23.0757 3232 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:27:23.0757 3232 arc - ok
19:27:23.0773 3232 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:27:23.0804 3232 arcsas - ok
19:27:23.0835 3232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:27:23.0851 3232 AsyncMac - ok
19:27:23.0866 3232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:27:23.0866 3232 atapi - ok
19:27:24.0038 3232 athr (cca705cdf038d5bc243203ce4416b345) C:\windows\system32\DRIVERS\athrx.sys
19:27:24.0194 3232 athr - ok
19:27:24.0506 3232 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\windows\system32\drivers\AtihdW76.sys
19:27:24.0615 3232 AtiHDAudioService - ok
19:27:24.0646 3232 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\windows\system32\DRIVERS\AtiPcie64.sys
19:27:24.0693 3232 AtiPcie - ok
19:27:24.0802 3232 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:24.0896 3232 AudioEndpointBuilder - ok
19:27:24.0911 3232 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:24.0911 3232 AudioSrv - ok
19:27:24.0989 3232 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:27:25.0083 3232 AxInstSV - ok
19:27:25.0145 3232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:27:25.0177 3232 b06bdrv - ok
19:27:25.0223 3232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:27:25.0255 3232 b57nd60a - ok
19:27:25.0301 3232 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:27:25.0317 3232 BDESVC - ok
19:27:25.0364 3232 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:27:25.0379 3232 Beep - ok
19:27:25.0504 3232 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:27:25.0613 3232 BFE - ok
19:27:25.0738 3232 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:27:25.0879 3232 BITS - ok
19:27:25.0941 3232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:27:25.0957 3232 blbdrive - ok
19:27:26.0113 3232 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:27:26.0206 3232 Bonjour Service - ok
19:27:26.0284 3232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:27:26.0378 3232 bowser - ok
19:27:26.0425 3232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:27:26.0440 3232 BrFiltLo - ok
19:27:26.0456 3232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:27:26.0471 3232 BrFiltUp - ok
19:27:26.0518 3232 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
19:27:26.0627 3232 Bridge0 - ok
19:27:26.0674 3232 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:27:26.0674 3232 BridgeMP - ok
19:27:26.0721 3232 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:27:26.0830 3232 Browser - ok
19:27:26.0877 3232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:27:26.0908 3232 Brserid - ok
19:27:26.0955 3232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:27:26.0971 3232 BrSerWdm - ok
19:27:26.0986 3232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:27:27.0002 3232 BrUsbMdm - ok
19:27:27.0017 3232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:27:27.0017 3232 BrUsbSer - ok
19:27:27.0080 3232 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:27:27.0095 3232 BthEnum - ok
19:27:27.0111 3232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:27:27.0127 3232 BTHMODEM - ok
19:27:27.0142 3232 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:27:27.0158 3232 BthPan - ok
19:27:27.0220 3232 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:27:27.0314 3232 BTHPORT - ok
19:27:27.0329 3232 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:27:27.0345 3232 bthserv - ok
19:27:27.0361 3232 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:27:27.0470 3232 BTHUSB - ok
19:27:27.0673 3232 Cam5607 (27c684d57a49dab19bce9d69529e8be7) C:\windows\system32\Drivers\BisonC07.sys
19:27:27.0938 3232 Cam5607 - ok
19:27:27.0953 3232 catchme - ok
19:27:28.0016 3232 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:27:28.0031 3232 cdfs - ok
19:27:28.0109 3232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:27:28.0187 3232 cdrom - ok
19:27:28.0250 3232 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:28.0359 3232 CertPropSvc - ok
19:27:28.0406 3232 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
19:27:28.0515 3232 cfwids - ok
19:27:28.0546 3232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:27:28.0562 3232 circlass - ok
19:27:28.0624 3232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:27:28.0655 3232 CLFS - ok
19:27:28.0733 3232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:28.0749 3232 clr_optimization_v2.0.50727_32 - ok
19:27:28.0796 3232 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:28.0796 3232 clr_optimization_v2.0.50727_64 - ok
19:27:28.0874 3232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:28.0967 3232 clr_optimization_v4.0.30319_32 - ok
19:27:29.0014 3232 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:29.0139 3232 clr_optimization_v4.0.30319_64 - ok
19:27:29.0170 3232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:27:29.0186 3232 CmBatt - ok
19:27:29.0217 3232 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:27:29.0217 3232 cmdide - ok
19:27:29.0311 3232 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:27:29.0404 3232 CNG - ok
19:27:29.0513 3232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:27:29.0529 3232 Compbatt - ok
19:27:29.0576 3232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:27:29.0654 3232 CompositeBus - ok
19:27:29.0701 3232 COMSysApp - ok
19:27:29.0732 3232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:27:29.0732 3232 crcdisk - ok
19:27:29.0794 3232 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:27:29.0935 3232 CryptSvc - ok
19:27:29.0997 3232 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:29.0997 3232 DcomLaunch - ok
19:27:30.0059 3232 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:27:30.0091 3232 defragsvc - ok
19:27:30.0137 3232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:27:30.0215 3232 DfsC - ok
19:27:30.0293 3232 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:27:30.0387 3232 Dhcp - ok
19:27:30.0418 3232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:27:30.0418 3232 discache - ok
19:27:30.0465 3232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:27:30.0481 3232 Disk - ok
19:27:30.0512 3232 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:27:30.0605 3232 Dnscache - ok
19:27:30.0668 3232 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:27:30.0777 3232 dot3svc - ok
19:27:30.0855 3232 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
19:27:30.0855 3232 Dot4 - ok
19:27:30.0902 3232 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
19:27:30.0995 3232 Dot4Print - ok
19:27:31.0011 3232 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
19:27:31.0011 3232 dot4usb - ok
19:27:31.0058 3232 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:27:31.0073 3232 DPS - ok
19:27:31.0105 3232 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:27:31.0120 3232 drmkaud - ok
19:27:31.0261 3232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:27:31.0385 3232 DXGKrnl - ok
19:27:31.0417 3232 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:27:31.0417 3232 EapHost - ok
19:27:31.0760 3232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:27:31.0900 3232 ebdrv - ok
19:27:32.0056 3232 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:27:32.0150 3232 EFS - ok
19:27:32.0259 3232 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:27:32.0384 3232 ehRecvr - ok
19:27:32.0415 3232 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:27:32.0415 3232 ehSched - ok
19:27:32.0524 3232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:27:32.0555 3232 elxstor - ok
19:27:32.0587 3232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:27:32.0602 3232 ErrDev - ok
19:27:32.0696 3232 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:27:32.0696 3232 EventSystem - ok
19:27:32.0743 3232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:27:32.0758 3232 exfat - ok
19:27:32.0805 3232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:27:32.0836 3232 fastfat - ok
19:27:32.0945 3232 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:27:33.0039 3232 Fax - ok
19:27:33.0055 3232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:27:33.0055 3232 fdc - ok
19:27:33.0070 3232 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:27:33.0070 3232 fdPHost - ok
19:27:33.0086 3232 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:27:33.0101 3232 FDResPub - ok
19:27:33.0117 3232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:27:33.0117 3232 FileInfo - ok
19:27:33.0133 3232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:27:33.0133 3232 Filetrace - ok
19:27:33.0148 3232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:27:33.0148 3232 flpydisk - ok
19:27:33.0211 3232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:27:33.0304 3232 FltMgr - ok
19:27:33.0429 3232 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:27:33.0554 3232 FontCache - ok
19:27:33.0632 3232 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:33.0741 3232 FontCache3.0.0.0 - ok
19:27:33.0819 3232 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:27:33.0835 3232 FsDepends - ok
19:27:33.0866 3232 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:27:34.0006 3232 Fs_Rec - ok
19:27:34.0100 3232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:27:34.0225 3232 fvevol - ok
19:27:34.0240 3232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:27:34.0256 3232 gagp30kx - ok
19:27:34.0303 3232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:34.0396 3232 GEARAspiWDM - ok
19:27:34.0505 3232 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:27:34.0615 3232 gpsvc - ok
19:27:34.0646 3232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:27:34.0646 3232 hcw85cir - ok
19:27:34.0724 3232 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:27:34.0849 3232 HdAudAddService - ok
19:27:34.0880 3232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:27:34.0989 3232 HDAudBus - ok
19:27:35.0020 3232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:27:35.0020 3232 HidBatt - ok
19:27:35.0036 3232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:27:35.0036 3232 HidBth - ok
19:27:35.0051 3232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:27:35.0051 3232 HidIr - ok
19:27:35.0083 3232 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:27:35.0098 3232 hidserv - ok
19:27:35.0145 3232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:27:35.0270 3232 HidUsb - ok
19:27:35.0332 3232 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\windows\system32\drivers\hitmanpro36.sys
19:27:35.0457 3232 hitmanpro35 - ok
19:27:35.0504 3232 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:27:35.0551 3232 hkmsvc - ok
19:27:35.0597 3232 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:27:35.0691 3232 HomeGroupListener - ok
19:27:35.0785 3232 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:27:35.0878 3232 HomeGroupProvider - ok
19:27:35.0909 3232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:27:35.0972 3232 HpSAMD - ok
19:27:36.0175 3232 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:27:36.0284 3232 HPSLPSVC - ok
19:27:36.0393 3232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:27:36.0487 3232 HTTP - ok
19:27:36.0518 3232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:27:36.0565 3232 hwpolicy - ok
19:27:36.0611 3232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:27:36.0627 3232 i8042prt - ok
19:27:36.0721 3232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:27:36.0830 3232 iaStorV - ok
19:27:36.0986 3232 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:37.0157 3232 idsvc - ok
19:27:37.0563 3232 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
19:27:37.0781 3232 igfx - ok
19:27:37.0906 3232 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
19:27:38.0000 3232 IGRS - ok
19:27:38.0109 3232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:27:38.0125 3232 iirsp - ok
19:27:38.0234 3232 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:27:38.0343 3232 IKEEXT - ok
19:27:38.0577 3232 IntcAzAudAddService (72190080ab7d7d876f4210a048a0a892) C:\windows\system32\drivers\RTKVHD64.sys
19:27:38.0780 3232 IntcAzAudAddService - ok
19:27:38.0936 3232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:27:38.0936 3232 intelide - ok
19:27:38.0998 3232 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:27:39.0014 3232 intelppm - ok
19:27:39.0045 3232 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:27:39.0061 3232 IPBusEnum - ok
19:27:39.0107 3232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:27:39.0217 3232 IpFilterDriver - ok
19:27:39.0295 3232 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:27:39.0388 3232 iphlpsvc - ok
19:27:39.0419 3232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:27:39.0482 3232 IPMIDRV - ok
19:27:39.0513 3232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:27:39.0513 3232 IPNAT - ok
19:27:39.0716 3232 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
19:27:39.0804 3232 iPod Service - ok
19:27:39.0853 3232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:27:39.0862 3232 IRENUM - ok
19:27:39.0899 3232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:27:39.0908 3232 isapnp - ok
19:27:39.0962 3232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:27:40.0117 3232 iScsiPrt - ok
19:27:40.0192 3232 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
19:27:40.0214 3232 k57nd60a - ok
19:27:40.0246 3232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:27:40.0262 3232 kbdclass - ok
19:27:40.0301 3232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:27:40.0432 3232 kbdhid - ok
19:27:40.0472 3232 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:40.0476 3232 KeyIso - ok
19:27:40.0508 3232 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:27:40.0614 3232 KSecDD - ok
19:27:40.0650 3232 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:27:40.0731 3232 KSecPkg - ok
19:27:40.0766 3232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:27:40.0776 3232 ksthunk - ok
19:27:40.0837 3232 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:27:40.0872 3232 KtmRm - ok
19:27:40.0923 3232 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
19:27:41.0021 3232 L1C - ok
19:27:41.0086 3232 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:27:41.0187 3232 LanmanServer - ok
19:27:41.0235 3232 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:27:41.0312 3232 LanmanWorkstation - ok
