Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues with PC - Redirections


  • This topic is locked This topic is locked
22 replies to this topic

#1 yjr

yjr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 06 August 2012 - 11:28 PM

Hi, I followed the guide posted here: http://www.bleepingcomputer.com/forums/topic34773.html

I didn't post a GMER run as I am on a 64bit OS (think that's what the instruction meant). If so, anyone how does one get the information GMER can give on a 64bit system? According to the program I should wait till asked to post the attach log but the guide says I should just do it ... so I did, hope that's fine.

I think there a few things wrong within my pc but one big thing lately is that I get redirected from time to time when browsing. one of the links I am sent to is searchignited. Do I have a virus/trojan?
Any help would be greatly appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by junior at 0:14:19 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2050 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdncoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\junior\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe
C:\Users\junior\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Users\junior\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\junior\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={FA161AFD-D531-4889-B176-5B83A868CA22}&mid=ef81f8c01c4247d19f4ed156fae7c8bc-f2654e1f390ea64f86aa6976e0c98ae8f3f101eb&lang=en&ds=od011&pr=sa&d=2012-07-01 18:55:39&v=11.1.0.12&sap=hp
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Akamai NetSession Interface] "C:\Users\junior\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\junior\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\junior\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOSH~1.LNK - C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{321B5FD1-6F65-481D-BFA8-88C1BBFDC3C2} : DhcpNameServer = 128.230.1.49 128.230.12.5
TCP: Interfaces\{CAB7F5A7-13F8-48F5-BD7C-4D517A59C6F5} : DhcpNameServer = 128.230.12.5 128.230.1.49
TCP: Interfaces\{E4B2DBEA-DE7F-497C-9BC7-D24771F39326} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\junior\AppData\Roaming\Mozilla\Firefox\Profiles\fzv9unaq.default-1341880650586\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\junior\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\junior\Desktop\real temp\WinRing0x64.sys [2012-1-3 14544]
.
=============== Created Last 30 ================
.
2012-08-04 13:38:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DD32333-E619-47AA-B62A-66195634331A}\mpengine.dll
2012-08-02 17:39:04 -------- d-----w- C:\Users\junior\AppData\Roaming\Pamela
2012-08-02 17:39:03 172544 ----a-w- C:\Windows\SysWow64\RemoteControl.dll
2012-08-02 17:39:02 -------- d-----w- C:\Program Files (x86)\Pamela
2012-07-30 00:56:35 538780 ----a-w- C:\ProgramData\SPL4A67.tmp
2012-07-24 07:00:24 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-24 07:00:24 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-23 14:52:58 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-23 01:52:20 -------- d--h--w- C:\kleaner.tmp
2012-07-22 19:28:13 -------- d-----w- C:\ProgramData\GFI Software
2012-07-22 00:48:39 -------- d-----w- C:\Users\junior\AppData\Roaming\Intelli-studio
2012-07-22 00:48:36 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-21 05:46:08 -------- d-----w- C:\Users\junior\AppData\Local\adaware
2012-07-21 05:46:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-07-21 05:44:39 -------- d-----w- C:\Users\junior\AppData\Local\Downloaded Installations
2012-07-18 00:00:19 -------- d-----w- C:\Users\junior\AppData\Roaming\NVIDIA
2012-07-17 23:53:14 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-17 23:53:14 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-17 23:53:14 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-17 23:53:14 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-17 23:53:14 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-17 23:52:56 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-17 23:52:56 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-17 23:52:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-17 23:32:48 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-17 23:31:53 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-17 19:41:40 -------- d-----w- C:\Users\junior\AppData\Roaming\Chief Architect Premier X3
2012-07-17 19:27:08 -------- d-----w- C:\Program Files (x86)\Chief Architect
2012-07-17 18:47:38 -------- d-----w- C:\ProgramData\Cadsoft
2012-07-17 18:46:42 -------- d-----w- C:\Program Files (x86)\Common Files\Cadsoft
2012-07-17 18:46:16 -------- d-----w- C:\Program Files (x86)\3D Home Architect
2012-07-17 18:46:03 0 ----a-w- C:\Windows\SysWow64\_r_a_p_.tmp
2012-07-13 07:30:36 -------- d-----w- C:\Users\junior\AppData\Roaming\PDAppFlex
2012-07-13 07:24:45 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-07-13 07:00:54 -------- d-----w- C:\Users\junior\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-13 07:00:50 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-07-11 07:06:32 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 05:15:53 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-07-11 05:15:34 -------- d-----w- C:\ProgramData\DonationCoder
2012-07-11 05:15:34 -------- d-----w- C:\Program Files (x86)\URLSnooper2
2012-07-10 22:49:22 -------- d-----w- C:\Users\junior\AppData\Local\{84A2A651-CAE1-11E1-8270-B8AC6F996F26}
2012-07-10 22:49:21 -------- d-----w- C:\Users\junior\AppData\Local\{84A26AAD-CAE1-11E1-8270-B8AC6F996F26}
2012-07-10 20:40:13 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 20:40:13 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-10 20:40:13 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-10 20:40:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2012-08-05 00:20:24 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 00:20:24 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 0:16:05.32 ===============

Attached Files


Edited by yjr, 06 August 2012 - 11:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 09 August 2012 - 07:46 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 09 August 2012 - 03:15 PM

Greetings and Welcome to The Forums!!


Hi,
My pc still has issues with re-directions. I played around clicking some links from google searches and got this: http://searchignited.com/?dn=allsafelist.com&fp=XH1oTU2jvPqfib04Ymf2yM0Mu1XWUtE7U5TEZs7qAn8edFYJlOr7tp%2Bv2LSING8t%2BNPXUPowkYSRlPE2mF%2Fhsw%3D%3D&prvtof=EFIkC8zz%2FBC%2FGTCJdDugUkJyoyvo9TYCRzCAaXSe9ONGq4WqHLtJ6d72VRRlIyNRK9Qnppl2NhGfxOn9i4sh2M8z00eGIUy27So7pSb2km4MAisjEeLvQ2RhgXYiRW%2BUjz3uhnetRL%2FJ8NdAx8cvsw%3D%3D&poru=Etoe6n6fgTBS3XJWPueYBStredPC8jYrsvOUMFbsfCLVQ2ADjpXqc8IDJ7HB%2BLNYrv3ZmbnSlWwW7cCYjxMxfNAFz%2BHR8nPiL4JRCYy9MH4%3D&cifr=1&

The main problem I have noticed are the re-directions. The other issues might be me just worrying (pc hiccups more and slightly lags from time to time) and the "/" being entered a lot but that is probably a fault of my wireless keyboard.


My security check post:

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.5
JavaFX 2.1.1
Java™ 6 Update 30
Java™ 7 Update 5
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


--------------------------

Combofix log

ComboFix 12-08-09.01 - junior 08/09/2012 15:46:57.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2498 [GMT -4:00]
Running from: c:\users\junior\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL4A67.tmp
c:\users\junior\AppData\Local\Temp\_MEI38162\_ctypes.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\_elementtree.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\_hashlib.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\_socket.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\_ssl.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\pyexpat.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\python26.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\pythoncom26.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\PyWinTypes26.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\select.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\unicodedata.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32api.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32crypt.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32event.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32file.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32inet.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32pdh.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\win32process.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\windows._cacheinvalidation.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._controls_.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._core_.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._html2.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._misc_.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._windows_.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wx._wizard.pyd
c:\users\junior\AppData\Local\Temp\_MEI38162\wxbase293u_net_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\wxbase293u_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\wxmsw293u_adv_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\wxmsw293u_core_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\wxmsw293u_html_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI38162\wxmsw293u_webview_vc.dll
c:\users\junior\Documents\~WRL3359.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 19:55 . 2012-08-09 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 19:55 . 2012-08-09 19:55 -------- d-----w- c:\users\jeff\AppData\Local\temp
2012-08-09 19:55 . 2012-08-09 19:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-08 12:19 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9618709E-9A5A-41AF-A2AC-3D04C5AB18C9}\mpengine.dll
2012-08-05 22:22 . 2012-08-05 22:22 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-08-02 17:39 . 2012-08-02 18:37 -------- d-----w- c:\users\junior\AppData\Roaming\Pamela
2012-08-02 17:39 . 2012-08-02 17:39 172544 ----a-w- c:\windows\SysWow64\RemoteControl.dll
2012-08-02 17:39 . 2012-08-02 17:39 -------- d-----w- c:\program files (x86)\Pamela
2012-07-31 01:44 . 2012-07-31 01:44 -------- d-----w- c:\users\Guest\AppData\Roaming\Foxit Software
2012-07-25 11:14 . 2012-07-25 11:16 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-07-24 07:00 . 2012-08-09 20:01 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-24 07:00 . 2012-07-24 07:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-24 07:00 . 2012-07-24 07:00 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-07-23 01:52 . 2012-07-24 06:49 -------- d-----w- C:\kleaner.tmp
2012-07-22 19:28 . 2012-07-22 19:28 -------- d-----w- c:\programdata\GFI Software
2012-07-22 00:48 . 2012-07-22 00:49 -------- d-----w- c:\users\junior\AppData\Roaming\Intelli-studio
2012-07-22 00:48 . 2012-07-22 00:48 -------- d-----w- c:\program files (x86)\Samsung
2012-07-21 05:46 . 2012-07-21 05:46 -------- d-----w- c:\users\junior\AppData\Local\adaware
2012-07-21 05:46 . 2012-08-09 16:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-21 05:44 . 2012-07-21 05:44 -------- d-----w- c:\users\junior\AppData\Local\Downloaded Installations
2012-07-18 00:00 . 2012-07-19 17:59 -------- d-----w- c:\users\junior\AppData\Roaming\NVIDIA
2012-07-17 23:53 . 2012-08-09 19:57 -------- d-----w- c:\programdata\NVIDIA
2012-07-17 23:53 . 2012-07-27 20:44 -------- d-----w- c:\users\UpdatusUser
2012-07-17 23:53 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-17 23:53 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-17 23:53 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-17 23:53 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-17 23:53 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-17 23:52 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-17 23:52 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-17 23:52 . 2012-07-17 23:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-17 23:33 . 2012-07-17 23:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-17 23:32 . 2012-07-17 23:32 -------- d-----w- c:\program files (x86)\Oracle
2012-07-17 23:31 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 23:29 . 2012-07-17 23:29 -------- d-----w- c:\programdata\McAfee
2012-07-17 19:41 . 2012-07-19 10:31 -------- d-----w- c:\users\junior\AppData\Roaming\Chief Architect Premier X3
2012-07-17 19:27 . 2012-07-17 19:27 -------- d-----w- c:\program files (x86)\Chief Architect
2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\programdata\Cadsoft
2012-07-17 18:46 . 2012-07-17 18:46 -------- d-----w- c:\program files (x86)\Common Files\Cadsoft
2012-07-17 18:46 . 2012-07-17 18:46 -------- d-----w- c:\program files (x86)\3D Home Architect
2012-07-17 18:46 . 2012-07-17 18:46 0 ----a-w- c:\windows\SysWow64\_r_a_p_.tmp
2012-07-15 13:22 . 2012-07-15 13:22 -------- d-----w- c:\users\Guest\AppData\Roaming\BitTorrent
2012-07-14 11:22 . 2012-07-14 11:22 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
2012-07-13 07:30 . 2012-07-13 07:30 -------- d-----w- c:\users\junior\AppData\Roaming\PDAppFlex
2012-07-13 07:24 . 2012-07-13 07:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-13 07:23 . 2012-07-13 07:24 -------- d-----w- c:\program files\Adobe
2012-07-13 07:17 . 2012-07-13 07:24 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-13 07:16 . 2012-07-13 07:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\users\junior\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-11 07:06 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 05:15 . 2012-07-11 05:15 -------- d-----w- c:\program files (x86)\WinPcap
2012-07-11 05:15 . 2012-07-11 05:16 -------- d-----w- c:\program files (x86)\URLSnooper2
2012-07-11 05:15 . 2012-07-11 05:15 -------- d-----w- c:\programdata\DonationCoder
2012-07-10 22:49 . 2012-07-10 22:49 -------- d-----w- c:\users\junior\AppData\Local\{84A2A651-CAE1-11E1-8270-B8AC6F996F26}
2012-07-10 22:49 . 2012-07-10 22:49 -------- d-----w- c:\users\junior\AppData\Local\{84A26AAD-CAE1-11E1-8270-B8AC6F996F26}
2012-07-10 20:40 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:40 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 20:40 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 20:40 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 00:20 . 2012-04-16 12:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 00:20 . 2011-12-20 01:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2012-01-03 06:02 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-12-21 03:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 11:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:28 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 11:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 04:09 . 2012-06-01 04:09 53248 ----a-r- c:\users\junior\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-31 16:25 . 2011-12-19 03:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\junior\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-12-24 941320]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
.
c:\users\junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Shutdown.lnk - c:\program files (x86)\Auto Shutdown\AutoShutdown.exe [2012-1-1 468480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 250056]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-24 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-03-25 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-03 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\junior\Desktop\real temp\WinRing0x64.sys [2008-07-27 14544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 279616]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 00:20]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 04:12]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 04:12]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393138323-3341497379-3886798573-1000Core.job
- c:\users\junior\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 05:26]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393138323-3341497379-3886798573-1000UA.job
- c:\users\junior\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 05:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={FA161AFD-D531-4889-B176-5B83A868CA22}&mid=ef81f8c01c4247d19f4ed156fae7c8bc-f2654e1f390ea64f86aa6976e0c98ae8f3f101eb&lang=en&ds=od011&pr=sa&d=2012-07-01 18:55&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.95.16.20 10.94.8.20
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\junior\AppData\Roaming\Mozilla\Firefox\Profiles\fzv9unaq.default-1341880650586\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
.
**************************************************************************
.
Completion time: 2012-08-09 16:06:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 20:06
.
Pre-Run: 166,764,716,032 bytes free
Post-Run: 173,591,465,984 bytes free
.
- - End Of File - - 09C285109267D16FE260E691BAFB59E6


Thanks for looking into my issue.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 09 August 2012 - 03:19 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 09 August 2012 - 05:06 PM

Greetings



Gringo

Hi below are the results. For the tdds I didn't get any objects found the first go and then I click change parameters and included the ones not checked. For the aswmber it gives me the option of fixmbr, should I click it?

