Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win:32Malware-gen and Win:32 sirefef virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 paris painter

paris painter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 12 August 2012 - 10:52 PM

hello there,
first off,thank you so much in advance. i've used bleeping computer's help with my husband's computer. i can't figure out how mine got infected but...
avast informs that Infected file is C:\Windows\Installer\{ba807076-9f20-119f-178d-ed2211f1031b}\U\ as Win:32Malware-gen / Win32:Trojan-gen and is blocking harmful websites. I was trying everything and nothing helped to stop this. i did a malwarebytes anti-malware scan and deleted 32 viruses. then an avast scan for another 7. then i found the list of logs to run before asking for help so here i am with logs in hand. the first is the malwarebytes log after the intial scan that eliminated the 32 and it is
MALWAREBYTES
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
linda :: LINDA-PC [administrator]

12/08/2012 13:32:07
mbam-log-2012-08-12 (13-32-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198836
Time elapsed: 18 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz39CF.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz588.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz7DEF.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz86ED.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz9622.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzC9D5.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzCD4C.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzDE27.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzE2A4.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzE7F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzF9EF.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

then i did
OTL
OTL logfile created on: 12/08/2012 19:20:38 - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\linda\Desktop\scan logs and programs 08.2012
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,09 Mb Total Physical Memory | 193,36 Mb Available Physical Memory | 19,09% Memory free
1,99 Gb Paging File | 0,78 Gb Available in Paging File | 39,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 11,24 Gb Free Space | 5,11% Space Free | Partition Type: NTFS

Computer Name: LINDA-PC | User Name: linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 12:16:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\linda\Desktop\scan logs and programs 08.2012\OTL.exe
PRC - [2012/08/03 11:23:49 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/17 17:59:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 11:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 11:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2011/11/28 08:36:30 | 004,692,296 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/10/01 03:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 03:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/01 19:06:40 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 19:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/25 12:23:16 | 001,801,064 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 13:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 13:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/31 12:14:56 | 012,609,352 | ---- | M] () -- C:\Program Files\Video Web Camera\VideoWebCamera.exe
PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/11 09:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
PRC - [2010/06/11 09:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
PRC - [2010/06/11 09:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
PRC - [2010/06/08 13:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 13:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 00:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/04 10:28:36 | 000,184,320 | ---- | M] (Ours Technology Inc.) -- C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 11:23:46 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/17 17:59:51 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 01:52:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/15 01:51:01 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/15 01:47:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 01:47:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/13 14:41:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll
MOD - [2012/05/13 02:52:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 02:49:11 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/13 02:48:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 02:47:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 02:46:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 02:46:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 02:44:31 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/03/26 15:47:33 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
MOD - [2011/08/26 05:05:31 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 16:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 16:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 09:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 09:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 07:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 07:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 07:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 07:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/06/01 19:11:18 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 19:10:46 | 000,011,016 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\fr-FR\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll
MOD - [2011/06/01 19:06:34 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 12:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 12:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/26 05:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 05:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010/11/26 19:59:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/12 20:58:32 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/31 12:14:56 | 012,609,352 | ---- | M] () -- C:\Program Files\Video Web Camera\VideoWebCamera.exe
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/08/03 11:23:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 17:59:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/02 11:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 03:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 03:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/01 19:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/11/26 11:46:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 09:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/08 13:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 00:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\nxppkero.sys -- (wqalgitt)
DRV - [2012/08/12 13:30:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 12:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/10/01 03:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 03:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 03:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 03:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/24 05:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/07/15 17:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 02:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/102
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\linda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/13 01:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/05 08:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/18 15:20:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/05 08:03:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:59:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/18 15:20:48 | 000,000,000 | ---D | M]