19:27:41.0449 3232 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
19:27:41.0574 3232 Lenovo ReadyComm AppSvc - ok
19:27:41.0631 3232 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
19:27:41.0809 3232 Lenovo ReadyComm ConnSvc - ok
19:27:41.0897 3232 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
19:27:42.0000 3232 LHDmgr - ok
19:27:42.0058 3232 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:27:42.0071 3232 lltdio - ok
19:27:42.0134 3232 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:27:42.0166 3232 lltdsvc - ok
19:27:42.0192 3232 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:27:42.0209 3232 lmhosts - ok
19:27:42.0253 3232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:27:42.0266 3232 LSI_FC - ok
19:27:42.0282 3232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:27:42.0292 3232 LSI_SAS - ok
19:27:42.0305 3232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:27:42.0312 3232 LSI_SAS2 - ok
19:27:42.0332 3232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:27:42.0346 3232 LSI_SCSI - ok
19:27:42.0376 3232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:27:42.0384 3232 luafv - ok
19:27:42.0535 3232 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0540 3232 McAfee SiteAdvisor Service - ok
19:27:42.0677 3232 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:27:42.0832 3232 McComponentHostService - ok
19:27:42.0836 3232 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0838 3232 McMPFSvc - ok
19:27:42.0855 3232 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0857 3232 mcmscsvc - ok
19:27:42.0862 3232 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0863 3232 McNaiAnn - ok
19:27:42.0886 3232 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0888 3232 McNASvc - ok
19:27:43.0000 3232 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
19:27:43.0141 3232 McODS - ok
19:27:43.0182 3232 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:43.0184 3232 McProxy - ok
19:27:43.0290 3232 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:27:43.0298 3232 McShield - ok
19:27:43.0480 3232 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:27:43.0563 3232 Mcx2Svc - ok
19:27:43.0600 3232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:27:43.0606 3232 megasas - ok
19:27:43.0628 3232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:27:43.0636 3232 MegaSR - ok
19:27:43.0723 3232 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
19:27:43.0836 3232 mfeapfk - ok
19:27:43.0937 3232 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
19:27:44.0052 3232 mfeavfk - ok
19:27:44.0110 3232 mfeavfk01 - ok
19:27:44.0180 3232 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:27:44.0184 3232 mfefire - ok
19:27:44.0279 3232 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
19:27:44.0408 3232 mfefirek - ok
19:27:44.0544 3232 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
19:27:44.0669 3232 mfehidk - ok
19:27:44.0827 3232 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
19:27:44.0921 3232 mfenlfk - ok
19:27:44.0989 3232 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
19:27:45.0099 3232 mferkdet - ok
19:27:45.0161 3232 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\windows\system32\mfevtps.exe
19:27:45.0265 3232 mfevtp - ok
19:27:45.0347 3232 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
19:27:45.0459 3232 mfewfpk - ok
19:27:45.0579 3232 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:27:45.0679 3232 Microsoft Office Groove Audit Service - ok
19:27:45.0722 3232 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:27:45.0727 3232 MMCSS - ok
19:27:45.0758 3232 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:27:45.0766 3232 Modem - ok
19:27:45.0800 3232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:27:45.0814 3232 monitor - ok
19:27:45.0861 3232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
19:27:45.0876 3232 mouclass - ok
19:27:45.0921 3232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:27:45.0935 3232 mouhid - ok
19:27:45.0980 3232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:27:46.0087 3232 mountmgr - ok
19:27:46.0162 3232 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:27:46.0291 3232 MozillaMaintenance - ok
19:27:46.0334 3232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:27:46.0435 3232 mpio - ok
19:27:46.0496 3232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:27:46.0514 3232 mpsdrv - ok
19:27:46.0624 3232 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:27:46.0717 3232 MpsSvc - ok
19:27:46.0755 3232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:27:46.0849 3232 MRxDAV - ok
19:27:46.0890 3232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:47.0003 3232 mrxsmb - ok
19:27:47.0070 3232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:47.0192 3232 mrxsmb10 - ok
19:27:47.0243 3232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:47.0369 3232 mrxsmb20 - ok
19:27:47.0402 3232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:27:47.0460 3232 msahci - ok
19:27:47.0491 3232 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:27:47.0550 3232 msdsm - ok
19:27:47.0596 3232 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:27:47.0610 3232 MSDTC - ok
19:27:47.0680 3232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:27:47.0690 3232 Msfs - ok
19:27:47.0741 3232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:27:47.0756 3232 mshidkmdf - ok
19:27:47.0818 3232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:27:47.0826 3232 msisadrv - ok
19:27:47.0881 3232 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:27:47.0902 3232 MSiSCSI - ok
19:27:47.0911 3232 msiserver - ok
19:27:47.0956 3232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:27:47.0971 3232 MSKSSRV - ok
19:27:47.0994 3232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:27:48.0012 3232 MSPCLOCK - ok
19:27:48.0020 3232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:27:48.0024 3232 MSPQM - ok
19:27:48.0080 3232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:27:48.0159 3232 MsRPC - ok
19:27:48.0194 3232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:27:48.0203 3232 mssmbios - ok
19:27:48.0232 3232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:27:48.0242 3232 MSTEE - ok
19:27:48.0251 3232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:27:48.0261 3232 MTConfig - ok
19:27:48.0305 3232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:27:48.0314 3232 Mup - ok
19:27:48.0385 3232 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:27:48.0533 3232 napagent - ok
19:27:48.0611 3232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:27:48.0633 3232 NativeWifiP - ok
19:27:48.0741 3232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:27:48.0871 3232 NDIS - ok
19:27:48.0917 3232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:27:48.0929 3232 NdisCap - ok
19:27:48.0959 3232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:27:48.0971 3232 NdisTapi - ok
19:27:49.0037 3232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:27:49.0150 3232 Ndisuio - ok
19:27:49.0223 3232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:27:49.0348 3232 NdisWan - ok
19:27:49.0386 3232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:27:49.0439 3232 NDProxy - ok
19:27:49.0488 3232 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
19:27:49.0565 3232 Net Driver HPZ12 - ok
19:27:49.0605 3232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:27:49.0610 3232 NetBIOS - ok
19:27:49.0668 3232 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:27:49.0794 3232 NetBT - ok
19:27:49.0858 3232 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:49.0861 3232 Netlogon - ok
19:27:49.0935 3232 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:27:49.0964 3232 Netman - ok
19:27:50.0013 3232 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:27:50.0035 3232 netprofm - ok
19:27:50.0132 3232 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:50.0152 3232 NetTcpPortSharing - ok
19:27:50.0554 3232 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
19:27:50.0734 3232 netw5v64 - ok
19:27:50.0884 3232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:27:50.0895 3232 nfrd960 - ok
19:27:50.0972 3232 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:27:51.0062 3232 NlaSvc - ok
19:27:51.0083 3232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:27:51.0086 3232 Npfs - ok
19:27:51.0118 3232 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:27:51.0131 3232 nsi - ok
19:27:51.0152 3232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:27:51.0163 3232 nsiproxy - ok
19:27:51.0342 3232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:27:51.0495 3232 Ntfs - ok
19:27:51.0653 3232 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:27:51.0668 3232 Null - ok
19:27:51.0731 3232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:27:51.0845 3232 nvraid - ok
19:27:51.0897 3232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:27:52.0003 3232 nvstor - ok
19:27:52.0039 3232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:27:52.0057 3232 nv_agp - ok
19:27:52.0185 3232 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:52.0330 3232 odserv - ok
19:27:52.0399 3232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:27:52.0423 3232 ohci1394 - ok
19:27:52.0462 3232 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:52.0645 3232 ose - ok
19:27:52.0735 3232 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:52.0768 3232 p2pimsvc - ok
19:27:52.0825 3232 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:27:52.0855 3232 p2psvc - ok
19:27:52.0889 3232 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:27:52.0902 3232 Parport - ok
19:27:52.0941 3232 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:27:53.0039 3232 partmgr - ok
19:27:53.0054 3232 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:27:53.0062 3232 PcaSvc - ok
19:27:53.0113 3232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:27:53.0169 3232 pci - ok
19:27:53.0193 3232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:27:53.0197 3232 pciide - ok
19:27:53.0228 3232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:27:53.0239 3232 pcmcia - ok
19:27:53.0255 3232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:27:53.0258 3232 pcw - ok
19:27:53.0302 3232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:27:53.0314 3232 PEAUTH - ok
19:27:53.0404 3232 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:27:53.0411 3232 PerfHost - ok
19:27:53.0596 3232 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:27:53.0787 3232 pla - ok
19:27:53.0848 3232 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:27:53.0923 3232 PlugPlay - ok
19:27:53.0996 3232 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
19:27:54.0088 3232 Pml Driver HPZ12 - ok
19:27:54.0112 3232 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:27:54.0118 3232 PNRPAutoReg - ok
19:27:54.0151 3232 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:54.0154 3232 PNRPsvc - ok
19:27:54.0228 3232 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:27:54.0330 3232 PolicyAgent - ok
19:27:54.0373 3232 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:27:54.0394 3232 Power - ok
19:27:54.0488 3232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:27:54.0584 3232 PptpMiniport - ok
19:27:54.0609 3232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:27:54.0613 3232 Processor - ok
19:27:54.0683 3232 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:27:54.0798 3232 ProfSvc - ok
19:27:54.0850 3232 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:54.0854 3232 ProtectedStorage - ok
19:27:54.0912 3232 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:27:55.0002 3232 Psched - ok
19:27:55.0005 3232 PS_MDP - ok
19:27:55.0163 3232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:27:55.0266 3232 ql2300 - ok
19:27:55.0452 3232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:27:55.0462 3232 ql40xx - ok
19:27:55.0515 3232 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:27:55.0539 3232 QWAVE - ok
19:27:55.0566 3232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:27:55.0581 3232 QWAVEdrv - ok
19:27:55.0643 3232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:27:55.0653 3232 RasAcd - ok
19:27:55.0705 3232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:27:55.0712 3232 RasAgileVpn - ok
19:27:55.0773 3232 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:27:55.0802 3232 RasAuto - ok
19:27:55.0868 3232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:27:55.0983 3232 Rasl2tp - ok
19:27:56.0057 3232 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:27:56.0160 3232 RasMan - ok
19:27:56.0188 3232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:27:56.0195 3232 RasPppoe - ok
19:27:56.0219 3232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:27:56.0228 3232 RasSstp - ok
19:27:56.0298 3232 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:27:56.0409 3232 rdbss - ok
19:27:56.0447 3232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:27:56.0459 3232 rdpbus - ok
19:27:56.0482 3232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:27:56.0488 3232 RDPCDD - ok
19:27:56.0514 3232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:27:56.0524 3232 RDPENCDD - ok
19:27:56.0537 3232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:27:56.0545 3232 RDPREFMP - ok
19:27:56.0597 3232 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:27:56.0687 3232 RDPWD - ok
19:27:56.0736 3232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:27:56.0859 3232 rdyboost - ok
19:27:56.0862 3232 ReadyComm.DirectRouter - ok
19:27:56.0914 3232 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:27:56.0930 3232 RemoteAccess - ok
19:27:56.0985 3232 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:27:56.0997 3232 RemoteRegistry - ok
19:27:57.0057 3232 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:27:57.0073 3232 RFCOMM - ok
19:27:57.0131 3232 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:27:57.0233 3232 RimUsb - ok
19:27:57.0285 3232 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:27:57.0385 3232 RimVSerPort - ok
19:27:57.0424 3232 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
19:27:57.0429 3232 ROOTMODEM - ok
19:27:57.0467 3232 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:27:57.0480 3232 RpcEptMapper - ok
19:27:57.0515 3232 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:27:57.0532 3232 RpcLocator - ok