17:14:46.0033 5416 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:14:46.0267 5416 ============================================================
17:14:46.0267 5416 Current date / time: 2012/08/09 17:14:46.0267
17:14:46.0268 5416 SystemInfo:
17:14:46.0268 5416
17:14:46.0268 5416 OS Version: 6.1.7600 ServicePack: 0.0
17:14:46.0268 5416 Product type: Workstation
17:14:46.0268 5416 ComputerName: JUNIOR-PC
17:14:46.0268 5416 UserName: junior
17:14:46.0268 5416 Windows directory: C:\Windows
17:14:46.0268 5416 System windows directory: C:\Windows
17:14:46.0268 5416 Running under WOW64
17:14:46.0268 5416 Processor architecture: Intel x64
17:14:46.0268 5416 Number of processors: 4
17:14:46.0268 5416 Page size: 0x1000
17:14:46.0268 5416 Boot type: Normal boot
17:14:46.0268 5416 ============================================================
17:14:47.0412 5416 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:14:57.0153 5416 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:14:57.0166 5416 ============================================================
17:14:57.0166 5416 \Device\Harddisk0\DR0:
17:14:57.0186 5416 MBR partitions:
17:14:57.0186 5416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:14:57.0186 5416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
17:14:57.0186 5416 \Device\Harddisk1\DR1:
17:14:57.0186 5416 MBR partitions:
17:14:57.0186 5416 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747063FE
17:14:57.0186 5416 ============================================================
17:14:57.0473 5416 C: <-> \Device\Harddisk0\DR0\Partition1
17:14:57.0506 5416 D: <-> \Device\Harddisk1\DR1\Partition0
17:14:57.0506 5416 ============================================================
17:14:57.0506 5416 Initialize success
17:14:57.0506 5416 ============================================================
17:15:07.0701 2704 ============================================================
17:15:07.0701 2704 Scan started
17:15:07.0701 2704 Mode: Manual;
17:15:07.0701 2704 ============================================================
17:15:08.0928 2704 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:15:08.0931 2704 1394ohci - ok
17:15:09.0042 2704 ABBYY.Licensing.FineReader.Professional.10.0 (8e9842d097d014ac87e33a091628a212) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
17:15:09.0052 2704 ABBYY.Licensing.FineReader.Professional.10.0 - ok
17:15:09.0081 2704 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:15:09.0085 2704 ACPI - ok
17:15:09.0098 2704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:15:09.0099 2704 AcpiPmi - ok
17:15:09.0257 2704 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:09.0259 2704 AdobeFlashPlayerUpdateSvc - ok
17:15:09.0297 2704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:09.0304 2704 adp94xx - ok
17:15:09.0339 2704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:15:09.0344 2704 adpahci - ok
17:15:09.0375 2704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:15:09.0378 2704 adpu320 - ok
17:15:09.0407 2704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:15:09.0409 2704 AeLookupSvc - ok
17:15:09.0498 2704 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:15:09.0504 2704 AFD - ok
17:15:09.0518 2704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:15:09.0519 2704 agp440 - ok
17:15:09.0540 2704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:15:09.0545 2704 ALG - ok
17:15:09.0558 2704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:15:09.0559 2704 aliide - ok
17:15:09.0572 2704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:15:09.0573 2704 amdide - ok
17:15:09.0588 2704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:15:09.0589 2704 AmdK8 - ok
17:15:09.0602 2704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:15:09.0604 2704 AmdPPM - ok
17:15:09.0640 2704 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:15:09.0642 2704 amdsata - ok
17:15:09.0690 2704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:15:09.0693 2704 amdsbs - ok
17:15:09.0712 2704 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:15:09.0713 2704 amdxata - ok
17:15:09.0730 2704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:15:09.0732 2704 AppID - ok
17:15:09.0750 2704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:15:09.0752 2704 AppIDSvc - ok
17:15:09.0762 2704 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:15:09.0763 2704 Appinfo - ok
17:15:09.0889 2704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:15:09.0891 2704 Apple Mobile Device - ok
17:15:09.0926 2704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:15:09.0936 2704 AppMgmt - ok
17:15:09.0953 2704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:15:09.0955 2704 arc - ok
17:15:09.0971 2704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:15:09.0973 2704 arcsas - ok
17:15:09.0993 2704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:09.0994 2704 AsyncMac - ok
17:15:10.0008 2704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:15:10.0008 2704 atapi - ok
17:15:10.0053 2704 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:15:10.0070 2704 AudioEndpointBuilder - ok
17:15:10.0076 2704 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:15:10.0080 2704 AudioSrv - ok
17:15:10.0210 2704 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
17:15:10.0212 2704 AVP - ok
17:15:10.0239 2704 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:15:10.0251 2704 AxInstSV - ok
17:15:10.0293 2704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:15:10.0299 2704 b06bdrv - ok
17:15:10.0333 2704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:15:10.0337 2704 b57nd60a - ok
17:15:10.0357 2704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:15:10.0361 2704 BDESVC - ok
17:15:10.0380 2704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:15:10.0381 2704 Beep - ok
17:15:10.0447 2704 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:15:10.0462 2704 BFE - ok
17:15:10.0549 2704 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:15:10.0556 2704 BITS - ok
17:15:10.0596 2704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:10.0598 2704 blbdrive - ok
17:15:10.0747 2704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:15:10.0751 2704 Bonjour Service - ok
17:15:10.0858 2704 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:15:10.0860 2704 bowser - ok
17:15:10.0873 2704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:15:10.0874 2704 BrFiltLo - ok
17:15:10.0888 2704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:15:10.0889 2704 BrFiltUp - ok
17:15:10.0949 2704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:15:10.0952 2704 BridgeMP - ok
17:15:10.0978 2704 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:15:10.0979 2704 Browser - ok
17:15:11.0005 2704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:15:11.0009 2704 Brserid - ok
17:15:11.0028 2704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:11.0030 2704 BrSerWdm - ok
17:15:11.0042 2704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:11.0043 2704 BrUsbMdm - ok
17:15:11.0059 2704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:11.0060 2704 BrUsbSer - ok
17:15:11.0078 2704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:11.0080 2704 BTHMODEM - ok
17:15:11.0096 2704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:15:11.0101 2704 bthserv - ok
17:15:11.0139 2704 catchme - ok
17:15:11.0188 2704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:15:11.0190 2704 cdfs - ok
17:15:11.0263 2704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:15:11.0265 2704 cdrom - ok
17:15:11.0292 2704 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:15:11.0298 2704 CertPropSvc - ok
17:15:11.0316 2704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:15:11.0317 2704 circlass - ok
17:15:11.0349 2704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:15:11.0354 2704 CLFS - ok
17:15:11.0418 2704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:11.0420 2704 clr_optimization_v2.0.50727_32 - ok
17:15:11.0465 2704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:15:11.0470 2704 clr_optimization_v2.0.50727_64 - ok
17:15:11.0586 2704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:11.0588 2704 clr_optimization_v4.0.30319_32 - ok
17:15:11.0654 2704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:15:11.0656 2704 clr_optimization_v4.0.30319_64 - ok
17:15:11.0725 2704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:15:11.0726 2704 CmBatt - ok
17:15:11.0738 2704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:15:11.0740 2704 cmdide - ok
17:15:11.0806 2704 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:15:11.0812 2704 CNG - ok
17:15:11.0825 2704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:15:11.0826 2704 Compbatt - ok
17:15:11.0856 2704 CompFilter64 (59d203c3f46f3ca536ecac0e084cd887) C:\Windows\system32\DRIVERS\lvbflt64.sys
17:15:11.0857 2704 CompFilter64 - ok
17:15:11.0878 2704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:15:11.0879 2704 CompositeBus - ok
17:15:11.0894 2704 COMSysApp - ok
17:15:11.0908 2704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:15:11.0909 2704 crcdisk - ok
17:15:12.0043 2704 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:15:12.0048 2704 Creative ALchemy AL6 Licensing Service - ok
17:15:12.0087 2704 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:15:12.0092 2704 Creative Audio Engine Licensing Service - ok
17:15:12.0166 2704 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
17:15:12.0168 2704 Creative Media Toolbox 6 Licensing Service - ok
17:15:12.0225 2704 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:15:12.0227 2704 CryptSvc - ok
17:15:12.0273 2704 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:15:12.0280 2704 CSC - ok
17:15:12.0320 2704 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
17:15:12.0329 2704 CscService - ok
17:15:12.0394 2704 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
17:15:12.0397 2704 CT20XUT - ok
17:15:12.0402 2704 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
17:15:12.0403 2704 CT20XUT.SYS - ok
17:15:12.0479 2704 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
17:15:12.0486 2704 ctac32k - ok
17:15:12.0543 2704 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
17:15:12.0552 2704 ctaud2k - ok
17:15:12.0730 2704 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:15:12.0733 2704 CTAudSvcService - ok
17:15:12.0818 2704 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
17:15:12.0841 2704 CTEXFIFX - ok
17:15:12.0995 2704 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
17:15:13.0003 2704 CTEXFIFX.SYS - ok
17:15:13.0062 2704 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
17:15:13.0063 2704 CTHWIUT - ok
17:15:13.0067 2704 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
17:15:13.0068 2704 CTHWIUT.SYS - ok
17:15:13.0075 2704 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
17:15:13.0076 2704 ctprxy2k - ok
17:15:13.0094 2704 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
17:15:13.0097 2704 ctsfm2k - ok
17:15:13.0145 2704 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:15:13.0149 2704 DcomLaunch - ok
17:15:13.0188 2704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:15:13.0203 2704 defragsvc - ok
17:15:13.0262 2704 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:15:13.0264 2704 DfsC - ok
17:15:13.0304 2704 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:15:13.0319 2704 Dhcp - ok
17:15:13.0342 2704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:15:13.0343 2704 discache - ok
17:15:13.0413 2704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:15:13.0415 2704 Disk - ok
17:15:13.0465 2704 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:15:13.0476 2704 Dnscache - ok
17:15:13.0497 2704 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:15:13.0505 2704 dot3svc - ok
17:15:13.0576 2704 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:15:13.0579 2704 dot4 - ok
17:15:13.0592 2704 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:15:13.0593 2704 Dot4Print - ok
17:15:13.0603 2704 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:15:13.0605 2704 dot4usb - ok
17:15:13.0621 2704 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:15:13.0632 2704 DPS - ok
17:15:13.0670 2704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:15:13.0671 2704 drmkaud - ok
17:15:13.0706 2704 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:15:13.0711 2704 dtsoftbus01 - ok
17:15:13.0826 2704 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:15:13.0847 2704 DXGKrnl - ok
17:15:13.0879 2704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:15:13.0892 2704 EapHost - ok
17:15:14.0082 2704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:15:14.0128 2704 ebdrv - ok
17:15:14.0219 2704 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:15:14.0221 2704 EFS - ok
17:15:14.0319 2704 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:15:14.0335 2704 ehRecvr - ok
17:15:14.0364 2704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:15:14.0376 2704 ehSched - ok
17:15:14.0441 2704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:15:14.0448 2704 elxstor - ok
17:15:14.0498 2704 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
17:15:14.0500 2704 emupia - ok
17:15:14.0518 2704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:15:14.0519 2704 ErrDev - ok
17:15:14.0564 2704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:15:14.0568 2704 EventSystem - ok
17:15:14.0596 2704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:15:14.0600 2704 exfat - ok
17:15:14.0625 2704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:15:14.0629 2704 fastfat - ok
17:15:14.0741 2704 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:15:14.0757 2704 Fax - ok
17:15:14.0762 2704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:15:14.0763 2704 fdc - ok
17:15:14.0780 2704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:15:14.0782 2704 fdPHost - ok
17:15:14.0792 2704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:15:14.0795 2704 FDResPub - ok
17:15:14.0808 2704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:15:14.0809 2704 FileInfo - ok
17:15:14.0817 2704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:15:14.0818 2704 Filetrace - ok
17:15:14.0822 2704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:15:14.0824 2704 flpydisk - ok
17:15:14.0858 2704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:15:14.0861 2704 FltMgr - ok
17:15:14.0940 2704 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:15:14.0971 2704 FontCache - ok
17:15:15.0043 2704 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:15:15.0045 2704 FontCache3.0.0.0 - ok
17:15:15.0073 2704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:15:15.0074 2704 FsDepends - ok
17:15:15.0123 2704 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:15:15.0136 2704 Fs_Rec - ok
17:15:15.0206 2704 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:15:15.0210 2704 fvevol - ok
17:15:15.0244 2704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:15:15.0245 2704 gagp30kx - ok
17:15:15.0308 2704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:15:15.0310 2704 GEARAspiWDM - ok
17:15:15.0381 2704 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:15:15.0393 2704 gpsvc - ok
17:15:15.0524 2704 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:15:15.0525 2704 gupdate - ok
17:15:15.0540 2704 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:15:15.0541 2704 gupdatem - ok
17:15:15.0666 2704 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
17:15:15.0715 2704 ha20x22k - ok
17:15:15.0895 2704 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
17:15:15.0922 2704 ha20x2k - ok
17:15:16.0009 2704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:15:16.0010 2704 hcw85cir - ok
17:15:16.0062 2704 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:15:16.0066 2704 HdAudAddService - ok
17:15:16.0088 2704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:15:16.0090 2704 HDAudBus - ok
17:15:16.0107 2704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:15:16.0108 2704 HidBatt - ok
17:15:16.0124 2704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:15:16.0126 2704 HidBth - ok
17:15:16.0143 2704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:15:16.0144 2704 HidIr - ok
17:15:16.0170 2704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:15:16.0172 2704 hidserv - ok
17:15:16.0209 2704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:15:16.0210 2704 HidUsb - ok
17:15:16.0226 2704 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:15:16.0231 2704 hkmsvc - ok
17:15:16.0249 2704 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:15:16.0254 2704 HomeGroupListener - ok
17:15:16.0291 2704 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:15:16.0326 2704 HomeGroupProvider - ok