19:27:57.0625 3232 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:57.0637 3232 RpcSs - ok
19:27:57.0701 3232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:27:57.0710 3232 rspndr - ok
19:27:57.0770 3232 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
19:27:57.0907 3232 RSUSBSTOR - ok
19:27:57.0961 3232 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:57.0965 3232 SamSs - ok
19:27:58.0007 3232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:27:58.0161 3232 sbp2port - ok
19:27:58.0225 3232 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:27:58.0244 3232 SCardSvr - ok
19:27:58.0283 3232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:27:58.0390 3232 scfilter - ok
19:27:58.0531 3232 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:27:58.0646 3232 Schedule - ok
19:27:58.0684 3232 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:58.0687 3232 SCPolicySvc - ok
19:27:58.0743 3232 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:27:58.0853 3232 SDRSVC - ok
19:27:58.0932 3232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:27:58.0940 3232 secdrv - ok
19:27:58.0982 3232 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:27:59.0069 3232 seclogon - ok
19:27:59.0099 3232 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:27:59.0101 3232 SENS - ok
19:27:59.0133 3232 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:27:59.0137 3232 SensrSvc - ok
19:27:59.0157 3232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:27:59.0160 3232 Serenum - ok
19:27:59.0192 3232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:27:59.0200 3232 Serial - ok
19:27:59.0227 3232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:27:59.0236 3232 sermouse - ok
19:27:59.0298 3232 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:27:59.0397 3232 SessionEnv - ok
19:27:59.0437 3232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:27:59.0442 3232 sffdisk - ok
19:27:59.0463 3232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:27:59.0468 3232 sffp_mmc - ok
19:27:59.0472 3232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:27:59.0525 3232 sffp_sd - ok
19:27:59.0549 3232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:27:59.0553 3232 sfloppy - ok
19:27:59.0662 3232 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:27:59.0751 3232 SharedAccess - ok
19:27:59.0827 3232 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:27:59.0942 3232 ShellHWDetection - ok
19:27:59.0974 3232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:27:59.0979 3232 SiSRaid2 - ok
19:27:59.0989 3232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:27:59.0994 3232 SiSRaid4 - ok
19:28:00.0012 3232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:28:00.0018 3232 Smb - ok
19:28:00.0057 3232 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:28:00.0064 3232 SNMPTRAP - ok
19:28:00.0096 3232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:28:00.0100 3232 spldr - ok
19:28:00.0188 3232 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:28:00.0317 3232 Spooler - ok
19:28:00.0640 3232 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:28:00.0784 3232 sppsvc - ok
19:28:01.0044 3232 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:28:01.0062 3232 sppuinotify - ok
19:28:01.0148 3232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:28:01.0264 3232 srv - ok
19:28:01.0325 3232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:28:01.0426 3232 srv2 - ok
19:28:01.0445 3232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:28:01.0496 3232 srvnet - ok
19:28:01.0556 3232 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:28:01.0585 3232 SSDPSRV - ok
19:28:01.0603 3232 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:28:01.0619 3232 SstpSvc - ok
19:28:01.0676 3232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:28:01.0686 3232 stexstor - ok
19:28:01.0801 3232 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:28:01.0969 3232 stisvc - ok
19:28:02.0012 3232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:28:02.0024 3232 swenum - ok
19:28:02.0118 3232 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:28:02.0131 3232 swprv - ok
19:28:02.0197 3232 SynTP (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
19:28:02.0317 3232 SynTP - ok
19:28:02.0508 3232 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:28:02.0662 3232 SysMain - ok
19:28:02.0819 3232 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:28:02.0913 3232 TabletInputService - ok
19:28:02.0969 3232 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:28:03.0083 3232 TapiSrv - ok
19:28:03.0116 3232 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:28:03.0128 3232 TBS - ok
19:28:03.0365 3232 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:28:03.0554 3232 Tcpip - ok
19:28:03.0936 3232 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:28:03.0959 3232 TCPIP6 - ok
19:28:04.0129 3232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:28:04.0214 3232 tcpipreg - ok
19:28:04.0242 3232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:28:04.0248 3232 TDPIPE - ok
19:28:04.0290 3232 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:28:04.0388 3232 TDTCP - ok
19:28:04.0445 3232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:28:04.0542 3232 tdx - ok
19:28:04.0575 3232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:28:04.0673 3232 TermDD - ok
19:28:04.0751 3232 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:28:04.0810 3232 TermService - ok
19:28:04.0843 3232 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:28:04.0850 3232 Themes - ok
19:28:04.0889 3232 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:28:04.0893 3232 THREADORDER - ok
19:28:04.0922 3232 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:28:04.0939 3232 TrkWks - ok
19:28:05.0029 3232 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:28:05.0134 3232 TrustedInstaller - ok
19:28:05.0186 3232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:28:05.0287 3232 tssecsrv - ok
19:28:05.0320 3232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:28:05.0373 3232 TsUsbFlt - ok
19:28:05.0440 3232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:28:05.0534 3232 tunnel - ok
19:28:05.0565 3232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:28:05.0573 3232 uagp35 - ok
19:28:05.0642 3232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:28:05.0814 3232 udfs - ok
19:28:05.0863 3232 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:28:05.0872 3232 UI0Detect - ok
19:28:05.0906 3232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:28:05.0917 3232 uliagpkx - ok
19:28:05.0960 3232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:28:06.0045 3232 umbus - ok
19:28:06.0071 3232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:28:06.0074 3232 UmPass - ok
19:28:06.0138 3232 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:28:06.0167 3232 upnphost - ok
19:28:06.0214 3232 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:28:06.0309 3232 USBAAPL64 - ok
19:28:06.0348 3232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:28:06.0463 3232 usbccgp - ok
19:28:06.0525 3232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:28:06.0539 3232 usbcir - ok
19:28:06.0576 3232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:28:06.0671 3232 usbehci - ok
19:28:06.0715 3232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:28:06.0780 3232 usbhub - ok
19:28:06.0794 3232 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:28:06.0848 3232 usbohci - ok
19:28:06.0898 3232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:28:06.0906 3232 usbprint - ok
19:28:06.0960 3232 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:28:06.0968 3232 usbscan - ok
19:28:07.0016 3232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:28:07.0136 3232 USBSTOR - ok
19:28:07.0173 3232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:28:07.0227 3232 usbuhci - ok
19:28:07.0288 3232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:28:07.0438 3232 usbvideo - ok
19:28:07.0481 3232 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:28:07.0487 3232 UxSms - ok
19:28:07.0528 3232 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:07.0529 3232 VaultSvc - ok
19:28:07.0566 3232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:28:07.0573 3232 vdrvroot - ok
19:28:07.0680 3232 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:28:07.0816 3232 vds - ok
19:28:07.0900 3232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:28:07.0909 3232 vga - ok
19:28:07.0960 3232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:28:07.0974 3232 VgaSave - ok
19:28:08.0060 3232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:28:08.0204 3232 vhdmp - ok
19:28:08.0244 3232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:28:08.0258 3232 viaide - ok
19:28:08.0286 3232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:28:08.0384 3232 volmgr - ok
19:28:08.0453 3232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:28:08.0553 3232 volmgrx - ok
19:28:08.0628 3232 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:28:08.0762 3232 volsnap - ok
19:28:08.0828 3232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:28:08.0835 3232 vsmraid - ok
19:28:08.0981 3232 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:28:09.0040 3232 VSS - ok
19:28:09.0199 3232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:28:09.0207 3232 vwifibus - ok
19:28:09.0224 3232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:28:09.0236 3232 vwififlt - ok
19:28:09.0288 3232 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:28:09.0317 3232 W32Time - ok
19:28:09.0343 3232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:28:09.0352 3232 WacomPen - ok
19:28:09.0412 3232 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0536 3232 WANARP - ok
19:28:09.0539 3232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0540 3232 Wanarpv6 - ok
19:28:09.0708 3232 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:28:09.0861 3232 WatAdminSvc - ok
19:28:10.0021 3232 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:28:10.0156 3232 wbengine - ok
19:28:10.0314 3232 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:28:10.0345 3232 WbioSrvc - ok
19:28:10.0422 3232 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:28:10.0530 3232 wcncsvc - ok
19:28:10.0557 3232 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:28:10.0563 3232 WcsPlugInService - ok
19:28:10.0636 3232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:28:10.0651 3232 Wd - ok
19:28:10.0746 3232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:28:10.0787 3232 Wdf01000 - ok
19:28:10.0816 3232 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0844 3232 WdiServiceHost - ok
19:28:10.0852 3232 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0872 3232 WdiSystemHost - ok
19:28:10.0907 3232 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
19:28:10.0996 3232 wdmirror - ok
19:28:11.0060 3232 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:28:11.0158 3232 WebClient - ok
19:28:11.0203 3232 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:28:11.0225 3232 Wecsvc - ok
19:28:11.0248 3232 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:28:11.0259 3232 wercplsupport - ok
19:28:11.0298 3232 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:28:11.0302 3232 WerSvc - ok
19:28:11.0337 3232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:28:11.0345 3232 WfpLwf - ok
19:28:11.0416 3232 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
19:28:11.0529 3232 WimFltr - ok
19:28:11.0565 3232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:28:11.0568 3232 WIMMount - ok
19:28:11.0602 3232 WinDefend - ok
19:28:11.0619 3232 WinHttpAutoProxySvc - ok
19:28:11.0757 3232 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:28:11.0826 3232 Winmgmt - ok
19:28:12.0025 3232 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:28:12.0195 3232 WinRM - ok
19:28:12.0381 3232 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:28:12.0478 3232 WinUsb - ok
19:28:12.0586 3232 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:28:12.0633 3232 Wlansvc - ok
19:28:12.0914 3232 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:12.0979 3232 wlidsvc - ok
19:28:13.0126 3232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:28:13.0133 3232 WmiAcpi - ok
19:28:13.0196 3232 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:28:13.0209 3232 wmiApSrv - ok
19:28:13.0235 3232 WMPNetworkSvc - ok
19:28:13.0281 3232 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:28:13.0287 3232 WPCSvc - ok
19:28:13.0335 3232 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:28:13.0388 3232 WPDBusEnum - ok
19:28:13.0406 3232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:28:13.0410 3232 ws2ifsl - ok
19:28:13.0442 3232 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:28:13.0462 3232 wscsvc - ok
19:28:13.0471 3232 WSearch - ok
19:28:13.0529 3232 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
19:28:13.0646 3232 wsvd - ok
19:28:13.0865 3232 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:28:14.0043 3232 wuauserv - ok
19:28:14.0201 3232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:28:14.0293 3232 WudfPf - ok
19:28:14.0333 3232 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:14.0477 3232 WUDFRd - ok
19:28:14.0550 3232 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:28:14.0662 3232 wudfsvc - ok
19:28:14.0728 3232 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:28:14.0758 3232 WwanSvc - ok
19:28:14.0796 3232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:28:15.0053 3232 \Device\Harddisk0\DR0 - ok
19:28:15.0057 3232 Boot (0x1200) (3c314f0382acfd80507f90005ac21f20) \Device\Harddisk0\DR0\Partition0
19:28:15.0059 3232 \Device\Harddisk0\DR0\Partition0 - ok
19:28:15.0076 3232 Boot (0x1200) (728a3992aade6741ae1b32d443bc3e88) \Device\Harddisk0\DR0\Partition1
19:28:15.0079 3232 \Device\Harddisk0\DR0\Partition1 - ok
19:28:15.0115 3232 Boot (0x1200) (422b19d5343f30ad9bb14f0a860b6260) \Device\Harddisk0\DR0\Partition2
19:28:15.0119 3232 \Device\Harddisk0\DR0\Partition2 - ok
19:28:15.0120 3232 ============================================================
19:28:15.0120 3232 Scan finished
19:28:15.0120 3232 ============================================================
19:28:15.0145 5128 Detected object count: 0
19:28:15.0145 5128 Actual detected object count: 0


aswMBR


19:27:13.0586 5540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:27:14.0756 5540 ============================================================
19:27:14.0756 5540 Current date / time: 2012/08/10 19:27:14.0756
19:27:14.0756 5540 SystemInfo:
19:27:14.0756 5540
19:27:14.0756 5540 OS Version: 6.1.7601 ServicePack: 1.0
19:27:14.0756 5540 Product type: Workstation
19:27:14.0756 5540 ComputerName: RYAN-PC
19:27:14.0756 5540 UserName: Ryan
19:27:14.0756 5540 Windows directory: C:\windows
19:27:14.0756 5540 System windows directory: C:\windows
19:27:14.0756 5540 Running under WOW64
19:27:14.0756 5540 Processor architecture: Intel x64
19:27:14.0756 5540 Number of processors: 2
19:27:14.0756 5540 Page size: 0x1000
19:27:14.0756 5540 Boot type: Normal boot
19:27:14.0756 5540 ============================================================
19:27:16.0316 5540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:16.0316 5540 ============================================================
19:27:16.0316 5540 \Device\Harddisk0\DR0:
19:27:16.0316 5540 MBR partitions:
19:27:16.0316 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:27:16.0316 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
19:27:16.0331 5540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
19:27:16.0331 5540 ============================================================
19:27:16.0378 5540 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:16.0425 5540 D: <-> \Device\Harddisk0\DR0\Partition2
19:27:16.0425 5540 ============================================================
19:27:16.0425 5540 Initialize success
19:27:16.0425 5540 ============================================================
19:27:18.0235 3232 ============================================================
19:27:18.0235 3232 Scan started
19:27:18.0235 3232 Mode: Manual;
19:27:18.0235 3232 ============================================================
19:27:19.0529 3232 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:27:19.0654 3232 1394ohci - ok
19:27:19.0732 3232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:27:19.0873 3232 ACPI - ok
19:27:19.0904 3232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:27:20.0029 3232 AcpiPmi - ok
19:27:20.0075 3232 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
19:27:20.0185 3232 ACPIVPC - ok
19:27:20.0325 3232 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:20.0450 3232 AdobeARMservice - ok
19:27:20.0543 3232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:27:20.0575 3232 adp94xx - ok
19:27:20.0637 3232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:27:20.0668 3232 adpahci - ok
19:27:20.0699 3232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:27:20.0715 3232 adpu320 - ok
19:27:20.0762 3232 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:27:20.0762 3232 AeLookupSvc - ok
19:27:20.0855 3232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:27:20.0965 3232 AFD - ok
19:27:21.0027 3232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:27:21.0043 3232 agp440 - ok
19:27:21.0074 3232 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:27:21.0089 3232 ALG - ok
19:27:21.0121 3232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:27:21.0136 3232 aliide - ok
19:27:21.0214 3232 AMD External Events Utility (5d39a8a3c5f1af5a8c91ce0658314664) C:\windows\system32\atiesrxx.exe
19:27:21.0308 3232 AMD External Events Utility - ok
19:27:21.0323 3232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:27:21.0323 3232 amdide - ok
19:27:21.0355 3232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:27:21.0370 3232 AmdK8 - ok
19:27:21.0979 3232 amdkmdag (59a119e7ae39a95755bb1c0e889c7fad) C:\windows\system32\DRIVERS\atikmdag.sys
19:27:22.0400 3232 amdkmdag - ok
19:27:22.0587 3232 amdkmdap (dc746fe518c2e63db4c8954772fa4f71) C:\windows\system32\DRIVERS\atikmpag.sys
19:27:22.0681 3232 amdkmdap - ok
19:27:22.0727 3232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:27:22.0727 3232 AmdPPM - ok
19:27:22.0790 3232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:27:22.0915 3232 amdsata - ok
19:27:22.0961 3232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:27:22.0977 3232 amdsbs - ok
19:27:23.0008 3232 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:27:23.0133 3232 amdxata - ok
19:27:23.0180 3232 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:27:23.0289 3232 AppID - ok
19:27:23.0305 3232 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:27:23.0320 3232 AppIDSvc - ok
19:27:23.0367 3232 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:27:23.0461 3232 Appinfo - ok
19:27:23.0554 3232 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:23.0679 3232 Apple Mobile Device - ok
19:27:23.0757 3232 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:27:23.0757 3232 arc - ok
19:27:23.0773 3232 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:27:23.0804 3232 arcsas - ok
19:27:23.0835 3232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:27:23.0851 3232 AsyncMac - ok
19:27:23.0866 3232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:27:23.0866 3232 atapi - ok
19:27:24.0038 3232 athr (cca705cdf038d5bc243203ce4416b345) C:\windows\system32\DRIVERS\athrx.sys
19:27:24.0194 3232 athr - ok
19:27:24.0506 3232 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\windows\system32\drivers\AtihdW76.sys
19:27:24.0615 3232 AtiHDAudioService - ok
19:27:24.0646 3232 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\windows\system32\DRIVERS\AtiPcie64.sys
19:27:24.0693 3232 AtiPcie - ok
19:27:24.0802 3232 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:24.0896 3232 AudioEndpointBuilder - ok
19:27:24.0911 3232 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:24.0911 3232 AudioSrv - ok
19:27:24.0989 3232 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:27:25.0083 3232 AxInstSV - ok
19:27:25.0145 3232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:27:25.0177 3232 b06bdrv - ok
19:27:25.0223 3232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:27:25.0255 3232 b57nd60a - ok
19:27:25.0301 3232 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:27:25.0317 3232 BDESVC - ok
19:27:25.0364 3232 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:27:25.0379 3232 Beep - ok
19:27:25.0504 3232 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:27:25.0613 3232 BFE - ok
19:27:25.0738 3232 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:27:25.0879 3232 BITS - ok
19:27:25.0941 3232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:27:25.0957 3232 blbdrive - ok
19:27:26.0113 3232 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:27:26.0206 3232 Bonjour Service - ok
19:27:26.0284 3232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:27:26.0378 3232 bowser - ok
19:27:26.0425 3232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:27:26.0440 3232 BrFiltLo - ok
19:27:26.0456 3232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:27:26.0471 3232 BrFiltUp - ok
19:27:26.0518 3232 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
19:27:26.0627 3232 Bridge0 - ok
19:27:26.0674 3232 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:27:26.0674 3232 BridgeMP - ok
19:27:26.0721 3232 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:27:26.0830 3232 Browser - ok
19:27:26.0877 3232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:27:26.0908 3232 Brserid - ok
19:27:26.0955 3232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:27:26.0971 3232 BrSerWdm - ok
19:27:26.0986 3232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:27:27.0002 3232 BrUsbMdm - ok
19:27:27.0017 3232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:27:27.0017 3232 BrUsbSer - ok
19:27:27.0080 3232 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:27:27.0095 3232 BthEnum - ok
19:27:27.0111 3232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:27:27.0127 3232 BTHMODEM - ok
19:27:27.0142 3232 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:27:27.0158 3232 BthPan - ok
19:27:27.0220 3232 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
19:27:27.0314 3232 BTHPORT - ok
19:27:27.0329 3232 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:27:27.0345 3232 bthserv - ok
19:27:27.0361 3232 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
19:27:27.0470 3232 BTHUSB - ok
19:27:27.0673 3232 Cam5607 (27c684d57a49dab19bce9d69529e8be7) C:\windows\system32\Drivers\BisonC07.sys
19:27:27.0938 3232 Cam5607 - ok
19:27:27.0953 3232 catchme - ok
19:27:28.0016 3232 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:27:28.0031 3232 cdfs - ok
19:27:28.0109 3232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:27:28.0187 3232 cdrom - ok
19:27:28.0250 3232 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:28.0359 3232 CertPropSvc - ok
19:27:28.0406 3232 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
19:27:28.0515 3232 cfwids - ok
19:27:28.0546 3232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:27:28.0562 3232 circlass - ok
19:27:28.0624 3232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:27:28.0655 3232 CLFS - ok
19:27:28.0733 3232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:28.0749 3232 clr_optimization_v2.0.50727_32 - ok
19:27:28.0796 3232 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:28.0796 3232 clr_optimization_v2.0.50727_64 - ok
19:27:28.0874 3232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:28.0967 3232 clr_optimization_v4.0.30319_32 - ok
19:27:29.0014 3232 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:29.0139 3232 clr_optimization_v4.0.30319_64 - ok
19:27:29.0170 3232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:27:29.0186 3232 CmBatt - ok
19:27:29.0217 3232 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:27:29.0217 3232 cmdide - ok
19:27:29.0311 3232 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
19:27:29.0404 3232 CNG - ok
19:27:29.0513 3232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:27:29.0529 3232 Compbatt - ok
19:27:29.0576 3232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:27:29.0654 3232 CompositeBus - ok
19:27:29.0701 3232 COMSysApp - ok
19:27:29.0732 3232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:27:29.0732 3232 crcdisk - ok
19:27:29.0794 3232 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:27:29.0935 3232 CryptSvc - ok
19:27:29.0997 3232 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:29.0997 3232 DcomLaunch - ok
19:27:30.0059 3232 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:27:30.0091 3232 defragsvc - ok
19:27:30.0137 3232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:27:30.0215 3232 DfsC - ok
19:27:30.0293 3232 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:27:30.0387 3232 Dhcp - ok
19:27:30.0418 3232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:27:30.0418 3232 discache - ok
19:27:30.0465 3232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:27:30.0481 3232 Disk - ok
19:27:30.0512 3232 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:27:30.0605 3232 Dnscache - ok
19:27:30.0668 3232 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:27:30.0777 3232 dot3svc - ok
19:27:30.0855 3232 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
19:27:30.0855 3232 Dot4 - ok
19:27:30.0902 3232 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
19:27:30.0995 3232 Dot4Print - ok
19:27:31.0011 3232 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
19:27:31.0011 3232 dot4usb - ok
19:27:31.0058 3232 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:27:31.0073 3232 DPS - ok
19:27:31.0105 3232 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:27:31.0120 3232 drmkaud - ok
19:27:31.0261 3232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:27:31.0385 3232 DXGKrnl - ok
19:27:31.0417 3232 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:27:31.0417 3232 EapHost - ok
19:27:31.0760 3232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:27:31.0900 3232 ebdrv - ok
19:27:32.0056 3232 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:27:32.0150 3232 EFS - ok