17:15:16.0498 2704 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:15:16.0502 2704 hpqcxs08 - ok
17:15:16.0519 2704 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:15:16.0522 2704 hpqddsvc - ok
17:15:16.0550 2704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:15:16.0552 2704 HpSAMD - ok
17:15:16.0617 2704 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:15:16.0635 2704 HPSLPSVC - ok
17:15:16.0735 2704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:15:16.0744 2704 HTTP - ok
17:15:16.0765 2704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:15:16.0766 2704 hwpolicy - ok
17:15:16.0808 2704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:15:16.0810 2704 i8042prt - ok
17:15:16.0854 2704 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:15:16.0859 2704 iaStorV - ok
17:15:16.0971 2704 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:15:16.0974 2704 IDriverT - ok
17:15:17.0073 2704 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:15:17.0091 2704 idsvc - ok
17:15:17.0179 2704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:15:17.0180 2704 iirsp - ok
17:15:17.0251 2704 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:15:17.0269 2704 IKEEXT - ok
17:15:17.0285 2704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:15:17.0286 2704 intelide - ok
17:15:17.0305 2704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:15:17.0306 2704 intelppm - ok
17:15:17.0320 2704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:15:17.0325 2704 IPBusEnum - ok
17:15:17.0344 2704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:17.0346 2704 IpFilterDriver - ok
17:15:17.0375 2704 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:15:17.0383 2704 iphlpsvc - ok
17:15:17.0390 2704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:15:17.0391 2704 IPMIDRV - ok
17:15:17.0414 2704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:15:17.0416 2704 IPNAT - ok
17:15:17.0538 2704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:15:17.0543 2704 iPod Service - ok
17:15:17.0569 2704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:15:17.0571 2704 IRENUM - ok
17:15:17.0584 2704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:15:17.0585 2704 isapnp - ok
17:15:17.0609 2704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:15:17.0612 2704 iScsiPrt - ok
17:15:17.0684 2704 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
17:15:17.0686 2704 ivusb - ok
17:15:17.0712 2704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:17.0713 2704 kbdclass - ok
17:15:17.0740 2704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:17.0742 2704 kbdhid - ok
17:15:17.0755 2704 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:15:17.0757 2704 KeyIso - ok
17:15:17.0847 2704 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
17:15:17.0850 2704 KeyScrambler - ok
17:15:17.0935 2704 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
17:15:17.0941 2704 KL1 - ok
17:15:18.0011 2704 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
17:15:18.0013 2704 kl2 - ok
17:15:18.0095 2704 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
17:15:18.0103 2704 KLIF - ok
17:15:18.0108 2704 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
17:15:18.0110 2704 KLIM6 - ok
17:15:18.0119 2704 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
17:15:18.0120 2704 klmouflt - ok
17:15:18.0164 2704 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:15:18.0166 2704 KSecDD - ok
17:15:18.0182 2704 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:15:18.0185 2704 KSecPkg - ok
17:15:18.0199 2704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:15:18.0200 2704 ksthunk - ok
17:15:18.0240 2704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:15:18.0261 2704 KtmRm - ok
17:15:18.0341 2704 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:15:18.0350 2704 LanmanServer - ok
17:15:18.0379 2704 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:15:18.0392 2704 LanmanWorkstation - ok
17:15:18.0424 2704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:15:18.0425 2704 lltdio - ok
17:15:18.0466 2704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:15:18.0498 2704 lltdsvc - ok
17:15:18.0517 2704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:15:18.0520 2704 lmhosts - ok
17:15:18.0546 2704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:15:18.0548 2704 LSI_FC - ok
17:15:18.0562 2704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:15:18.0564 2704 LSI_SAS - ok
17:15:18.0581 2704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:15:18.0582 2704 LSI_SAS2 - ok
17:15:18.0600 2704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:15:18.0602 2704 LSI_SCSI - ok
17:15:18.0630 2704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:15:18.0632 2704 luafv - ok
17:15:18.0680 2704 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
17:15:18.0684 2704 LVRS64 - ok
17:15:18.0954 2704 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:15:19.0022 2704 LVUVC64 - ok
17:15:19.0099 2704 lxdn_device - ok
17:15:19.0124 2704 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:15:19.0130 2704 Mcx2Svc - ok
17:15:19.0169 2704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:15:19.0170 2704 megasas - ok
17:15:19.0193 2704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:15:19.0196 2704 MegaSR - ok
17:15:19.0289 2704 Microsoft SharePoint Workspace Audit Service - ok
17:15:19.0328 2704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:19.0330 2704 MMCSS - ok
17:15:19.0341 2704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:15:19.0342 2704 Modem - ok
17:15:19.0366 2704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:15:19.0367 2704 monitor - ok
17:15:19.0379 2704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:15:19.0380 2704 mouclass - ok
17:15:19.0389 2704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:15:19.0390 2704 mouhid - ok
17:15:19.0404 2704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:15:19.0405 2704 mountmgr - ok
17:15:19.0528 2704 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:15:19.0532 2704 MozillaMaintenance - ok
17:15:19.0555 2704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:15:19.0557 2704 mpio - ok
17:15:19.0580 2704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:15:19.0582 2704 mpsdrv - ok
17:15:19.0632 2704 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:15:19.0651 2704 MpsSvc - ok
17:15:19.0667 2704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:15:19.0670 2704 MRxDAV - ok
17:15:19.0721 2704 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:19.0724 2704 mrxsmb - ok
17:15:19.0750 2704 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:19.0754 2704 mrxsmb10 - ok
17:15:19.0810 2704 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:19.0812 2704 mrxsmb20 - ok
17:15:19.0825 2704 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:15:19.0826 2704 msahci - ok
17:15:19.0845 2704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:15:19.0848 2704 msdsm - ok
17:15:19.0866 2704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:15:19.0878 2704 MSDTC - ok
17:15:19.0898 2704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:15:19.0899 2704 Msfs - ok
17:15:19.0907 2704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:15:19.0908 2704 mshidkmdf - ok
17:15:19.0917 2704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:15:19.0918 2704 msisadrv - ok
17:15:19.0945 2704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:15:19.0957 2704 MSiSCSI - ok
17:15:19.0961 2704 msiserver - ok
17:15:19.0988 2704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:15:19.0989 2704 MSKSSRV - ok
17:15:20.0002 2704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:20.0004 2704 MSPCLOCK - ok
17:15:20.0016 2704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:15:20.0017 2704 MSPQM - ok
17:15:20.0047 2704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:15:20.0052 2704 MsRPC - ok
17:15:20.0068 2704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:15:20.0069 2704 mssmbios - ok
17:15:20.0086 2704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:15:20.0087 2704 MSTEE - ok
17:15:20.0096 2704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:15:20.0097 2704 MTConfig - ok
17:15:20.0128 2704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:15:20.0129 2704 Mup - ok
17:15:20.0170 2704 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:15:20.0187 2704 napagent - ok
17:15:20.0221 2704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:15:20.0225 2704 NativeWifiP - ok
17:15:20.0293 2704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:15:20.0299 2704 NDIS - ok
17:15:20.0316 2704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:20.0317 2704 NdisCap - ok
17:15:20.0341 2704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:20.0342 2704 NdisTapi - ok
17:15:20.0357 2704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:20.0358 2704 Ndisuio - ok
17:15:20.0380 2704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:20.0382 2704 NdisWan - ok
17:15:20.0397 2704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:15:20.0398 2704 NDProxy - ok
17:15:20.0443 2704 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:15:20.0446 2704 Net Driver HPZ12 - ok
17:15:20.0458 2704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:15:20.0459 2704 NetBIOS - ok
17:15:20.0479 2704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:15:20.0482 2704 NetBT - ok
17:15:20.0501 2704 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:15:20.0503 2704 Netlogon - ok
17:15:20.0553 2704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:15:20.0557 2704 Netman - ok
17:15:20.0593 2704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:15:20.0608 2704 netprofm - ok
17:15:20.0673 2704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:20.0676 2704 NetTcpPortSharing - ok
17:15:20.0701 2704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:15:20.0702 2704 nfrd960 - ok
17:15:20.0732 2704 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:15:20.0747 2704 NlaSvc - ok
17:15:20.0809 2704 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
17:15:20.0810 2704 NPF - ok
17:15:20.0831 2704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:15:20.0832 2704 Npfs - ok
17:15:20.0842 2704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:15:20.0845 2704 nsi - ok
17:15:20.0855 2704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:15:20.0856 2704 nsiproxy - ok
17:15:20.0988 2704 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:15:20.0998 2704 Ntfs - ok
17:15:21.0075 2704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:15:21.0076 2704 Null - ok
17:15:21.0858 2704 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:15:22.0093 2704 nvlddmkm - ok
17:15:22.0234 2704 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
17:15:22.0235 2704 nvoclk64 - ok
17:15:22.0268 2704 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:15:22.0270 2704 nvraid - ok
17:15:22.0298 2704 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:15:22.0300 2704 nvstor - ok
17:15:22.0411 2704 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
17:15:22.0428 2704 nvsvc - ok
17:15:22.0605 2704 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:15:22.0612 2704 nvUpdatusService - ok
17:15:22.0681 2704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:15:22.0683 2704 nv_agp - ok
17:15:22.0695 2704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:15:22.0697 2704 ohci1394 - ok
17:15:22.0782 2704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:22.0797 2704 ose - ok
17:15:23.0116 2704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:15:23.0142 2704 osppsvc - ok
17:15:23.0261 2704 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
17:15:23.0264 2704 ossrv - ok
17:15:23.0299 2704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:23.0306 2704 p2pimsvc - ok
17:15:23.0343 2704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:15:23.0353 2704 p2psvc - ok
17:15:23.0382 2704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:15:23.0384 2704 Parport - ok
17:15:23.0441 2704 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:15:23.0443 2704 partmgr - ok
17:15:23.0459 2704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:15:23.0469 2704 PcaSvc - ok
17:15:23.0487 2704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:15:23.0490 2704 pci - ok
17:15:23.0501 2704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:15:23.0503 2704 pciide - ok
17:15:23.0524 2704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:15:23.0527 2704 pcmcia - ok
17:15:23.0534 2704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:15:23.0535 2704 pcw - ok
17:15:23.0576 2704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:15:23.0585 2704 PEAUTH - ok
17:15:23.0673 2704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:15:23.0698 2704 PeerDistSvc - ok
17:15:23.0764 2704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:15:23.0768 2704 PerfHost - ok
17:15:23.0897 2704 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:15:23.0929 2704 pla - ok
17:15:24.0007 2704 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:15:24.0019 2704 PlugPlay - ok
17:15:24.0086 2704 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:15:24.0091 2704 Pml Driver HPZ12 - ok
17:15:24.0105 2704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:15:24.0109 2704 PNRPAutoReg - ok
17:15:24.0132 2704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:24.0137 2704 PNRPsvc - ok
17:15:24.0185 2704 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:15:24.0203 2704 PolicyAgent - ok
17:15:24.0240 2704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:15:24.0244 2704 Power - ok
17:15:24.0306 2704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:15:24.0308 2704 PptpMiniport - ok
17:15:24.0322 2704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:15:24.0323 2704 Processor - ok
17:15:24.0373 2704 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:15:24.0383 2704 ProfSvc - ok
17:15:24.0405 2704 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:15:24.0407 2704 ProtectedStorage - ok
17:15:24.0442 2704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:15:24.0445 2704 Psched - ok
17:15:24.0543 2704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:15:24.0572 2704 ql2300 - ok
17:15:24.0649 2704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:15:24.0651 2704 ql40xx - ok
17:15:24.0684 2704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:15:24.0693 2704 QWAVE - ok
17:15:24.0705 2704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:15:24.0707 2704 QWAVEdrv - ok
17:15:24.0721 2704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:15:24.0723 2704 RasAcd - ok
17:15:24.0756 2704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:24.0758 2704 RasAgileVpn - ok
17:15:24.0777 2704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:15:24.0790 2704 RasAuto - ok
17:15:24.0804 2704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:24.0807 2704 Rasl2tp - ok
17:15:24.0831 2704 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:15:24.0845 2704 RasMan - ok
17:15:24.0864 2704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:24.0866 2704 RasPppoe - ok
17:15:24.0892 2704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:15:24.0895 2704 RasSstp - ok
17:15:24.0923 2704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:15:24.0928 2704 rdbss - ok
17:15:24.0943 2704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:24.0945 2704 rdpbus - ok
17:15:24.0956 2704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:24.0957 2704 RDPCDD - ok
17:15:24.0993 2704 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:15:24.0996 2704 RDPDR - ok
17:15:25.0005 2704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:15:25.0007 2704 RDPENCDD - ok
17:15:25.0016 2704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:15:25.0017 2704 RDPREFMP - ok
17:15:25.0073 2704 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:15:25.0077 2704 RDPWD - ok
17:15:25.0101 2704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:15:25.0105 2704 rdyboost - ok
17:15:25.0130 2704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:15:25.0134 2704 RemoteAccess - ok
17:15:25.0150 2704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:15:25.0154 2704 RemoteRegistry - ok
17:15:25.0225 2704 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
17:15:25.0227 2704 Revoflt - ok
17:15:25.0301 2704 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
17:15:25.0313 2704 rpcapd - ok
17:15:25.0347 2704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:15:25.0352 2704 RpcEptMapper - ok
17:15:25.0380 2704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:15:25.0383 2704 RpcLocator - ok