19:27:32.0259 3232 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:27:32.0384 3232 ehRecvr - ok
19:27:32.0415 3232 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:27:32.0415 3232 ehSched - ok
19:27:32.0524 3232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:27:32.0555 3232 elxstor - ok
19:27:32.0587 3232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:27:32.0602 3232 ErrDev - ok
19:27:32.0696 3232 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:27:32.0696 3232 EventSystem - ok
19:27:32.0743 3232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:27:32.0758 3232 exfat - ok
19:27:32.0805 3232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:27:32.0836 3232 fastfat - ok
19:27:32.0945 3232 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:27:33.0039 3232 Fax - ok
19:27:33.0055 3232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:27:33.0055 3232 fdc - ok
19:27:33.0070 3232 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:27:33.0070 3232 fdPHost - ok
19:27:33.0086 3232 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:27:33.0101 3232 FDResPub - ok
19:27:33.0117 3232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:27:33.0117 3232 FileInfo - ok
19:27:33.0133 3232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:27:33.0133 3232 Filetrace - ok
19:27:33.0148 3232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:27:33.0148 3232 flpydisk - ok
19:27:33.0211 3232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:27:33.0304 3232 FltMgr - ok
19:27:33.0429 3232 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:27:33.0554 3232 FontCache - ok
19:27:33.0632 3232 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:33.0741 3232 FontCache3.0.0.0 - ok
19:27:33.0819 3232 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:27:33.0835 3232 FsDepends - ok
19:27:33.0866 3232 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:27:34.0006 3232 Fs_Rec - ok
19:27:34.0100 3232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:27:34.0225 3232 fvevol - ok
19:27:34.0240 3232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:27:34.0256 3232 gagp30kx - ok
19:27:34.0303 3232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:34.0396 3232 GEARAspiWDM - ok
19:27:34.0505 3232 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:27:34.0615 3232 gpsvc - ok
19:27:34.0646 3232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:27:34.0646 3232 hcw85cir - ok
19:27:34.0724 3232 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:27:34.0849 3232 HdAudAddService - ok
19:27:34.0880 3232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:27:34.0989 3232 HDAudBus - ok
19:27:35.0020 3232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:27:35.0020 3232 HidBatt - ok
19:27:35.0036 3232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:27:35.0036 3232 HidBth - ok
19:27:35.0051 3232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:27:35.0051 3232 HidIr - ok
19:27:35.0083 3232 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:27:35.0098 3232 hidserv - ok
19:27:35.0145 3232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:27:35.0270 3232 HidUsb - ok
19:27:35.0332 3232 hitmanpro35 (461f1ca9b00f7142480c21a22efa7288) C:\windows\system32\drivers\hitmanpro36.sys
19:27:35.0457 3232 hitmanpro35 - ok
19:27:35.0504 3232 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:27:35.0551 3232 hkmsvc - ok
19:27:35.0597 3232 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:27:35.0691 3232 HomeGroupListener - ok
19:27:35.0785 3232 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:27:35.0878 3232 HomeGroupProvider - ok
19:27:35.0909 3232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:27:35.0972 3232 HpSAMD - ok
19:27:36.0175 3232 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:27:36.0284 3232 HPSLPSVC - ok
19:27:36.0393 3232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:27:36.0487 3232 HTTP - ok
19:27:36.0518 3232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:27:36.0565 3232 hwpolicy - ok
19:27:36.0611 3232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:27:36.0627 3232 i8042prt - ok
19:27:36.0721 3232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:27:36.0830 3232 iaStorV - ok
19:27:36.0986 3232 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:37.0157 3232 idsvc - ok
19:27:37.0563 3232 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
19:27:37.0781 3232 igfx - ok
19:27:37.0906 3232 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
19:27:38.0000 3232 IGRS - ok
19:27:38.0109 3232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:27:38.0125 3232 iirsp - ok
19:27:38.0234 3232 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:27:38.0343 3232 IKEEXT - ok
19:27:38.0577 3232 IntcAzAudAddService (72190080ab7d7d876f4210a048a0a892) C:\windows\system32\drivers\RTKVHD64.sys
19:27:38.0780 3232 IntcAzAudAddService - ok
19:27:38.0936 3232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:27:38.0936 3232 intelide - ok
19:27:38.0998 3232 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:27:39.0014 3232 intelppm - ok
19:27:39.0045 3232 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:27:39.0061 3232 IPBusEnum - ok
19:27:39.0107 3232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:27:39.0217 3232 IpFilterDriver - ok
19:27:39.0295 3232 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:27:39.0388 3232 iphlpsvc - ok
19:27:39.0419 3232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:27:39.0482 3232 IPMIDRV - ok
19:27:39.0513 3232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:27:39.0513 3232 IPNAT - ok
19:27:39.0716 3232 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
19:27:39.0804 3232 iPod Service - ok
19:27:39.0853 3232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:27:39.0862 3232 IRENUM - ok
19:27:39.0899 3232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:27:39.0908 3232 isapnp - ok
19:27:39.0962 3232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:27:40.0117 3232 iScsiPrt - ok
19:27:40.0192 3232 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
19:27:40.0214 3232 k57nd60a - ok
19:27:40.0246 3232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:27:40.0262 3232 kbdclass - ok
19:27:40.0301 3232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:27:40.0432 3232 kbdhid - ok
19:27:40.0472 3232 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:40.0476 3232 KeyIso - ok
19:27:40.0508 3232 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
19:27:40.0614 3232 KSecDD - ok
19:27:40.0650 3232 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
19:27:40.0731 3232 KSecPkg - ok
19:27:40.0766 3232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:27:40.0776 3232 ksthunk - ok
19:27:40.0837 3232 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:27:40.0872 3232 KtmRm - ok
19:27:40.0923 3232 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
19:27:41.0021 3232 L1C - ok
19:27:41.0086 3232 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:27:41.0187 3232 LanmanServer - ok
19:27:41.0235 3232 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:27:41.0312 3232 LanmanWorkstation - ok
19:27:41.0449 3232 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
19:27:41.0574 3232 Lenovo ReadyComm AppSvc - ok
19:27:41.0631 3232 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
19:27:41.0809 3232 Lenovo ReadyComm ConnSvc - ok
19:27:41.0897 3232 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
19:27:42.0000 3232 LHDmgr - ok
19:27:42.0058 3232 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:27:42.0071 3232 lltdio - ok
19:27:42.0134 3232 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:27:42.0166 3232 lltdsvc - ok
19:27:42.0192 3232 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:27:42.0209 3232 lmhosts - ok
19:27:42.0253 3232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:27:42.0266 3232 LSI_FC - ok
19:27:42.0282 3232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:27:42.0292 3232 LSI_SAS - ok
19:27:42.0305 3232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:27:42.0312 3232 LSI_SAS2 - ok
19:27:42.0332 3232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:27:42.0346 3232 LSI_SCSI - ok
19:27:42.0376 3232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:27:42.0384 3232 luafv - ok
19:27:42.0535 3232 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0540 3232 McAfee SiteAdvisor Service - ok
19:27:42.0677 3232 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:27:42.0832 3232 McComponentHostService - ok
19:27:42.0836 3232 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0838 3232 McMPFSvc - ok
19:27:42.0855 3232 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0857 3232 mcmscsvc - ok
19:27:42.0862 3232 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0863 3232 McNaiAnn - ok
19:27:42.0886 3232 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:42.0888 3232 McNASvc - ok
19:27:43.0000 3232 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
19:27:43.0141 3232 McODS - ok
19:27:43.0182 3232 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:27:43.0184 3232 McProxy - ok
19:27:43.0290 3232 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:27:43.0298 3232 McShield - ok
19:27:43.0480 3232 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:27:43.0563 3232 Mcx2Svc - ok
19:27:43.0600 3232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:27:43.0606 3232 megasas - ok
19:27:43.0628 3232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:27:43.0636 3232 MegaSR - ok
19:27:43.0723 3232 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
19:27:43.0836 3232 mfeapfk - ok
19:27:43.0937 3232 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
19:27:44.0052 3232 mfeavfk - ok
19:27:44.0110 3232 mfeavfk01 - ok
19:27:44.0180 3232 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:27:44.0184 3232 mfefire - ok
19:27:44.0279 3232 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
19:27:44.0408 3232 mfefirek - ok
19:27:44.0544 3232 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
19:27:44.0669 3232 mfehidk - ok
19:27:44.0827 3232 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
19:27:44.0921 3232 mfenlfk - ok
19:27:44.0989 3232 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
19:27:45.0099 3232 mferkdet - ok
19:27:45.0161 3232 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\windows\system32\mfevtps.exe
19:27:45.0265 3232 mfevtp - ok
19:27:45.0347 3232 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
19:27:45.0459 3232 mfewfpk - ok
19:27:45.0579 3232 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:27:45.0679 3232 Microsoft Office Groove Audit Service - ok
19:27:45.0722 3232 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:27:45.0727 3232 MMCSS - ok
19:27:45.0758 3232 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:27:45.0766 3232 Modem - ok
19:27:45.0800 3232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:27:45.0814 3232 monitor - ok
19:27:45.0861 3232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
19:27:45.0876 3232 mouclass - ok
19:27:45.0921 3232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:27:45.0935 3232 mouhid - ok
19:27:45.0980 3232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:27:46.0087 3232 mountmgr - ok
19:27:46.0162 3232 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:27:46.0291 3232 MozillaMaintenance - ok
19:27:46.0334 3232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:27:46.0435 3232 mpio - ok
19:27:46.0496 3232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:27:46.0514 3232 mpsdrv - ok
19:27:46.0624 3232 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:27:46.0717 3232 MpsSvc - ok
19:27:46.0755 3232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:27:46.0849 3232 MRxDAV - ok
19:27:46.0890 3232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:47.0003 3232 mrxsmb - ok
19:27:47.0070 3232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:47.0192 3232 mrxsmb10 - ok
19:27:47.0243 3232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:47.0369 3232 mrxsmb20 - ok
19:27:47.0402 3232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:27:47.0460 3232 msahci - ok
19:27:47.0491 3232 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:27:47.0550 3232 msdsm - ok
19:27:47.0596 3232 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:27:47.0610 3232 MSDTC - ok
19:27:47.0680 3232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:27:47.0690 3232 Msfs - ok
19:27:47.0741 3232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:27:47.0756 3232 mshidkmdf - ok
19:27:47.0818 3232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:27:47.0826 3232 msisadrv - ok
19:27:47.0881 3232 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:27:47.0902 3232 MSiSCSI - ok
19:27:47.0911 3232 msiserver - ok
19:27:47.0956 3232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:27:47.0971 3232 MSKSSRV - ok
19:27:47.0994 3232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:27:48.0012 3232 MSPCLOCK - ok
19:27:48.0020 3232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:27:48.0024 3232 MSPQM - ok
19:27:48.0080 3232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:27:48.0159 3232 MsRPC - ok
19:27:48.0194 3232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:27:48.0203 3232 mssmbios - ok
19:27:48.0232 3232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:27:48.0242 3232 MSTEE - ok
19:27:48.0251 3232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:27:48.0261 3232 MTConfig - ok
19:27:48.0305 3232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:27:48.0314 3232 Mup - ok
19:27:48.0385 3232 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:27:48.0533 3232 napagent - ok
19:27:48.0611 3232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:27:48.0633 3232 NativeWifiP - ok
19:27:48.0741 3232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:27:48.0871 3232 NDIS - ok
19:27:48.0917 3232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:27:48.0929 3232 NdisCap - ok
19:27:48.0959 3232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:27:48.0971 3232 NdisTapi - ok
19:27:49.0037 3232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:27:49.0150 3232 Ndisuio - ok
19:27:49.0223 3232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:27:49.0348 3232 NdisWan - ok
19:27:49.0386 3232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:27:49.0439 3232 NDProxy - ok
19:27:49.0488 3232 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
19:27:49.0565 3232 Net Driver HPZ12 - ok
19:27:49.0605 3232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:27:49.0610 3232 NetBIOS - ok
19:27:49.0668 3232 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:27:49.0794 3232 NetBT - ok
19:27:49.0858 3232 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:49.0861 3232 Netlogon - ok
19:27:49.0935 3232 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:27:49.0964 3232 Netman - ok
19:27:50.0013 3232 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:27:50.0035 3232 netprofm - ok
19:27:50.0132 3232 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:50.0152 3232 NetTcpPortSharing - ok
19:27:50.0554 3232 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
19:27:50.0734 3232 netw5v64 - ok
19:27:50.0884 3232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:27:50.0895 3232 nfrd960 - ok
19:27:50.0972 3232 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:27:51.0062 3232 NlaSvc - ok
19:27:51.0083 3232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:27:51.0086 3232 Npfs - ok
19:27:51.0118 3232 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:27:51.0131 3232 nsi - ok
19:27:51.0152 3232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:27:51.0163 3232 nsiproxy - ok
19:27:51.0342 3232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:27:51.0495 3232 Ntfs - ok
19:27:51.0653 3232 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:27:51.0668 3232 Null - ok
19:27:51.0731 3232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:27:51.0845 3232 nvraid - ok
19:27:51.0897 3232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:27:52.0003 3232 nvstor - ok
19:27:52.0039 3232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:27:52.0057 3232 nv_agp - ok
19:27:52.0185 3232 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:52.0330 3232 odserv - ok
19:27:52.0399 3232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:27:52.0423 3232 ohci1394 - ok
19:27:52.0462 3232 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:52.0645 3232 ose - ok
19:27:52.0735 3232 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:52.0768 3232 p2pimsvc - ok
19:27:52.0825 3232 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:27:52.0855 3232 p2psvc - ok
19:27:52.0889 3232 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:27:52.0902 3232 Parport - ok
19:27:52.0941 3232 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:27:53.0039 3232 partmgr - ok
19:27:53.0054 3232 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:27:53.0062 3232 PcaSvc - ok
19:27:53.0113 3232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:27:53.0169 3232 pci - ok
19:27:53.0193 3232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:27:53.0197 3232 pciide - ok
19:27:53.0228 3232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:27:53.0239 3232 pcmcia - ok
19:27:53.0255 3232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:27:53.0258 3232 pcw - ok
19:27:53.0302 3232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:27:53.0314 3232 PEAUTH - ok
19:27:53.0404 3232 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:27:53.0411 3232 PerfHost - ok
19:27:53.0596 3232 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:27:53.0787 3232 pla - ok
19:27:53.0848 3232 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:27:53.0923 3232 PlugPlay - ok
19:27:53.0996 3232 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
19:27:54.0088 3232 Pml Driver HPZ12 - ok
19:27:54.0112 3232 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:27:54.0118 3232 PNRPAutoReg - ok
19:27:54.0151 3232 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:54.0154 3232 PNRPsvc - ok
19:27:54.0228 3232 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:27:54.0330 3232 PolicyAgent - ok
19:27:54.0373 3232 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:27:54.0394 3232 Power - ok
19:27:54.0488 3232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:27:54.0584 3232 PptpMiniport - ok
19:27:54.0609 3232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:27:54.0613 3232 Processor - ok
19:27:54.0683 3232 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:27:54.0798 3232 ProfSvc - ok
19:27:54.0850 3232 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:54.0854 3232 ProtectedStorage - ok
19:27:54.0912 3232 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:27:55.0002 3232 Psched - ok
19:27:55.0005 3232 PS_MDP - ok
19:27:55.0163 3232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:27:55.0266 3232 ql2300 - ok
19:27:55.0452 3232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:27:55.0462 3232 ql40xx - ok
19:27:55.0515 3232 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:27:55.0539 3232 QWAVE - ok
19:27:55.0566 3232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:27:55.0581 3232 QWAVEdrv - ok
19:27:55.0643 3232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:27:55.0653 3232 RasAcd - ok
19:27:55.0705 3232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:27:55.0712 3232 RasAgileVpn - ok
19:27:55.0773 3232 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:27:55.0802 3232 RasAuto - ok
19:27:55.0868 3232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:27:55.0983 3232 Rasl2tp - ok
19:27:56.0057 3232 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:27:56.0160 3232 RasMan - ok
19:27:56.0188 3232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:27:56.0195 3232 RasPppoe - ok
19:27:56.0219 3232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:27:56.0228 3232 RasSstp - ok
19:27:56.0298 3232 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:27:56.0409 3232 rdbss - ok
19:27:56.0447 3232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:27:56.0459 3232 rdpbus - ok
19:27:56.0482 3232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:27:56.0488 3232 RDPCDD - ok
19:27:56.0514 3232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:27:56.0524 3232 RDPENCDD - ok
19:27:56.0537 3232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:27:56.0545 3232 RDPREFMP - ok
19:27:56.0597 3232 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:27:56.0687 3232 RDPWD - ok
19:27:56.0736 3232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:27:56.0859 3232 rdyboost - ok
19:27:56.0862 3232 ReadyComm.DirectRouter - ok
19:27:56.0914 3232 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:27:56.0930 3232 RemoteAccess - ok
19:27:56.0985 3232 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:27:56.0997 3232 RemoteRegistry - ok
19:27:57.0057 3232 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:27:57.0073 3232 RFCOMM - ok
19:27:57.0131 3232 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:27:57.0233 3232 RimUsb - ok
19:27:57.0285 3232 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:27:57.0385 3232 RimVSerPort - ok
19:27:57.0424 3232 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
19:27:57.0429 3232 ROOTMODEM - ok
19:27:57.0467 3232 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:27:57.0480 3232 RpcEptMapper - ok
19:27:57.0515 3232 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:27:57.0532 3232 RpcLocator - ok
19:27:57.0625 3232 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:57.0637 3232 RpcSs - ok
19:27:57.0701 3232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:27:57.0710 3232 rspndr - ok
19:27:57.0770 3232 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
19:27:57.0907 3232 RSUSBSTOR - ok
19:27:57.0961 3232 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:57.0965 3232 SamSs - ok
19:27:58.0007 3232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:27:58.0161 3232 sbp2port - ok
19:27:58.0225 3232 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:27:58.0244 3232 SCardSvr - ok
19:27:58.0283 3232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:27:58.0390 3232 scfilter - ok
19:27:58.0531 3232 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:27:58.0646 3232 Schedule - ok
19:27:58.0684 3232 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:58.0687 3232 SCPolicySvc - ok
19:27:58.0743 3232 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:27:58.0853 3232 SDRSVC - ok
19:27:58.0932 3232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:27:58.0940 3232 secdrv - ok
19:27:58.0982 3232 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:27:59.0069 3232 seclogon - ok
19:27:59.0099 3232 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:27:59.0101 3232 SENS - ok
19:27:59.0133 3232 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:27:59.0137 3232 SensrSvc - ok
19:27:59.0157 3232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:27:59.0160 3232 Serenum - ok
19:27:59.0192 3232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:27:59.0200 3232 Serial - ok
19:27:59.0227 3232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:27:59.0236 3232 sermouse - ok
19:27:59.0298 3232 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:27:59.0397 3232 SessionEnv - ok
19:27:59.0437 3232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:27:59.0442 3232 sffdisk - ok
19:27:59.0463 3232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:27:59.0468 3232 sffp_mmc - ok
19:27:59.0472 3232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:27:59.0525 3232 sffp_sd - ok
19:27:59.0549 3232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:27:59.0553 3232 sfloppy - ok
19:27:59.0662 3232 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:27:59.0751 3232 SharedAccess - ok
19:27:59.0827 3232 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:27:59.0942 3232 ShellHWDetection - ok