17:15:25.0415 2704 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:15:25.0421 2704 RpcSs - ok
17:15:25.0439 2704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:15:25.0441 2704 rspndr - ok
17:15:25.0476 2704 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:15:25.0479 2704 RTL8167 - ok
17:15:25.0508 2704 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:15:25.0509 2704 s3cap - ok
17:15:25.0529 2704 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:15:25.0531 2704 SamSs - ok
17:15:25.0604 2704 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
17:15:25.0607 2704 SbieDrv - ok
17:15:25.0623 2704 SbieSvc (91d1ab66ecd2e7acc9096bbd212dd674) C:\Program Files\Sandboxie\SbieSvc.exe
17:15:25.0625 2704 SbieSvc - ok
17:15:25.0646 2704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:15:25.0649 2704 sbp2port - ok
17:15:25.0672 2704 SBRE - ok
17:15:25.0694 2704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:15:25.0704 2704 SCardSvr - ok
17:15:25.0717 2704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:15:25.0719 2704 scfilter - ok
17:15:25.0825 2704 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:15:25.0837 2704 Schedule - ok
17:15:25.0861 2704 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:15:25.0862 2704 SCPolicySvc - ok
17:15:25.0875 2704 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:15:25.0881 2704 SDRSVC - ok
17:15:25.0916 2704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:15:25.0917 2704 secdrv - ok
17:15:25.0930 2704 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:15:25.0933 2704 seclogon - ok
17:15:25.0952 2704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:15:25.0958 2704 SENS - ok
17:15:25.0964 2704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:15:25.0968 2704 SensrSvc - ok
17:15:25.0990 2704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:15:25.0992 2704 Serenum - ok
17:15:26.0005 2704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:15:26.0007 2704 Serial - ok
17:15:26.0028 2704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:15:26.0029 2704 sermouse - ok
17:15:26.0054 2704 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:15:26.0067 2704 SessionEnv - ok
17:15:26.0084 2704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:15:26.0085 2704 sffdisk - ok
17:15:26.0104 2704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:15:26.0106 2704 sffp_mmc - ok
17:15:26.0111 2704 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:15:26.0112 2704 sffp_sd - ok
17:15:26.0130 2704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:15:26.0131 2704 sfloppy - ok
17:15:26.0177 2704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:15:26.0189 2704 SharedAccess - ok
17:15:26.0221 2704 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:15:26.0227 2704 ShellHWDetection - ok
17:15:26.0257 2704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:15:26.0259 2704 SiSRaid2 - ok
17:15:26.0279 2704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:15:26.0281 2704 SiSRaid4 - ok
17:15:26.0416 2704 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:15:26.0419 2704 SkypeUpdate - ok
17:15:26.0456 2704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:15:26.0458 2704 Smb - ok
17:15:26.0498 2704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:15:26.0502 2704 SNMPTRAP - ok
17:15:26.0607 2704 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
17:15:26.0610 2704 speedfan - ok
17:15:26.0631 2704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:15:26.0632 2704 spldr - ok
17:15:26.0705 2704 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:15:26.0713 2704 Spooler - ok
17:15:26.0908 2704 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:15:26.0974 2704 sppsvc - ok
17:15:27.0065 2704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:15:27.0072 2704 sppuinotify - ok
17:15:27.0153 2704 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:15:27.0160 2704 srv - ok
17:15:27.0223 2704 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:15:27.0229 2704 srv2 - ok
17:15:27.0280 2704 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:15:27.0283 2704 srvnet - ok
17:15:27.0311 2704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:15:27.0315 2704 SSDPSRV - ok
17:15:27.0327 2704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:15:27.0341 2704 SstpSvc - ok
17:15:27.0396 2704 Steam Client Service - ok
17:15:27.0560 2704 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:15:27.0567 2704 Stereo Service - ok
17:15:27.0595 2704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:15:27.0597 2704 stexstor - ok
17:15:27.0652 2704 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:15:27.0666 2704 stisvc - ok
17:15:27.0700 2704 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:15:27.0702 2704 storflt - ok
17:15:27.0729 2704 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:15:27.0733 2704 StorSvc - ok
17:15:27.0747 2704 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:15:27.0749 2704 storvsc - ok
17:15:27.0768 2704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:15:27.0770 2704 swenum - ok
17:15:27.0944 2704 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:15:27.0949 2704 SwitchBoard - ok
17:15:28.0000 2704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:15:28.0016 2704 swprv - ok
17:15:28.0122 2704 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:15:28.0159 2704 SysMain - ok
17:15:28.0248 2704 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:15:28.0253 2704 TabletInputService - ok
17:15:28.0286 2704 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:15:28.0292 2704 TapiSrv - ok
17:15:28.0308 2704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:15:28.0312 2704 TBS - ok
17:15:28.0470 2704 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:15:28.0484 2704 Tcpip - ok
17:15:28.0628 2704 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:15:28.0638 2704 TCPIP6 - ok
17:15:28.0690 2704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:15:28.0692 2704 tcpipreg - ok
17:15:28.0707 2704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:15:28.0709 2704 TDPIPE - ok
17:15:28.0754 2704 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:15:28.0756 2704 TDTCP - ok
17:15:28.0785 2704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:15:28.0787 2704 tdx - ok
17:15:28.0798 2704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:15:28.0799 2704 TermDD - ok
17:15:28.0848 2704 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:15:28.0857 2704 TermService - ok
17:15:28.0871 2704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:15:28.0878 2704 Themes - ok
17:15:28.0903 2704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:28.0906 2704 THREADORDER - ok
17:15:28.0919 2704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:15:28.0931 2704 TrkWks - ok
17:15:28.0972 2704 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:15:28.0975 2704 TrustedInstaller - ok
17:15:28.0989 2704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:28.0991 2704 tssecsrv - ok
17:15:29.0024 2704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:15:29.0027 2704 tunnel - ok
17:15:29.0049 2704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:15:29.0051 2704 uagp35 - ok
17:15:29.0085 2704 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:15:29.0090 2704 udfs - ok
17:15:29.0113 2704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:15:29.0120 2704 UI0Detect - ok
17:15:29.0144 2704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:15:29.0145 2704 uliagpkx - ok
17:15:29.0163 2704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:15:29.0165 2704 umbus - ok
17:15:29.0185 2704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:15:29.0186 2704 UmPass - ok
17:15:29.0217 2704 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
17:15:29.0227 2704 UmRdpService - ok
17:15:29.0338 2704 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:15:29.0347 2704 UMVPFSrv - ok
17:15:29.0375 2704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:15:29.0391 2704 upnphost - ok
17:15:29.0451 2704 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:15:29.0454 2704 usbaudio - ok
17:15:29.0489 2704 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:29.0491 2704 usbccgp - ok
17:15:29.0519 2704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:15:29.0521 2704 usbcir - ok
17:15:29.0544 2704 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:15:29.0545 2704 usbehci - ok
17:15:29.0587 2704 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:15:29.0592 2704 usbhub - ok
17:15:29.0604 2704 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
17:15:29.0606 2704 usbohci - ok
17:15:29.0624 2704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:15:29.0625 2704 usbprint - ok
17:15:29.0685 2704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:15:29.0687 2704 usbscan - ok
17:15:29.0705 2704 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:29.0707 2704 USBSTOR - ok
17:15:29.0723 2704 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:15:29.0725 2704 usbuhci - ok
17:15:29.0760 2704 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:15:29.0763 2704 usbvideo - ok
17:15:29.0781 2704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:15:29.0788 2704 UxSms - ok
17:15:29.0810 2704 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:15:29.0812 2704 VaultSvc - ok
17:15:29.0825 2704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:15:29.0826 2704 vdrvroot - ok
17:15:29.0878 2704 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:15:29.0894 2704 vds - ok
17:15:29.0914 2704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:29.0915 2704 vga - ok
17:15:29.0934 2704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:15:29.0935 2704 VgaSave - ok
17:15:29.0960 2704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:15:29.0963 2704 vhdmp - ok
17:15:29.0984 2704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:15:29.0986 2704 viaide - ok
17:15:30.0018 2704 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:15:30.0021 2704 vmbus - ok
17:15:30.0040 2704 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:15:30.0041 2704 VMBusHID - ok
17:15:30.0061 2704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:15:30.0063 2704 volmgr - ok
17:15:30.0095 2704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:15:30.0100 2704 volmgrx - ok
17:15:30.0169 2704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:15:30.0174 2704 volsnap - ok
17:15:30.0210 2704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:15:30.0213 2704 vsmraid - ok
17:15:30.0323 2704 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:15:30.0355 2704 VSS - ok
17:15:30.0454 2704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:15:30.0455 2704 vwifibus - ok
17:15:30.0489 2704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:15:30.0501 2704 W32Time - ok
17:15:30.0518 2704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:15:30.0520 2704 WacomPen - ok
17:15:30.0548 2704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:30.0550 2704 WANARP - ok
17:15:30.0554 2704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:30.0555 2704 Wanarpv6 - ok
17:15:30.0826 2704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:15:30.0857 2704 WatAdminSvc - ok
17:15:30.0968 2704 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:15:30.0997 2704 wbengine - ok
17:15:31.0077 2704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:15:31.0086 2704 WbioSrvc - ok
17:15:31.0151 2704 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:15:31.0163 2704 wcncsvc - ok
17:15:31.0180 2704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:15:31.0188 2704 WcsPlugInService - ok
17:15:31.0225 2704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:15:31.0226 2704 Wd - ok
17:15:31.0272 2704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:15:31.0282 2704 Wdf01000 - ok
17:15:31.0302 2704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:31.0315 2704 WdiServiceHost - ok
17:15:31.0318 2704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:31.0321 2704 WdiSystemHost - ok
17:15:31.0391 2704 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:15:31.0399 2704 WebClient - ok
17:15:31.0421 2704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:15:31.0430 2704 Wecsvc - ok
17:15:31.0443 2704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:15:31.0456 2704 wercplsupport - ok
17:15:31.0474 2704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:15:31.0488 2704 WerSvc - ok
17:15:31.0520 2704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:31.0521 2704 WfpLwf - ok
17:15:31.0542 2704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:15:31.0543 2704 WIMMount - ok
17:15:31.0572 2704 WinDefend - ok
17:15:31.0579 2704 WinHttpAutoProxySvc - ok
17:15:31.0641 2704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:15:31.0649 2704 Winmgmt - ok
17:15:31.0765 2704 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\junior\Desktop\real temp\WinRing0x64.sys
17:15:31.0767 2704 WinRing0_1_2_0 - ok
17:15:31.0891 2704 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:15:31.0924 2704 WinRM - ok
17:15:32.0064 2704 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:15:32.0066 2704 WinUsb - ok
17:15:32.0134 2704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:15:32.0160 2704 Wlansvc - ok
17:15:32.0189 2704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:15:32.0190 2704 WmiAcpi - ok
17:15:32.0257 2704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:15:32.0266 2704 wmiApSrv - ok
17:15:32.0295 2704 WMPNetworkSvc - ok
17:15:32.0327 2704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:15:32.0331 2704 WPCSvc - ok
17:15:32.0345 2704 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:15:32.0357 2704 WPDBusEnum - ok
17:15:32.0371 2704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:15:32.0373 2704 ws2ifsl - ok
17:15:32.0431 2704 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:15:32.0444 2704 wscsvc - ok
17:15:32.0448 2704 WSearch - ok
17:15:32.0617 2704 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:15:32.0656 2704 wuauserv - ok
17:15:32.0757 2704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:15:32.0759 2704 WudfPf - ok
17:15:32.0799 2704 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:32.0802 2704 WUDFRd - ok
17:15:32.0850 2704 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:15:32.0863 2704 wudfsvc - ok
17:15:32.0889 2704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:15:32.0898 2704 WwanSvc - ok
17:15:32.0951 2704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:15:33.0153 2704 \Device\Harddisk0\DR0 - ok
17:15:33.0177 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:15:33.0189 2704 \Device\Harddisk1\DR1 - ok
17:15:33.0192 2704 Boot (0x1200) (46123b19e9200af599f20ece36e8f468) \Device\Harddisk0\DR0\Partition0
17:15:33.0194 2704 \Device\Harddisk0\DR0\Partition0 - ok
17:15:33.0226 2704 Boot (0x1200) (6a8a02b1cd288bcd181cbb01c275a4af) \Device\Harddisk0\DR0\Partition1
17:15:33.0228 2704 \Device\Harddisk0\DR0\Partition1 - ok
17:15:33.0232 2704 Boot (0x1200) (9e35123ad68671902f9ac4ee7d9b14f6) \Device\Harddisk1\DR1\Partition0
17:15:33.0233 2704 \Device\Harddisk1\DR1\Partition0 - ok
17:15:33.0234 2704 ============================================================
17:15:33.0234 2704 Scan finished
17:15:33.0234 2704 ============================================================
17:15:33.0246 3768 Detected object count: 0
17:15:33.0246 3768 Actual detected object count: 0
17:15:58.0670 5732 ============================================================
17:15:58.0670 5732 Scan started
17:15:58.0670 5732 Mode: Manual; SigCheck; TDLFS;
17:15:58.0670 5732 ============================================================
17:15:59.0041 5732 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:15:59.0152 5732 1394ohci - ok
17:15:59.0280 5732 ABBYY.Licensing.FineReader.Professional.10.0 (8e9842d097d014ac87e33a091628a212) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
17:15:59.0312 5732 ABBYY.Licensing.FineReader.Professional.10.0 - ok
17:15:59.0351 5732 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:15:59.0368 5732 ACPI - ok
17:15:59.0386 5732 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:15:59.0468 5732 AcpiPmi - ok
17:15:59.0612 5732 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:59.0632 5732 AdobeFlashPlayerUpdateSvc - ok
17:15:59.0668 5732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:59.0687 5732 adp94xx - ok
17:15:59.0710 5732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:15:59.0727 5732 adpahci - ok
17:15:59.0754 5732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:15:59.0770 5732 adpu320 - ok
17:15:59.0804 5732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:15:59.0877 5732 AeLookupSvc - ok