19:27:59.0974 3232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:27:59.0979 3232 SiSRaid2 - ok
19:27:59.0989 3232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:27:59.0994 3232 SiSRaid4 - ok
19:28:00.0012 3232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:28:00.0018 3232 Smb - ok
19:28:00.0057 3232 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:28:00.0064 3232 SNMPTRAP - ok
19:28:00.0096 3232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:28:00.0100 3232 spldr - ok
19:28:00.0188 3232 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:28:00.0317 3232 Spooler - ok
19:28:00.0640 3232 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:28:00.0784 3232 sppsvc - ok
19:28:01.0044 3232 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:28:01.0062 3232 sppuinotify - ok
19:28:01.0148 3232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:28:01.0264 3232 srv - ok
19:28:01.0325 3232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:28:01.0426 3232 srv2 - ok
19:28:01.0445 3232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:28:01.0496 3232 srvnet - ok
19:28:01.0556 3232 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:28:01.0585 3232 SSDPSRV - ok
19:28:01.0603 3232 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:28:01.0619 3232 SstpSvc - ok
19:28:01.0676 3232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:28:01.0686 3232 stexstor - ok
19:28:01.0801 3232 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:28:01.0969 3232 stisvc - ok
19:28:02.0012 3232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:28:02.0024 3232 swenum - ok
19:28:02.0118 3232 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:28:02.0131 3232 swprv - ok
19:28:02.0197 3232 SynTP (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
19:28:02.0317 3232 SynTP - ok
19:28:02.0508 3232 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:28:02.0662 3232 SysMain - ok
19:28:02.0819 3232 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:28:02.0913 3232 TabletInputService - ok
19:28:02.0969 3232 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:28:03.0083 3232 TapiSrv - ok
19:28:03.0116 3232 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:28:03.0128 3232 TBS - ok
19:28:03.0365 3232 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:28:03.0554 3232 Tcpip - ok
19:28:03.0936 3232 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:28:03.0959 3232 TCPIP6 - ok
19:28:04.0129 3232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:28:04.0214 3232 tcpipreg - ok
19:28:04.0242 3232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:28:04.0248 3232 TDPIPE - ok
19:28:04.0290 3232 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:28:04.0388 3232 TDTCP - ok
19:28:04.0445 3232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:28:04.0542 3232 tdx - ok
19:28:04.0575 3232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:28:04.0673 3232 TermDD - ok
19:28:04.0751 3232 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:28:04.0810 3232 TermService - ok
19:28:04.0843 3232 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:28:04.0850 3232 Themes - ok
19:28:04.0889 3232 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:28:04.0893 3232 THREADORDER - ok
19:28:04.0922 3232 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:28:04.0939 3232 TrkWks - ok
19:28:05.0029 3232 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:28:05.0134 3232 TrustedInstaller - ok
19:28:05.0186 3232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:28:05.0287 3232 tssecsrv - ok
19:28:05.0320 3232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:28:05.0373 3232 TsUsbFlt - ok
19:28:05.0440 3232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:28:05.0534 3232 tunnel - ok
19:28:05.0565 3232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:28:05.0573 3232 uagp35 - ok
19:28:05.0642 3232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:28:05.0814 3232 udfs - ok
19:28:05.0863 3232 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:28:05.0872 3232 UI0Detect - ok
19:28:05.0906 3232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:28:05.0917 3232 uliagpkx - ok
19:28:05.0960 3232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:28:06.0045 3232 umbus - ok
19:28:06.0071 3232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:28:06.0074 3232 UmPass - ok
19:28:06.0138 3232 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:28:06.0167 3232 upnphost - ok
19:28:06.0214 3232 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:28:06.0309 3232 USBAAPL64 - ok
19:28:06.0348 3232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:28:06.0463 3232 usbccgp - ok
19:28:06.0525 3232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:28:06.0539 3232 usbcir - ok
19:28:06.0576 3232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:28:06.0671 3232 usbehci - ok
19:28:06.0715 3232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:28:06.0780 3232 usbhub - ok
19:28:06.0794 3232 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:28:06.0848 3232 usbohci - ok
19:28:06.0898 3232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:28:06.0906 3232 usbprint - ok
19:28:06.0960 3232 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:28:06.0968 3232 usbscan - ok
19:28:07.0016 3232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:28:07.0136 3232 USBSTOR - ok
19:28:07.0173 3232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:28:07.0227 3232 usbuhci - ok
19:28:07.0288 3232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:28:07.0438 3232 usbvideo - ok
19:28:07.0481 3232 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:28:07.0487 3232 UxSms - ok
19:28:07.0528 3232 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:07.0529 3232 VaultSvc - ok
19:28:07.0566 3232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:28:07.0573 3232 vdrvroot - ok
19:28:07.0680 3232 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:28:07.0816 3232 vds - ok
19:28:07.0900 3232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:28:07.0909 3232 vga - ok
19:28:07.0960 3232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:28:07.0974 3232 VgaSave - ok
19:28:08.0060 3232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:28:08.0204 3232 vhdmp - ok
19:28:08.0244 3232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:28:08.0258 3232 viaide - ok
19:28:08.0286 3232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:28:08.0384 3232 volmgr - ok
19:28:08.0453 3232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:28:08.0553 3232 volmgrx - ok
19:28:08.0628 3232 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:28:08.0762 3232 volsnap - ok
19:28:08.0828 3232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:28:08.0835 3232 vsmraid - ok
19:28:08.0981 3232 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:28:09.0040 3232 VSS - ok
19:28:09.0199 3232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:28:09.0207 3232 vwifibus - ok
19:28:09.0224 3232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:28:09.0236 3232 vwififlt - ok
19:28:09.0288 3232 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:28:09.0317 3232 W32Time - ok
19:28:09.0343 3232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:28:09.0352 3232 WacomPen - ok
19:28:09.0412 3232 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0536 3232 WANARP - ok
19:28:09.0539 3232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0540 3232 Wanarpv6 - ok
19:28:09.0708 3232 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:28:09.0861 3232 WatAdminSvc - ok
19:28:10.0021 3232 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:28:10.0156 3232 wbengine - ok
19:28:10.0314 3232 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:28:10.0345 3232 WbioSrvc - ok
19:28:10.0422 3232 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:28:10.0530 3232 wcncsvc - ok
19:28:10.0557 3232 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:28:10.0563 3232 WcsPlugInService - ok
19:28:10.0636 3232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:28:10.0651 3232 Wd - ok
19:28:10.0746 3232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:28:10.0787 3232 Wdf01000 - ok
19:28:10.0816 3232 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0844 3232 WdiServiceHost - ok
19:28:10.0852 3232 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0872 3232 WdiSystemHost - ok
19:28:10.0907 3232 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
19:28:10.0996 3232 wdmirror - ok
19:28:11.0060 3232 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:28:11.0158 3232 WebClient - ok
19:28:11.0203 3232 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:28:11.0225 3232 Wecsvc - ok
19:28:11.0248 3232 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:28:11.0259 3232 wercplsupport - ok
19:28:11.0298 3232 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:28:11.0302 3232 WerSvc - ok
19:28:11.0337 3232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:28:11.0345 3232 WfpLwf - ok
19:28:11.0416 3232 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
19:28:11.0529 3232 WimFltr - ok
19:28:11.0565 3232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:28:11.0568 3232 WIMMount - ok
19:28:11.0602 3232 WinDefend - ok
19:28:11.0619 3232 WinHttpAutoProxySvc - ok
19:28:11.0757 3232 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:28:11.0826 3232 Winmgmt - ok
19:28:12.0025 3232 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:28:12.0195 3232 WinRM - ok
19:28:12.0381 3232 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:28:12.0478 3232 WinUsb - ok
19:28:12.0586 3232 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:28:12.0633 3232 Wlansvc - ok
19:28:12.0914 3232 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:12.0979 3232 wlidsvc - ok
19:28:13.0126 3232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:28:13.0133 3232 WmiAcpi - ok
19:28:13.0196 3232 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:28:13.0209 3232 wmiApSrv - ok
19:28:13.0235 3232 WMPNetworkSvc - ok
19:28:13.0281 3232 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:28:13.0287 3232 WPCSvc - ok
19:28:13.0335 3232 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:28:13.0388 3232 WPDBusEnum - ok
19:28:13.0406 3232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:28:13.0410 3232 ws2ifsl - ok
19:28:13.0442 3232 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:28:13.0462 3232 wscsvc - ok
19:28:13.0471 3232 WSearch - ok
19:28:13.0529 3232 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
19:28:13.0646 3232 wsvd - ok
19:28:13.0865 3232 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:28:14.0043 3232 wuauserv - ok
19:28:14.0201 3232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:28:14.0293 3232 WudfPf - ok
19:28:14.0333 3232 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:14.0477 3232 WUDFRd - ok
19:28:14.0550 3232 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:28:14.0662 3232 wudfsvc - ok
19:28:14.0728 3232 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:28:14.0758 3232 WwanSvc - ok
19:28:14.0796 3232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:28:15.0053 3232 \Device\Harddisk0\DR0 - ok
19:28:15.0057 3232 Boot (0x1200) (3c314f0382acfd80507f90005ac21f20) \Device\Harddisk0\DR0\Partition0
19:28:15.0059 3232 \Device\Harddisk0\DR0\Partition0 - ok
19:28:15.0076 3232 Boot (0x1200) (728a3992aade6741ae1b32d443bc3e88) \Device\Harddisk0\DR0\Partition1
19:28:15.0079 3232 \Device\Harddisk0\DR0\Partition1 - ok
19:28:15.0115 3232 Boot (0x1200) (422b19d5343f30ad9bb14f0a860b6260) \Device\Harddisk0\DR0\Partition2
19:28:15.0119 3232 \Device\Harddisk0\DR0\Partition2 - ok
19:28:15.0120 3232 ============================================================
19:28:15.0120 3232 Scan finished
19:28:15.0120 3232 ============================================================
19:28:15.0145 5128 Detected object count: 0
19:28:15.0145 5128 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 10 August 2012 - 08:13 PM

Greetings

You sent me the TDSSkiller report twice check to see if you still have the aswMBR report on the desktop and send it to me again



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 11 August 2012 - 07:23 AM

Here it is

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 19:31:54
-----------------------------
19:31:54.810 OS Version: Windows x64 6.1.7601 Service Pack 1
19:31:54.810 Number of processors: 2 586 0x603
19:31:54.812 ComputerName: RYAN-PC UserName: Ryan
19:31:56.449 Initialize success
19:35:24.956 AVAST engine defs: 12081001
19:35:47.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:35:47.472 Disk 0 Vendor: WDC_WD3200BEVT-24A23T0 01.01A02 Size: 305245MB BusType: 11
19:35:47.509 Disk 0 MBR read successfully
19:35:47.515 Disk 0 MBR scan
19:35:47.553 Disk 0 Windows 7 default MBR code
19:35:47.560 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:35:47.611 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
19:35:47.623 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
19:35:47.665 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
19:35:47.761 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
19:35:47.873 Disk 0 scanning C:\windows\system32\drivers
19:36:07.657 Service scanning
19:37:09.864 Modules scanning
19:37:10.244 Disk 0 trace - called modules:
19:37:10.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:37:10.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003145490]
19:37:10.300 3 CLASSPNP.SYS[fffff880018b443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030bd060]
19:37:12.360 AVAST engine scan C:\windows
19:37:21.327 AVAST engine scan C:\windows\system32
19:44:59.850 AVAST engine scan C:\windows\system32\drivers
19:45:20.639 AVAST engine scan C:\Users\Ryan
19:47:27.351 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\Computer\MBR.dat"
19:47:27.364 The log file has been saved successfully to "C:\Users\Ryan\Desktop\Computer\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 11 August 2012 - 12:01 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 11 August 2012 - 07:36 PM

Here is the log. I haven't been redirected in a couple of days now, so I think the problem may be fixed.



ComboFix 12-08-09.01 - Ryan 08/11/2012 19:23:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1731 [GMT -5:00]
Running from: c:\users\Ryan\Tracing\Downloads\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\Computer\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 00:29 . 2012-08-12 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 22:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0310E11E-0E23-41E3-8A66-4ECBFAB77883}\mpengine.dll
2012-08-05 16:12 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2012-08-03 01:11 . 2012-08-03 01:12 -------- d-----w- c:\users\Ryan\AppData\Local\Google
2012-08-03 00:34 . 2012-08-03 00:34 -------- d-----w- c:\windows\en
2012-08-03 00:30 . 2012-08-03 00:30 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-03 00:25 . 2012-08-03 00:25 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DSETUP.dll
2012-08-03 00:25 . 2012-08-03 00:25 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\DXSETUP.exe
2012-08-03 00:25 . 2012-08-03 00:25 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d2705841cd710e01\dsetup32.dll
2012-07-29 15:30 . 2012-07-29 15:31 -------- d-----w- c:\users\Marie
2012-07-27 15:17 . 2012-08-12 00:12 -------- d-----r- c:\users\Ryan\Dropbox
2012-07-27 15:14 . 2012-08-12 00:12 -------- d-----w- c:\users\Ryan\AppData\Roaming\Dropbox
2012-07-27 00:27 . 2012-07-27 00:27 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 11:48 . 2012-07-17 11:48 992352 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-07-15 01:33 . 2009-04-16 19:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
2012-07-15 01:31 . 2012-07-15 01:31 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-07-15 01:31 . 2012-07-15 01:31 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-07-15 01:29 . 2009-04-16 19:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll
2012-07-15 01:27 . 2012-07-15 01:29 -------- d-----w- c:\program files (x86)\HP
2012-07-15 01:24 . 2012-07-15 01:24 -------- d-----w- c:\program files\HP
2012-07-15 01:23 . 2012-07-15 01:23 -------- d-----w- c:\programdata\HP
2012-07-15 01:23 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-07-15 01:23 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_p02c.dll
2012-07-15 01:23 . 2009-02-11 11:03 1403904 ----a-w- c:\windows\system32\hpost_p02c.dll
2012-07-15 01:23 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-07-15 01:23 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_p02a.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 11:47 . 2011-05-24 01:58 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-10 15:44 . 2012-07-10 15:44 489712 ----a-w- c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-07-03 18:46 . 2012-04-01 23:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 22:37 . 2012-06-22 22:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 22:37 . 2011-05-18 11:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:08 . 2012-07-11 11:51 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-08 23:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-08 23:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-08 23:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2011-06-04 01:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-12 22:57 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 22:57 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 22:57 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_21.14.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-08-12 00:14 43296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-18 01:12 . 2012-08-12 00:14 14728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1102988707-2808339527-4182012599-1001_UserData.bin
- 2011-05-18 01:12 . 2012-08-10 20:58 14728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1102988707-2808339527-4182012599-1001_UserData.bin
- 2011-05-17 08:42 . 2012-08-10 20:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-17 08:42 . 2012-08-12 00:17 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-17 08:42 . 2012-08-12 00:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-17 08:42 . 2012-08-10 20:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 20:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 00:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 01:12 . 2012-08-10 20:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 01:12 . 2012-08-11 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 01:12 . 2012-08-10 20:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-18 01:12 . 2012-08-11 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-18 01:12 . 2012-08-10 20:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 01:12 . 2012-08-11 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 01:12 . 2012-08-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 01:12 . 2012-08-11 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 01:12 . 2012-08-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 01:12 . 2012-08-11 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-10 20:56 . 2012-08-10 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-11 23:54 . 2012-08-11 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-10 20:56 . 2012-08-10 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-11 23:54 . 2012-08-11 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-18 01:58 . 2012-08-12 00:12 267888 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-08-10 20:22 424064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-11 13:43 424064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 01:08 . 2012-08-11 13:44 58373516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1102988707-2808339527-4182012599-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-19 98304]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-04-02 27936]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-19 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-19 203264]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-19 7448576]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-19 268288]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102988707-2808339527-4182012599-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:10]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102988707-2808339527-4182012599-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-20 11448424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-20 2120808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g4dugteb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-11 19:32:08
ComboFix-quarantined-files.txt 2012-08-12 00:32
ComboFix2.txt 2012-08-10 21:17
.
Pre-Run: 197,108,555,776 bytes free
Post-Run: 196,872,843,264 bytes free
.
- - End Of File - - 8AF82553583CA070628EAAAD3AEC12A8

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 11 August 2012 - 08:07 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 12 August 2012 - 03:07 PM

Here are the logs, everything seems to be running well.

MBAM:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryan :: RYAN-PC [administrator]

8/12/2012 9:40:02 AM
mbam-log-2012-08-12 (09-40-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217684
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:05:02 PM, on 8/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Ryan\Tracing\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625174619.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11068 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 PM

Posted 12 August 2012 - 03:48 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
      O4 - Startup: Dropbox.lnk = Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 rburgquist

rburgquist
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 13 August 2012 - 09:03 PM

Thanks for all of your help. Eset did not find anything and the computer is running much better.

Ryan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users