17:15:59.0943 5732 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:16:00.0001 5732 AFD - ok
17:16:00.0022 5732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:16:00.0036 5732 agp440 - ok
17:16:00.0053 5732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:00.0069 5732 ALG - ok
17:16:00.0079 5732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:16:00.0092 5732 aliide - ok
17:16:00.0110 5732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:16:00.0123 5732 amdide - ok
17:16:00.0142 5732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:16:00.0174 5732 AmdK8 - ok
17:16:00.0199 5732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:16:00.0239 5732 AmdPPM - ok
17:16:00.0285 5732 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:16:00.0299 5732 amdsata - ok
17:16:00.0328 5732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:16:00.0343 5732 amdsbs - ok
17:16:00.0375 5732 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:16:00.0388 5732 amdxata - ok
17:16:00.0401 5732 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:16:00.0475 5732 AppID - ok
17:16:00.0488 5732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:00.0537 5732 AppIDSvc - ok
17:16:00.0566 5732 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:16:00.0625 5732 Appinfo - ok
17:16:00.0742 5732 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:16:00.0758 5732 Apple Mobile Device - ok
17:16:00.0797 5732 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:16:00.0830 5732 AppMgmt - ok
17:16:00.0857 5732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:16:00.0877 5732 arc - ok
17:16:00.0899 5732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:16:00.0913 5732 arcsas - ok
17:16:00.0930 5732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:00.0964 5732 AsyncMac - ok
17:16:00.0969 5732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:16:00.0983 5732 atapi - ok
17:16:01.0023 5732 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:16:01.0077 5732 AudioEndpointBuilder - ok
17:16:01.0083 5732 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:16:01.0124 5732 AudioSrv - ok
17:16:01.0230 5732 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
17:16:01.0306 5732 AVP - ok
17:16:01.0324 5732 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:16:01.0402 5732 AxInstSV - ok
17:16:01.0437 5732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:16:01.0492 5732 b06bdrv - ok
17:16:01.0519 5732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:01.0551 5732 b57nd60a - ok
17:16:01.0590 5732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:01.0639 5732 BDESVC - ok
17:16:01.0646 5732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:01.0696 5732 Beep - ok
17:16:01.0763 5732 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:16:01.0805 5732 BFE - ok
17:16:01.0865 5732 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:16:01.0911 5732 BITS - ok
17:16:01.0946 5732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:01.0961 5732 blbdrive - ok
17:16:02.0087 5732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:16:02.0110 5732 Bonjour Service - ok
17:16:02.0155 5732 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:16:02.0214 5732 bowser - ok
17:16:02.0227 5732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:16:02.0252 5732 BrFiltLo - ok
17:16:02.0284 5732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:16:02.0304 5732 BrFiltUp - ok
17:16:02.0321 5732 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:16:02.0365 5732 BridgeMP - ok
17:16:02.0390 5732 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:16:02.0426 5732 Browser - ok
17:16:02.0451 5732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:02.0509 5732 Brserid - ok
17:16:02.0525 5732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:02.0555 5732 BrSerWdm - ok
17:16:02.0588 5732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:02.0626 5732 BrUsbMdm - ok
17:16:02.0647 5732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:02.0679 5732 BrUsbSer - ok
17:16:02.0700 5732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:16:02.0739 5732 BTHMODEM - ok
17:16:02.0775 5732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:02.0828 5732 bthserv - ok
17:16:02.0869 5732 catchme - ok
17:16:02.0901 5732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:02.0974 5732 cdfs - ok
17:16:03.0034 5732 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:16:03.0079 5732 cdrom - ok
17:16:03.0113 5732 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:16:03.0178 5732 CertPropSvc - ok
17:16:03.0269 5732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:16:03.0335 5732 circlass - ok
17:16:03.0379 5732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:03.0397 5732 CLFS - ok
17:16:03.0456 5732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:03.0470 5732 clr_optimization_v2.0.50727_32 - ok
17:16:03.0511 5732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:03.0524 5732 clr_optimization_v2.0.50727_64 - ok
17:16:03.0616 5732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:03.0630 5732 clr_optimization_v4.0.30319_32 - ok
17:16:03.0685 5732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:03.0697 5732 clr_optimization_v4.0.30319_64 - ok
17:16:03.0713 5732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:03.0746 5732 CmBatt - ok
17:16:03.0792 5732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:16:03.0811 5732 cmdide - ok
17:16:03.0877 5732 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:16:03.0910 5732 CNG - ok
17:16:03.0921 5732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:03.0934 5732 Compbatt - ok
17:16:03.0951 5732 CompFilter64 (59d203c3f46f3ca536ecac0e084cd887) C:\Windows\system32\DRIVERS\lvbflt64.sys
17:16:03.0965 5732 CompFilter64 - ok
17:16:03.0973 5732 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:16:04.0009 5732 CompositeBus - ok
17:16:04.0012 5732 COMSysApp - ok
17:16:04.0046 5732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:16:04.0059 5732 crcdisk - ok
17:16:04.0180 5732 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:16:04.0202 5732 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:16:04.0202 5732 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:16:04.0241 5732 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:16:04.0247 5732 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:16:04.0247 5732 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:16:04.0295 5732 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
17:16:04.0320 5732 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:16:04.0320 5732 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:16:04.0370 5732 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:16:04.0394 5732 CryptSvc - ok
17:16:04.0443 5732 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:16:04.0500 5732 CSC - ok
17:16:04.0549 5732 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
17:16:04.0583 5732 CscService - ok
17:16:04.0640 5732 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
17:16:04.0659 5732 CT20XUT - ok
17:16:04.0663 5732 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
17:16:04.0677 5732 CT20XUT.SYS - ok
17:16:04.0747 5732 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
17:16:04.0765 5732 ctac32k - ok
17:16:04.0814 5732 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
17:16:04.0835 5732 ctaud2k - ok
17:16:04.0961 5732 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:16:04.0987 5732 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:16:04.0987 5732 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
17:16:05.0091 5732 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
17:16:05.0124 5732 CTEXFIFX - ok
17:16:05.0277 5732 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
17:16:05.0308 5732 CTEXFIFX.SYS - ok
17:16:05.0374 5732 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
17:16:05.0385 5732 CTHWIUT - ok
17:16:05.0389 5732 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
17:16:05.0401 5732 CTHWIUT.SYS - ok
17:16:05.0412 5732 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
17:16:05.0424 5732 ctprxy2k - ok
17:16:05.0447 5732 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
17:16:05.0461 5732 ctsfm2k - ok
17:16:05.0508 5732 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:16:05.0548 5732 DcomLaunch - ok
17:16:05.0583 5732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:16:05.0645 5732 defragsvc - ok
17:16:05.0691 5732 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:16:05.0757 5732 DfsC - ok
17:16:05.0792 5732 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:16:05.0861 5732 Dhcp - ok
17:16:05.0887 5732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:16:05.0943 5732 discache - ok
17:16:05.0983 5732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:16:05.0998 5732 Disk - ok
17:16:06.0052 5732 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:16:06.0077 5732 Dnscache - ok
17:16:06.0101 5732 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:16:06.0159 5732 dot3svc - ok
17:16:06.0213 5732 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:16:06.0258 5732 dot4 - ok
17:16:06.0287 5732 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:16:06.0322 5732 Dot4Print - ok
17:16:06.0349 5732 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:16:06.0381 5732 dot4usb - ok
17:16:06.0416 5732 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:16:06.0492 5732 DPS - ok
17:16:06.0532 5732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:16:06.0566 5732 drmkaud - ok
17:16:06.0601 5732 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:16:06.0616 5732 dtsoftbus01 - ok
17:16:06.0712 5732 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:16:06.0739 5732 DXGKrnl - ok
17:16:06.0757 5732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:16:06.0810 5732 EapHost - ok
17:16:07.0552 5732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:16:07.0665 5732 ebdrv - ok
17:16:07.0797 5732 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:16:07.0813 5732 EFS - ok
17:16:07.0965 5732 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:16:08.0033 5732 ehRecvr - ok
17:16:08.0059 5732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:16:08.0120 5732 ehSched - ok
17:16:08.0168 5732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:16:08.0189 5732 elxstor - ok
17:16:08.0242 5732 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
17:16:08.0254 5732 emupia - ok
17:16:08.0270 5732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:16:08.0284 5732 ErrDev - ok
17:16:08.0336 5732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:16:08.0375 5732 EventSystem - ok
17:16:08.0399 5732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:16:08.0453 5732 exfat - ok
17:16:08.0495 5732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:16:08.0547 5732 fastfat - ok
17:16:08.0602 5732 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:16:08.0669 5732 Fax - ok
17:16:08.0674 5732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:16:08.0711 5732 fdc - ok
17:16:08.0733 5732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:16:08.0769 5732 fdPHost - ok
17:16:08.0778 5732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:16:08.0834 5732 FDResPub - ok
17:16:08.0868 5732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:16:08.0883 5732 FileInfo - ok
17:16:08.0903 5732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:16:08.0958 5732 Filetrace - ok
17:16:08.0962 5732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:08.0982 5732 flpydisk - ok
17:16:09.0028 5732 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:16:09.0045 5732 FltMgr - ok
17:16:09.0118 5732 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:16:09.0175 5732 FontCache - ok
17:16:09.0246 5732 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:16:09.0259 5732 FontCache3.0.0.0 - ok
17:16:09.0293 5732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:16:09.0308 5732 FsDepends - ok
17:16:09.0359 5732 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:16:09.0373 5732 Fs_Rec - ok
17:16:09.0435 5732 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:16:09.0454 5732 fvevol - ok
17:16:09.0472 5732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:16:09.0486 5732 gagp30kx - ok
17:16:09.0529 5732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:16:09.0539 5732 GEARAspiWDM - ok
17:16:09.0593 5732 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:16:09.0643 5732 gpsvc - ok
17:16:09.0761 5732 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:09.0773 5732 gupdate - ok
17:16:09.0777 5732 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:09.0789 5732 gupdatem - ok
17:16:09.0918 5732 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
17:16:09.0952 5732 ha20x22k - ok
17:16:10.0135 5732 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
17:16:10.0171 5732 ha20x2k - ok
17:16:10.0246 5732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:16:10.0314 5732 hcw85cir - ok
17:16:10.0349 5732 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:16:10.0387 5732 HdAudAddService - ok
17:16:10.0416 5732 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:16:10.0449 5732 HDAudBus - ok
17:16:10.0468 5732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:16:10.0483 5732 HidBatt - ok
17:16:10.0502 5732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:16:10.0536 5732 HidBth - ok
17:16:10.0571 5732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:16:10.0588 5732 HidIr - ok
17:16:10.0606 5732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:16:10.0662 5732 hidserv - ok
17:16:10.0695 5732 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:16:10.0732 5732 HidUsb - ok
17:16:10.0763 5732 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:16:10.0815 5732 hkmsvc - ok
17:16:10.0860 5732 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:16:10.0885 5732 HomeGroupListener - ok
17:16:10.0919 5732 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:16:10.0950 5732 HomeGroupProvider - ok
17:16:11.0135 5732 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:16:11.0165 5732 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:16:11.0165 5732 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:16:11.0197 5732 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:16:11.0226 5732 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:16:11.0226 5732 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:16:11.0253 5732 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:16:11.0273 5732 HpSAMD - ok
17:16:11.0344 5732 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:16:11.0360 5732 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:16:11.0360 5732 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:16:11.0412 5732 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:16:11.0474 5732 HTTP - ok
17:16:11.0509 5732 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:16:11.0522 5732 hwpolicy - ok
17:16:11.0535 5732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:16:11.0550 5732 i8042prt - ok
17:16:11.0598 5732 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:16:11.0616 5732 iaStorV - ok
17:16:11.0707 5732 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:16:11.0712 5732 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:16:11.0712 5732 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:16:11.0808 5732 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:16:11.0833 5732 idsvc - ok
17:16:11.0898 5732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:16:11.0912 5732 iirsp - ok
17:16:11.0978 5732 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:16:12.0042 5732 IKEEXT - ok
17:16:12.0062 5732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:16:12.0076 5732 intelide - ok
17:16:12.0090 5732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:16:12.0125 5732 intelppm - ok
17:16:12.0156 5732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:16:12.0206 5732 IPBusEnum - ok
17:16:12.0230 5732 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:12.0266 5732 IpFilterDriver - ok
17:16:12.0296 5732 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:16:12.0336 5732 iphlpsvc - ok
17:16:12.0346 5732 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:16:12.0383 5732 IPMIDRV - ok
17:16:12.0408 5732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:16:12.0463 5732 IPNAT - ok
17:16:12.0582 5732 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:16:12.0605 5732 iPod Service - ok
17:16:12.0613 5732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:16:12.0632 5732 IRENUM - ok
17:16:12.0644 5732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:16:12.0658 5732 isapnp - ok
17:16:12.0686 5732 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:16:12.0702 5732 iScsiPrt - ok
17:16:12.0753 5732 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
17:16:12.0764 5732 ivusb - ok
17:16:12.0781 5732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:16:12.0795 5732 kbdclass - ok
17:16:12.0809 5732 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:16:12.0844 5732 kbdhid - ok
17:16:12.0865 5732 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:16:12.0881 5732 KeyIso - ok
17:16:12.0941 5732 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
17:16:12.0959 5732 KeyScrambler - ok
17:16:13.0021 5732 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
17:16:13.0038 5732 KL1 - ok
17:16:13.0097 5732 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
17:16:13.0108 5732 kl2 - ok
17:16:13.0181 5732 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
17:16:13.0202 5732 KLIF - ok
17:16:13.0208 5732 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
17:16:13.0220 5732 KLIM6 - ok
17:16:13.0230 5732 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
17:16:13.0242 5732 klmouflt - ok
17:16:13.0292 5732 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:16:13.0307 5732 KSecDD - ok
17:16:13.0464 5732 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:16:13.0479 5732 KSecPkg - ok
17:16:13.0493 5732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:16:13.0545 5732 ksthunk - ok
17:16:13.0591 5732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:16:13.0653 5732 KtmRm - ok
17:16:13.0711 5732 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:16:13.0740 5732 LanmanServer - ok
17:16:13.0773 5732 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:16:13.0833 5732 LanmanWorkstation - ok
17:16:13.0870 5732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:16:13.0923 5732 lltdio - ok
17:16:13.0984 5732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:16:14.0024 5732 lltdsvc - ok
17:16:14.0036 5732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:16:14.0072 5732 lmhosts - ok
17:16:14.0091 5732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:16:14.0105 5732 LSI_FC - ok
17:16:14.0123 5732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:16:14.0138 5732 LSI_SAS - ok
17:16:14.0158 5732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:16:14.0172 5732 LSI_SAS2 - ok
17:16:14.0194 5732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:16:14.0208 5732 LSI_SCSI - ok
17:16:14.0224 5732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:16:14.0279 5732 luafv - ok
17:16:14.0315 5732 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
17:16:14.0332 5732 LVRS64 - ok
17:16:14.0584 5732 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:16:14.0666 5732 LVUVC64 - ok
17:16:14.0737 5732 lxdn_device - ok
17:16:14.0769 5732 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:16:14.0803 5732 Mcx2Svc - ok
17:16:14.0847 5732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:16:14.0863 5732 megasas - ok
17:16:14.0887 5732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:16:14.0904 5732 MegaSR - ok
17:16:14.0992 5732 Microsoft SharePoint Workspace Audit Service - ok
17:16:15.0031 5732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:16:15.0070 5732 MMCSS - ok
17:16:15.0086 5732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:16:15.0142 5732 Modem - ok
17:16:15.0169 5732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:16:15.0204 5732 monitor - ok
17:16:15.0224 5732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:16:15.0238 5732 mouclass - ok
17:16:15.0251 5732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:16:15.0286 5732 mouhid - ok
17:16:15.0324 5732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:16:15.0338 5732 mountmgr - ok
17:16:15.0431 5732 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:16:15.0445 5732 MozillaMaintenance - ok
17:16:15.0467 5732 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:16:15.0482 5732 mpio - ok
17:16:15.0500 5732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:16:15.0536 5732 mpsdrv - ok
17:16:15.0586 5732 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:16:15.0647 5732 MpsSvc - ok
17:16:15.0687 5732 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:16:15.0723 5732 MRxDAV - ok
17:16:15.0775 5732 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:15.0832 5732 mrxsmb - ok
17:16:15.0861 5732 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:15.0878 5732 mrxsmb10 - ok
17:16:15.0930 5732 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:15.0964 5732 mrxsmb20 - ok
17:16:15.0987 5732 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:16:16.0006 5732 msahci - ok
17:16:16.0024 5732 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:16:16.0039 5732 msdsm - ok
17:16:16.0053 5732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:16:16.0085 5732 MSDTC - ok
17:16:16.0109 5732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:16:16.0145 5732 Msfs - ok
17:16:16.0152 5732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:16:16.0187 5732 mshidkmdf - ok
17:16:16.0196 5732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:16:16.0209 5732 msisadrv - ok
17:16:16.0298 5732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:16:16.0346 5732 MSiSCSI - ok
17:16:16.0350 5732 msiserver - ok
17:16:16.0374 5732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:16:16.0433 5732 MSKSSRV - ok
17:16:16.0472 5732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:16.0528 5732 MSPCLOCK - ok
17:16:16.0553 5732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:16:16.0607 5732 MSPQM - ok
17:16:16.0643 5732 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:16:16.0661 5732 MsRPC - ok
17:16:16.0713 5732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:16:16.0726 5732 mssmbios - ok
17:16:16.0764 5732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:16:16.0826 5732 MSTEE - ok
17:16:16.0848 5732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:16:16.0886 5732 MTConfig - ok
17:16:16.0922 5732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:16:16.0936 5732 Mup - ok
17:16:16.0981 5732 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:16:17.0041 5732 napagent - ok
17:16:17.0090 5732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:16:17.0127 5732 NativeWifiP - ok
17:16:17.0207 5732 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:16:17.0233 5732 NDIS - ok
17:16:17.0252 5732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:16:17.0287 5732 NdisCap - ok
17:16:17.0309 5732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:17.0366 5732 NdisTapi - ok
17:16:17.0392 5732 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:17.0441 5732 Ndisuio - ok
17:16:17.0482 5732 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:17.0518 5732 NdisWan - ok
17:16:17.0532 5732 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:16:17.0568 5732 NDProxy - ok
17:16:17.0623 5732 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:16:17.0630 5732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:16:17.0630 5732 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:16:17.0642 5732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:16:17.0712 5732 NetBIOS - ok
17:16:17.0746 5732 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:16:17.0797 5732 NetBT - ok
17:16:17.0835 5732 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:16:17.0850 5732 Netlogon - ok
17:16:17.0886 5732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:16:17.0925 5732 Netman - ok
17:16:17.0960 5732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:16:18.0016 5732 netprofm - ok
17:16:18.0089 5732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:16:18.0102 5732 NetTcpPortSharing - ok
17:16:18.0117 5732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:16:18.0131 5732 nfrd960 - ok
17:16:18.0158 5732 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:16:18.0196 5732 NlaSvc - ok
17:16:18.0234 5732 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
17:16:18.0246 5732 NPF - ok
17:16:18.0264 5732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:16:18.0299 5732 Npfs - ok
17:16:18.0309 5732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:16:18.0364 5732 nsi - ok
17:16:18.0397 5732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:16:18.0433 5732 nsiproxy - ok
17:16:18.0600 5732 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:16:18.0639 5732 Ntfs - ok
17:16:18.0718 5732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:16:18.0752 5732 Null - ok
17:16:19.0540 5732 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:16:19.0751 5732 nvlddmkm - ok
17:16:19.0886 5732 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
17:16:19.0902 5732 nvoclk64 - ok
17:16:19.0928 5732 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:16:19.0943 5732 nvraid - ok
17:16:19.0966 5732 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:16:19.0981 5732 nvstor - ok
17:16:20.0063 5732 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
17:16:20.0088 5732 nvsvc - ok
17:16:20.0258 5732 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:16:20.0296 5732 nvUpdatusService - ok
17:16:20.0357 5732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:16:20.0378 5732 nv_agp - ok
17:16:20.0388 5732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:16:20.0421 5732 ohci1394 - ok
17:16:20.0503 5732 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:20.0516 5732 ose - ok
17:16:20.0833 5732 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:16:20.0913 5732 osppsvc - ok
17:16:20.0996 5732 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
17:16:21.0013 5732 ossrv - ok
17:16:21.0050 5732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:21.0110 5732 p2pimsvc - ok
17:16:21.0144 5732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:16:21.0163 5732 p2psvc - ok
17:16:21.0176 5732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:16:21.0191 5732 Parport - ok
17:16:21.0251 5732 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:16:21.0265 5732 partmgr - ok
17:16:21.0286 5732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:16:21.0335 5732 PcaSvc - ok
17:16:21.0364 5732 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:16:21.0379 5732 pci - ok
17:16:21.0387 5732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:16:21.0400 5732 pciide - ok
17:16:21.0426 5732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:16:21.0441 5732 pcmcia - ok
17:16:21.0447 5732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:16:21.0460 5732 pcw - ok
17:16:21.0502 5732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:16:21.0558 5732 PEAUTH - ok
17:16:21.0648 5732 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:16:21.0684 5732 PeerDistSvc - ok
17:16:21.0750 5732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:16:21.0765 5732 PerfHost - ok
17:16:21.0896 5732 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:16:21.0961 5732 pla - ok
17:16:22.0017 5732 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:16:22.0045 5732 PlugPlay - ok
17:16:22.0096 5732 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:16:22.0114 5732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:16:22.0114 5732 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:16:22.0149 5732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:16:22.0182 5732 PNRPAutoReg - ok
17:16:22.0217 5732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:22.0235 5732 PNRPsvc - ok
17:16:22.0297 5732 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:16:22.0358 5732 PolicyAgent - ok
17:16:22.0400 5732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:16:22.0457 5732 Power - ok
17:16:22.0517 5732 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:16:22.0553 5732 PptpMiniport - ok
17:16:22.0566 5732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:16:22.0597 5732 Processor - ok
17:16:22.0642 5732 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:16:22.0701 5732 ProfSvc - ok
17:16:22.0724 5732 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:16:22.0739 5732 ProtectedStorage - ok
17:16:22.0753 5732 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:16:22.0792 5732 Psched - ok
17:16:22.0877 5732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:16:22.0910 5732 ql2300 - ok
17:16:22.0985 5732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:16:23.0000 5732 ql40xx - ok
17:16:23.0036 5732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:16:23.0059 5732 QWAVE - ok
17:16:23.0074 5732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:16:23.0110 5732 QWAVEdrv - ok
17:16:23.0133 5732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:16:23.0168 5732 RasAcd - ok
17:16:23.0192 5732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:16:23.0228 5732 RasAgileVpn - ok
17:16:23.0239 5732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:16:23.0293 5732 RasAuto - ok
17:16:23.0324 5732 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:23.0380 5732 Rasl2tp - ok
17:16:23.0416 5732 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:16:23.0470 5732 RasMan - ok
17:16:23.0508 5732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:23.0566 5732 RasPppoe - ok
17:16:23.0649 5732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:16:23.0685 5732 RasSstp - ok
17:16:23.0709 5732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:16:23.0766 5732 rdbss - ok
17:16:23.0788 5732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:16:23.0825 5732 rdpbus - ok
17:16:23.0850 5732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:23.0885 5732 RDPCDD - ok
17:16:23.0912 5732 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:16:23.0959 5732 RDPDR - ok
17:16:23.0967 5732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:16:24.0022 5732 RDPENCDD - ok
17:16:24.0044 5732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:16:24.0100 5732 RDPREFMP - ok
17:16:24.0159 5732 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:16:24.0218 5732 RDPWD - ok
17:16:24.0237 5732 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:16:24.0253 5732 rdyboost - ok
17:16:24.0283 5732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:16:24.0320 5732 RemoteAccess - ok
17:16:24.0344 5732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:16:24.0381 5732 RemoteRegistry - ok
17:16:24.0428 5732 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
17:16:24.0440 5732 Revoflt - ok
17:16:24.0503 5732 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
17:16:24.0515 5732 rpcapd - ok
17:16:24.0541 5732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:16:24.0597 5732 RpcEptMapper - ok
17:16:24.0641 5732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:16:24.0657 5732 RpcLocator - ok
17:16:24.0693 5732 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:16:24.0733 5732 RpcSs - ok
17:16:24.0751 5732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:16:24.0801 5732 rspndr - ok
17:16:24.0837 5732 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:16:24.0852 5732 RTL8167 - ok
17:16:24.0877 5732 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:16:24.0941 5732 s3cap - ok
17:16:24.0965 5732 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:16:24.0980 5732 SamSs - ok
17:16:25.0040 5732 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
17:16:25.0062 5732 SbieDrv - ok
17:16:25.0075 5732 SbieSvc (91d1ab66ecd2e7acc9096bbd212dd674) C:\Program Files\Sandboxie\SbieSvc.exe
17:16:25.0093 5732 SbieSvc - ok
17:16:25.0115 5732 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:16:25.0131 5732 sbp2port - ok
17:16:25.0134 5732 SBRE - ok
17:16:25.0162 5732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:16:25.0231 5732 SCardSvr - ok
17:16:25.0252 5732 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:16:25.0288 5732 scfilter - ok
17:16:25.0410 5732 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:16:25.0448 5732 Schedule - ok
17:16:25.0471 5732 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:16:25.0518 5732 SCPolicySvc - ok
17:16:25.0529 5732 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:16:25.0567 5732 SDRSVC - ok
17:16:25.0618 5732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:16:25.0674 5732 secdrv - ok
17:16:25.0707 5732 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:16:25.0764 5732 seclogon - ok
17:16:25.0787 5732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:16:25.0841 5732 SENS - ok
17:16:25.0846 5732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:16:25.0885 5732 SensrSvc - ok
17:16:25.0892 5732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:16:25.0925 5732 Serenum - ok
17:16:25.0949 5732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:16:25.0964 5732 Serial - ok
17:16:25.0980 5732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:16:26.0009 5732 sermouse - ok
17:16:26.0048 5732 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:16:26.0086 5732 SessionEnv - ok
17:16:26.0102 5732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:16:26.0142 5732 sffdisk - ok
17:16:26.0164 5732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:16:26.0182 5732 sffp_mmc - ok
17:16:26.0187 5732 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:16:26.0205 5732 sffp_sd - ok
17:16:26.0224 5732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:16:26.0255 5732 sfloppy - ok
17:16:26.0372 5732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:16:26.0438 5732 SharedAccess - ok
17:16:26.0474 5732 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:16:26.0505 5732 ShellHWDetection - ok
17:16:26.0543 5732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:16:26.0557 5732 SiSRaid2 - ok
17:16:26.0632 5732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:16:26.0652 5732 SiSRaid4 - ok
17:16:26.0786 5732 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:16:26.0803 5732 SkypeUpdate - ok
17:16:26.0826 5732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:16:26.0873 5732 Smb - ok
17:16:26.0891 5732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:16:26.0907 5732 SNMPTRAP - ok
17:16:27.0000 5732 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
17:16:27.0014 5732 speedfan - ok
17:16:27.0024 5732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:16:27.0037 5732 spldr - ok
17:16:27.0116 5732 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:16:27.0137 5732 Spooler - ok
17:16:27.0321 5732 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:16:27.0372 5732 sppsvc - ok
17:16:27.0460 5732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:16:27.0519 5732 sppuinotify - ok
17:16:27.0614 5732 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:16:27.0677 5732 srv - ok
17:16:27.0742 5732 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:16:27.0776 5732 srv2 - ok
17:16:27.0824 5732 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:16:27.0840 5732 srvnet - ok
17:16:27.0855 5732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:16:27.0893 5732 SSDPSRV - ok
17:16:27.0904 5732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:16:27.0942 5732 SstpSvc - ok
17:16:27.0991 5732 Steam Client Service - ok
17:16:28.0121 5732 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:16:28.0138 5732 Stereo Service - ok
17:16:28.0164 5732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:16:28.0178 5732 stexstor - ok
17:16:28.0221 5732 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:16:28.0265 5732 stisvc - ok
17:16:28.0311 5732 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:16:28.0325 5732 storflt - ok
17:16:28.0340 5732 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:16:28.0372 5732 StorSvc - ok
17:16:28.0392 5732 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:16:28.0406 5732 storvsc - ok
17:16:28.0421 5732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:16:28.0434 5732 swenum - ok
17:16:28.0587 5732 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:16:28.0602 5732 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:16:28.0602 5732 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:16:28.0636 5732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:16:28.0697 5732 swprv - ok
17:16:28.0797 5732 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:16:28.0848 5732 SysMain - ok
17:16:28.0934 5732 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:16:28.0954 5732 TabletInputService - ok
17:16:28.0979 5732 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:16:29.0019 5732 TapiSrv - ok
17:16:29.0027 5732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:16:29.0064 5732 TBS - ok
17:16:29.0212 5732 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:16:29.0251 5732 Tcpip - ok
17:16:29.0393 5732 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:16:29.0431 5732 TCPIP6 - ok
17:16:29.0492 5732 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:16:29.0529 5732 tcpipreg - ok
17:16:29.0544 5732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:16:29.0568 5732 TDPIPE - ok
17:16:29.0616 5732 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:16:29.0679 5732 TDTCP - ok
17:16:29.0696 5732 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:16:29.0745 5732 tdx - ok
17:16:29.0759 5732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:16:29.0773 5732 TermDD - ok
17:16:29.0817 5732 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:16:29.0859 5732 TermService - ok
17:16:29.0874 5732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:16:29.0911 5732 Themes - ok
17:16:29.0956 5732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:16:29.0992 5732 THREADORDER - ok
17:16:30.0005 5732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:16:30.0063 5732 TrkWks - ok
17:16:30.0109 5732 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:16:30.0151 5732 TrustedInstaller - ok
17:16:30.0175 5732 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:16:30.0210 5732 tssecsrv - ok
17:16:30.0227 5732 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:16:30.0294 5732 tunnel - ok
17:16:30.0319 5732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:16:30.0339 5732 uagp35 - ok
17:16:30.0371 5732 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:16:30.0408 5732 udfs - ok
17:16:30.0432 5732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:16:30.0449 5732 UI0Detect - ok
17:16:30.0471 5732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:16:30.0485 5732 uliagpkx - ok
17:16:30.0507 5732 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:16:30.0522 5732 umbus - ok
17:16:30.0537 5732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:16:30.0574 5732 UmPass - ok
17:16:30.0611 5732 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
17:16:30.0648 5732 UmRdpService - ok
17:16:30.0766 5732 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:16:30.0792 5732 UMVPFSrv - ok
17:16:30.0818 5732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:16:30.0879 5732 upnphost - ok
17:16:30.0928 5732 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:16:30.0967 5732 usbaudio - ok
17:16:31.0015 5732 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:16:31.0064 5732 usbccgp - ok
17:16:31.0087 5732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:16:31.0121 5732 usbcir - ok
17:16:31.0154 5732 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:16:31.0168 5732 usbehci - ok
17:16:31.0196 5732 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:16:31.0229 5732 usbhub - ok
17:16:31.0256 5732 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
17:16:31.0290 5732 usbohci - ok
17:16:31.0325 5732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:16:31.0345 5732 usbprint - ok
17:16:31.0395 5732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:16:31.0430 5732 usbscan - ok
17:16:31.0481 5732 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:16:31.0523 5732 USBSTOR - ok
17:16:31.0550 5732 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:16:31.0564 5732 usbuhci - ok
17:16:31.0595 5732 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:16:31.0622 5732 usbvideo - ok
17:16:31.0649 5732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:16:31.0702 5732 UxSms - ok
17:16:31.0728 5732 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:16:31.0743 5732 VaultSvc - ok
17:16:31.0751 5732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:16:31.0765 5732 vdrvroot - ok
17:16:31.0797 5732 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:16:31.0832 5732 vds - ok
17:16:31.0865 5732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:16:31.0892 5732 vga - ok
17:16:31.0911 5732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:16:31.0961 5732 VgaSave - ok
17:16:32.0002 5732 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:16:32.0018 5732 vhdmp - ok
17:16:32.0036 5732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:16:32.0049 5732 viaide - ok
17:16:32.0086 5732 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:16:32.0101 5732 vmbus - ok
17:16:32.0116 5732 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:16:32.0152 5732 VMBusHID - ok
17:16:32.0188 5732 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:16:32.0202 5732 volmgr - ok
17:16:32.0229 5732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:16:32.0247 5732 volmgrx - ok
17:16:32.0312 5732 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:16:32.0329 5732 volsnap - ok
17:16:32.0353 5732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:16:32.0368 5732 vsmraid - ok
17:16:32.0462 5732 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:16:32.0511 5732 VSS - ok
17:16:32.0605 5732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:16:32.0622 5732 vwifibus - ok
17:16:32.0648 5732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:16:32.0688 5732 W32Time - ok
17:16:32.0703 5732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:16:32.0718 5732 WacomPen - ok
17:16:32.0741 5732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:32.0799 5732 WANARP - ok
17:16:32.0802 5732 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:32.0840 5732 Wanarpv6 - ok
17:16:32.0941 5732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:16:32.0971 5732 WatAdminSvc - ok
17:16:33.0067 5732 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:16:33.0142 5732 wbengine - ok
17:16:33.0195 5732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:16:33.0217 5732 WbioSrvc - ok
17:16:33.0288 5732 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:16:33.0360 5732 wcncsvc - ok
17:16:33.0373 5732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:16:33.0394 5732 WcsPlugInService - ok
17:16:33.0426 5732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:16:33.0440 5732 Wd - ok
17:16:33.0481 5732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:16:33.0503 5732 Wdf01000 - ok
17:16:33.0520 5732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:16:33.0555 5732 WdiServiceHost - ok
17:16:33.0558 5732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:16:33.0579 5732 WdiSystemHost - ok
17:16:33.0643 5732 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:16:33.0709 5732 WebClient - ok
17:16:33.0731 5732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:16:33.0790 5732 Wecsvc - ok
17:16:33.0827 5732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:16:33.0885 5732 wercplsupport - ok
17:16:33.0909 5732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:16:33.0946 5732 WerSvc - ok
17:16:33.0963 5732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:16:33.0998 5732 WfpLwf - ok
17:16:34.0010 5732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:16:34.0024 5732 WIMMount - ok
17:16:34.0048 5732 WinDefend - ok
17:16:34.0054 5732 WinHttpAutoProxySvc - ok
17:16:34.0117 5732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:16:34.0154 5732 Winmgmt - ok
17:16:34.0251 5732 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\junior\Desktop\real temp\WinRing0x64.sys
17:16:34.0264 5732 WinRing0_1_2_0 - ok
17:16:34.0371 5732 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:16:34.0448 5732 WinRM - ok
17:16:34.0559 5732 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:16:34.0595 5732 WinUsb - ok
17:16:34.0678 5732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:16:34.0706 5732 Wlansvc - ok
17:16:34.0734 5732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:16:34.0749 5732 WmiAcpi - ok
17:16:34.0809 5732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:16:34.0843 5732 wmiApSrv - ok
17:16:34.0965 5732 WMPNetworkSvc - ok
17:16:34.0981 5732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:16:35.0066 5732 WPCSvc - ok
17:16:35.0081 5732 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:16:35.0231 5732 WPDBusEnum - ok
17:16:35.0355 5732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:16:35.0408 5732 ws2ifsl - ok
17:16:35.0500 5732 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:16:35.0548 5732 wscsvc - ok
17:16:35.0553 5732 WSearch - ok
17:16:35.0747 5732 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:16:35.0808 5732 wuauserv - ok
17:16:35.0901 5732 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:16:35.0963 5732 WudfPf - ok
17:16:35.0984 5732 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:16:36.0028 5732 WUDFRd - ok
17:16:36.0052 5732 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:16:36.0107 5732 wudfsvc - ok
17:16:36.0150 5732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:16:36.0199 5732 WwanSvc - ok
17:16:36.0237 5732 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:16:36.0504 5732 \Device\Harddisk0\DR0 - ok
17:16:36.0531 5732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:16:36.0603 5732 \Device\Harddisk1\DR1 - ok
17:16:36.0607 5732 Boot (0x1200) (46123b19e9200af599f20ece36e8f468) \Device\Harddisk0\DR0\Partition0
17:16:36.0609 5732 \Device\Harddisk0\DR0\Partition0 - ok
17:16:36.0637 5732 Boot (0x1200) (6a8a02b1cd288bcd181cbb01c275a4af) \Device\Harddisk0\DR0\Partition1
17:16:36.0639 5732 \Device\Harddisk0\DR0\Partition1 - ok
17:16:36.0642 5732 Boot (0x1200) (9e35123ad68671902f9ac4ee7d9b14f6) \Device\Harddisk1\DR1\Partition0
17:16:36.0644 5732 \Device\Harddisk1\DR1\Partition0 - ok
17:16:36.0645 5732 ============================================================
17:16:36.0645 5732 Scan finished
17:16:36.0645 5732 ============================================================
17:16:36.0656 4664 Detected object count: 11
17:16:36.0656 4664 Actual detected object count: 11
17:17:36.0188 4664 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0188 4664 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0190 4664 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0190 4664 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0191 4664 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0191 4664 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0192 4664 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0193 4664 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0194 4664 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0194 4664 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0195 4664 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0195 4664 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0196 4664 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0196 4664 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0198 4664 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0198 4664 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0199 4664 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0199 4664 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0200 4664 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0200 4664 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:36.0201 4664 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0201 4664 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 17:20:02
-----------------------------
17:20:02.598 OS Version: Windows x64 6.1.7600
17:20:02.598 Number of processors: 4 586 0xF0B
17:20:02.599 ComputerName: JUNIOR-PC UserName: junior
17:20:04.734 Initialize success
17:20:33.966 AVAST engine defs: 12080900
17:21:23.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:21:23.122 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
17:21:23.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-2
17:21:23.128 Disk 1 Vendor: WDC_WD1001FALS-75J7B0 05.00K05 Size: 953869MB BusType: 3
17:21:23.141 Disk 0 MBR read successfully
17:21:23.145 Disk 0 MBR scan
17:21:23.151 Disk 0 Windows 7 default MBR code
17:21:23.157 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:21:23.166 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610378 MB offset 206848
17:21:23.192 Disk 0 scanning C:\Windows\system32\drivers
17:21:34.515 Service scanning
17:21:57.920 Modules scanning
17:21:57.927 Disk 0 trace - called modules:
17:21:58.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:21:58.270 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047b2060]
17:21:58.275 3 CLASSPNP.SYS[fffff8800206043f] -> nt!IofCallDriver -> [0xfffffa80045a7520]
17:21:58.279 5 ACPI.sys[fffff88000f55781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80045ae680]
17:22:00.434 AVAST engine scan C:\Windows
17:22:05.446 AVAST engine scan C:\Windows\system32
17:26:22.923 AVAST engine scan C:\Windows\system32\drivers
17:26:36.862 AVAST engine scan C:\Users\junior
17:52:14.999 AVAST engine scan C:\ProgramData
17:55:12.647 Scan finished successfully
18:02:58.305 Disk 0 MBR has been saved successfully to "C:\Users\junior\Desktop\MBR.dat"
18:02:58.310 The log file has been saved successfully to "C:\Users\junior\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 10 August 2012 - 12:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 10 August 2012 - 07:34 AM

Greetings




Gringo[/b]


It doesn't look like I am getting redirected in mozilla but I am getting redirected from chrome - eg when i type something random via google searches

http://searchignited.com/?dn=allsafelist.com&fp=IfzHPkurQb6FwW%2F3HZ39nvZGpg4R9D3EZU8MgZOSrsyO06gTnUSu%2FU1rn8RlahaptyUuEpq7Ybmw4ROI5oMhng%3D%3D&prvtof=HbXmsLFFQ01eTilN37djiigh%2B4WcZ2qwckv4n6D%2BfGZTCo%2FdcZEXOf%2F7A%2FGlbJ1Zak8oZ9OvBU2AP2cXQaDjApnzig16RodAjVy6NqI4PyWAte8RwPzzWuj1dm%2Fpz%2Bp4&poru=IoS2XmK5liRu6uKvZCE%2Fa0Oia7jVwjnUx0LXKiqPyna8xZfAzkoaOHAFLVvgWuo0uxpKt5fyPfXoSaRINV8Fg1LNb1SnRLuaBmLzNCaU6H8%3D&cifr=1&

Something that crossed my mind when combofix was creating a restore point was that I was unable to complete any system restores a while back when I tried to address this issue.

The log below:

ComboFix 12-08-09.01 - junior 08/10/2012 7:40.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2648 [GMT -4:00]
Running from: c:\users\junior\Downloads\ComboFix.exe
Command switches used :: c:\users\junior\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\junior\AppData\Local\Temp\_MEI4722\_ctypes.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\_elementtree.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\_hashlib.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\_socket.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\_ssl.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\pyexpat.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\pysqlite2._sqlite.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\python26.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\pythoncom26.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\PyWinTypes26.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\select.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\unicodedata.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32api.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32com.shell.shell.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32crypt.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32event.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32file.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32inet.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32pdh.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\win32process.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\windows._cacheinvalidation.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._controls_.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._core_.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._gdi_.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._html2.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._misc_.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._windows_.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wx._wizard.pyd
c:\users\junior\AppData\Local\Temp\_MEI4722\wxbase293u_net_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\wxbase293u_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\wxmsw293u_adv_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\wxmsw293u_core_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\wxmsw293u_html_vc.dll
c:\users\junior\AppData\Local\Temp\_MEI4722\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 11:48 . 2012-08-10 11:48 -------- d-----w- c:\users\jeff\AppData\Local\temp
2012-08-10 11:48 . 2012-08-10 11:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-10 11:48 . 2012-08-10 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 12:19 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9618709E-9A5A-41AF-A2AC-3D04C5AB18C9}\mpengine.dll
2012-08-05 22:22 . 2012-08-05 22:22 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-08-02 17:39 . 2012-08-02 18:37 -------- d-----w- c:\users\junior\AppData\Roaming\Pamela
2012-08-02 17:39 . 2012-08-02 17:39 172544 ----a-w- c:\windows\SysWow64\RemoteControl.dll
2012-08-02 17:39 . 2012-08-02 17:39 -------- d-----w- c:\program files (x86)\Pamela
2012-07-31 01:44 . 2012-07-31 01:44 -------- d-----w- c:\users\Guest\AppData\Roaming\Foxit Software
2012-07-25 11:14 . 2012-07-25 11:16 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-07-24 07:00 . 2012-08-10 11:51 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-24 07:00 . 2012-07-24 07:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-24 07:00 . 2012-07-24 07:00 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-07-23 01:52 . 2012-07-24 06:49 -------- d-----w- C:\kleaner.tmp
2012-07-22 19:28 . 2012-07-22 19:28 -------- d-----w- c:\programdata\GFI Software
2012-07-22 00:48 . 2012-07-22 00:49 -------- d-----w- c:\users\junior\AppData\Roaming\Intelli-studio
2012-07-22 00:48 . 2012-07-22 00:48 -------- d-----w- c:\program files (x86)\Samsung
2012-07-21 05:46 . 2012-07-21 05:46 -------- d-----w- c:\users\junior\AppData\Local\adaware
2012-07-21 05:46 . 2012-08-10 11:28 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-21 05:44 . 2012-07-21 05:44 -------- d-----w- c:\users\junior\AppData\Local\Downloaded Installations
2012-07-18 00:00 . 2012-07-19 17:59 -------- d-----w- c:\users\junior\AppData\Roaming\NVIDIA
2012-07-17 23:53 . 2012-08-10 11:49 -------- d-----w- c:\programdata\NVIDIA
2012-07-17 23:53 . 2012-07-27 20:44 -------- d-----w- c:\users\UpdatusUser
2012-07-17 23:53 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-17 23:53 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-17 23:53 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-17 23:53 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-17 23:53 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-17 23:52 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-17 23:52 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-17 23:52 . 2012-07-17 23:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-17 23:33 . 2012-07-17 23:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-17 23:32 . 2012-07-17 23:32 -------- d-----w- c:\program files (x86)\Oracle
2012-07-17 23:31 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 23:29 . 2012-07-17 23:29 -------- d-----w- c:\programdata\McAfee
2012-07-17 19:41 . 2012-07-19 10:31 -------- d-----w- c:\users\junior\AppData\Roaming\Chief Architect Premier X3
2012-07-17 19:27 . 2012-07-17 19:27 -------- d-----w- c:\program files (x86)\Chief Architect
2012-07-17 18:47 . 2012-07-17 18:47 -------- d-----w- c:\programdata\Cadsoft
2012-07-17 18:46 . 2012-07-17 18:46 -------- d-----w- c:\program files (x86)\Common Files\Cadsoft
2012-07-17 18:46 . 2012-07-17 18:46 -------- d-----w- c:\program files (x86)\3D Home Architect
2012-07-17 18:46 . 2012-07-17 18:46 0 ----a-w- c:\windows\SysWow64\_r_a_p_.tmp
2012-07-15 13:22 . 2012-07-15 13:22 -------- d-----w- c:\users\Guest\AppData\Roaming\BitTorrent
2012-07-14 11:22 . 2012-07-14 11:22 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
2012-07-13 07:30 . 2012-07-13 07:30 -------- d-----w- c:\users\junior\AppData\Roaming\PDAppFlex
2012-07-13 07:24 . 2012-07-13 07:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-13 07:23 . 2012-07-13 07:24 -------- d-----w- c:\program files\Adobe
2012-07-13 07:17 . 2012-07-13 07:24 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-13 07:16 . 2012-07-13 07:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\users\junior\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-07-13 07:00 . 2012-07-13 07:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 00:20 . 2012-04-16 12:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 00:20 . 2011-12-20 01:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2012-01-03 06:02 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-12-21 03:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:02 . 2012-07-11 07:06 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-10 20:39 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-10 20:40 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-10 20:40 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-10 20:40 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-10 20:40 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-21 11:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:28 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 11:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 07:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 07:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 07:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 07:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 07:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 07:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 07:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-10 20:39 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-10 20:39 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-10 20:39 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-10 20:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-10 20:39 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-10 20:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-10 20:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-10 20:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-10 20:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-06-01 04:09 . 2012-06-01 04:09 53248 ----a-r- c:\users\junior\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-31 16:25 . 2011-12-19 03:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_20.00.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 12:41 . 2012-08-10 11:51 54616 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 11:51 40156 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-19 12:41 . 2012-08-10 11:51 19862 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-393138323-3341497379-3886798573-1000_UserData.bin
- 2012-08-09 19:57 . 2012-08-09 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 11:49 . 2012-08-10 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 11:49 . 2012-08-10 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 19:57 . 2012-08-09 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-09 19:56 481636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-10 11:48 481636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-08-09 16:55 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-08-09 20:12 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-12-19 22:55 . 2012-08-09 19:56 25849888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-393138323-3341497379-3886798573-1000-8192.dat
+ 2011-12-19 22:55 . 2012-08-10 11:48 25849888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-393138323-3341497379-3886798573-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\junior\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-12-24 941320]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
.
c:\users\junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Shutdown.lnk - c:\program files (x86)\Auto Shutdown\AutoShutdown.exe [2012-1-1 468480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 250056]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-24 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-03-25 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-03 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\junior\Desktop\real temp\WinRing0x64.sys [2008-07-27 14544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 279616]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 00:20]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 04:12]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 04:12]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393138323-3341497379-3886798573-1000Core.job
- c:\users\junior\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 05:26]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393138323-3341497379-3886798573-1000UA.job
- c:\users\junior\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 05:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={FA161AFD-D531-4889-B176-5B83A868CA22}&mid=ef81f8c01c4247d19f4ed156fae7c8bc-f2654e1f390ea64f86aa6976e0c98ae8f3f101eb&lang=en&ds=od011&pr=sa&d=2012-07-01 18:55&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.95.16.20 10.94.8.20
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\junior\AppData\Roaming\Mozilla\Firefox\Profiles\fzv9unaq.default-1341880650586\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
.
**************************************************************************
.
Completion time: 2012-08-10 07:56:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 11:56
ComboFix2.txt 2012-08-09 20:06
.
Pre-Run: 172,397,056,000 bytes free
Post-Run: 171,789,316,096 bytes free
.
- - End Of File - - 5D7A0C0BD1CC051E00C644AF84E45C34

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 10 August 2012 - 12:47 PM

Greetings


I want you to uninstall chrome and if asked about user data or settings then to remove that also


restart the computer and reinstall chrome - now check it out



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 12 August 2012 - 02:26 PM

Greetings


I want you to uninstall chrome and if asked about user data or settings then to remove that also


restart the computer and reinstall chrome - now check it out



gringo


Hi gringo, apologize for the late response.

Mozilla does have issues with redirecting. Not all my links are redirected. It happens randomly, so it just didn't happen the time I thought things were not being redirected but it just happened now. I uninstalled chrome and was only asked to delete browsign data. I did. Reinstalling it still led to redirections happening once in a while.

Edit, so far after many clicks I haven't noticed a redirection via chrome (reinstalled again) will keep checking.

Edited by yjr, 12 August 2012 - 02:28 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 12 August 2012 - 02:37 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
BitTorrent
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 August 2012 - 08:01 AM

Hello

:P2P Warning!:



Gringo[/b]


I can't say for certain if it's gone (as it happens certain times when I click a link, say a search result in google). All the same clicking around for a couple of minutes hasn't resulted in any redirections yet. Programs were uninstalled and malaware was run. Log below:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
junior :: JUNIOR-PC [administrator]

8/13/2012 12:06:16 AM
mbam-log-2012-08-13 (00-06-16).txt

Scan type: Full scan (A:\|C:\|D:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 576068
Time elapsed: 1 hour(s), 36 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:03 AM, on 8/13/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Users\junior\AppData\Local\Akamai\netsession_win.exe
C:\Users\junior\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\junior\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\junior\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\junior\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={FA161AFD-D531-4889-B176-5B83A868CA22}&mid=ef81f8c01c4247d19f4ed156fae7c8bc-f2654e1f390ea64f86aa6976e0c98ae8f3f101eb&lang=en&ds=od011&pr=sa&d=2012-07-01 18:55:39&v=11.1.0.12&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\junior\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-393138323-3341497379-3886798573-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-393138323-3341497379-3886798573-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O4 - Startup: Auto Shutdown.lnk = C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdn_device - Unknown owner - C:\Windows\system32\lxdncoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16072 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 13 August 2012 - 04:46 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\junior\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-393138323-3341497379-3886798573-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-393138323-3341497379-3886798573-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 August 2012 - 08:48 PM

Greetings

[/list][/list]

Gringo



Hi,
I went through with the fix for hijackthis.

My results for scanning with eset is below. PS "D" is an internal drive I use for storage.

C:\Users\junior\AppData\Local\{84A26AAD-CAE1-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\junior\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application
D:\downloads 5.16.12\cnet2_AutoShutdown_exe.exe a variant of Win32/InstallCore.D application
D:\downloads 5.16.12\cnet2_DTLite4451-0236_exe.exe a variant of Win32/InstallCore.D application
D:\downloads 5.16.12\cnet_fk_zip.exe a variant of Win32/InstallCore.D application
D:\Rar form\Niend\NitroPDFPro6.0.1.8PortableByFM\Nitro PDF Pro 6.0.1.8 Portable\Nitro_PDF_Professional_6.0.1.8.exe Win32/HackTool.Patcher.A application
D:\Sort out files\to sort\Kingston contents\Usb recovery\freewarePrimoPDF.exe Win32/OpenCandy application
D:\Vista\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 PM

Posted 14 August 2012 - 12:41 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\junior\AppData\Local\{84A26AAD-CAE1-11E1-8270-B8AC6F996F26}"
    del /f /s /q "C:\Users\junior\Downloads\OrbitDownloaderSetup.exe"
    del /f /s /q "D:\downloads 5.16.12\cnet2_AutoShutdown_exe.exe"
    del /f /s /q "D:\downloads 5.16.12\cnet2_DTLite4451-0236_exe.exe"
    del /f /s /q "D:\downloads 5.16.12\cnet_fk_zip.exe"
    del /f /s /q "D:\Rar form\Niend\NitroPDFPro6.0.1.8PortableByFM\Nitro PDF Pro 6.0.1.8 Portable\Nitro_PDF_Professional_6.0.1.8.exe"
    del /f /s /q "D:\Sort out files\to sort\Kingston contents\Usb recovery\freewarePrimoPDF.exe"
    del /f /s /q "D:\Vista\Downloads\CouponPrinter.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 yjr

yjr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 16 August 2012 - 08:50 PM

Hello



Gringo


Hey Gringo my apolgies for not replying sooner. Things do feel a bit smoother but there was a bit of a redirect at somepoint. I was redirected to these to places:


http://click.gethotresults.com/ads-clicktrack/click/jump1.do?sid=rDmvOaE9u%2FDlgp9xlsTCz31ZxHjUE90rQnaNiE%2F3Z5sj5YN5IdCUmw%3D%3D&affiliate=46573&subid=178303-361-28356&rc=0&terms=Coleman%20Scott%20vs%20Kenichi%20Yumoto



http://medicalfinders.net/?id=87UQilvNPApdku7z-20Z5bSud7LqFKKY_t9s5BuYGnCq8tOSHRKfGaN4p-ci9xQs2pHa_xXoD5XjO3gaurmdEHXGaUWCc8aJ-SA6NPRID20SkXnk

However it hasn't happened again (though I have not been the computer much these past few days. I will surf more on the weekend and will look for any more issues.

Definitely appreciate all the help. And apologies once again for taking so long to get back

- edit I did go ahead and go through the removal process

Edited by yjr, 16 August 2012 - 08:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users