[2011/11/02 04:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\mozilla\Extensions
[2012/07/17 11:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\linda\AppData\Roaming\mozilla\Firefox\Profiles\zwirutyp.default\extensions
[2012/07/17 11:37:57 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\linda\AppData\Roaming\mozilla\Firefox\Profiles\zwirutyp.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2012/07/15 14:47:46 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\linda\AppData\Roaming\mozilla\Firefox\Profiles\zwirutyp.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011/06/11 06:13:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\linda\AppData\Roaming\mozilla\Firefox\Profiles\zwirutyp.default\extensions\engine@conduit.com
[2011/12/19 12:39:20 | 000,000,933 | ---- | M] () -- C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\zwirutyp.default\searchplugins\conduit.xml
[2012/05/04 02:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/10/09 06:16:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/17 17:59:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/27 09:34:09 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/27 09:34:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/27 09:34:09 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/27 09:34:09 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/11/01 17:34:05 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/06/27 09:34:09 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/27 09:34:09 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - homepage: http://www.searchqu.com/102
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.searchqu.com/102
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\linda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: uTorrentBar_FR = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-102551191-1488360619-4100991086-1000\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [OMEA] C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKU\S-1-5-21-102551191-1488360619-4100991086-1000..\Run: [Facebook Update] C:\Users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-102551191-1488360619-4100991086-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-102551191-1488360619-4100991086-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-102551191-1488360619-4100991086-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C62D91-E5AB-4C8E-A99A-8F100A9665AC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 13:30:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/12 09:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/12 09:48:35 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\scan logs and programs 08.2012
[2012/08/10 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8A006D2EA018488050F875F020
[2012/07/23 18:17:59 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\{F1AB6148-31E3-4CB2-8459-084A49BBE696}
[2012/07/23 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\linda\AppData\Local\{060C0C2C-B791-41AB-BF30-96C2B2338685}
[2012/07/20 16:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
[2012/07/20 16:37:17 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2012/07/20 16:36:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/07/20 16:33:52 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC5200L.dll
[2012/07/20 16:33:51 | 001,335,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC5200C.dll
[2012/07/20 16:33:51 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC5200I.dll
[2012/07/20 16:33:51 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC5200U.dll
[2012/07/20 16:33:50 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2012/07/20 16:33:37 | 000,290,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMAE.DLL
[2012/07/19 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\linda\Desktop\folk fest dossier 2012
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/12 19:44:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-102551191-1488360619-4100991086-1000UA.job
[2012/08/12 19:44:06 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-102551191-1488360619-4100991086-1000Core.job
[2012/08/12 19:28:01 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/08/12 19:22:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 19:15:10 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 19:13:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 19:13:34 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 18:53:05 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/08/12 18:52:47 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 18:52:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 18:51:55 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 13:30:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/03 11:23:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 11:23:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 13:38:42 | 001,986,842 | ---- | M] () -- C:\Users\linda\Desktop\pattie's soap.jpg
[2012/08/01 10:38:25 | 000,362,955 | ---- | M] () -- C:\Users\linda\Desktop\gregos.jpg
[2012/07/20 17:16:18 | 000,709,530 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/07/20 17:16:18 | 000,622,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/20 17:16:18 | 000,109,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/20 17:16:18 | 000,007,206 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[15 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 18:10:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/08/01 13:38:39 | 001,986,842 | ---- | C] () -- C:\Users\linda\Desktop\pattie's soap.jpg
[2012/08/01 10:38:21 | 000,362,955 | ---- | C] () -- C:\Users\linda\Desktop\gregos.jpg
[2012/07/20 16:33:52 | 000,013,056 | ---- | C] () -- C:\Windows\System32\CNC1749D.TBL
[2012/07/08 18:20:07 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/01/11 06:40:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\@
[2012/01/11 06:40:24 | 000,002,048 | -HS- | C] () -- C:\Users\linda\AppData\Local\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\@
[2012/01/09 10:16:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/28 18:45:56 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2011/12/26 11:44:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/03 06:58:05 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/12/02 18:30:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Funk Animals
[2011/12/02 18:30:58 | 000,000,268 | RH-- | C] () -- C:\Users\linda\AppData\Roaming\Fonts
[2011/12/02 18:30:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/02 18:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fruit
[2011/12/02 18:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\linda\AppData\Roaming\Font Book
[2011/12/02 18:30:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/02 18:30:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2011/12/02 18:30:56 | 000,000,268 | RH-- | C] () -- C:\Users\linda\AppData\Roaming\Folder Actions Handlers
[2011/12/02 18:30:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/02 06:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2011/12/02 06:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\linda\AppData\Roaming\Nature Sounds
[2011/12/02 06:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/12/02 06:27:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Overdrive
[2011/12/02 06:27:13 | 000,000,268 | RH-- | C] () -- C:\Users\linda\AppData\Roaming\NetServices
[2011/12/02 06:15:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/08/05 07:44:19 | 000,186,973 | ---- | C] () -- C:\Windows\hpoins51.dat
[2011/08/05 07:44:19 | 000,000,572 | ---- | C] () -- C:\Windows\hpomdl51.dat
[2011/07/27 11:21:54 | 000,161,313 | ---- | C] () -- C:\Users\linda\MIDDLE.jpg
[2011/06/23 15:44:57 | 000,019,968 | ---- | C] () -- C:\Users\linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 10:26:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/26 20:02:26 | 000,709,530 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2010/11/26 20:02:26 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2010/11/26 20:02:26 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2010/11/26 20:02:26 | 000,007,206 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2010/08/30 02:57:11 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010/08/30 02:23:49 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010/08/30 02:23:49 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010/08/30 02:23:49 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/08/30 02:23:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010/08/30 02:23:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/08/30 02:23:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/08/30 02:23:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/08/30 02:23:49 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010/08/30 02:23:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/07/14 07:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 05:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 05:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/14 07:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=A302BBFF2A7278C0E239EE5D471D86A9 -- C:\Windows\System32\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/26 19:59:24 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2010/11/26 19:59:24 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui

< MD5 for: SERVICES.HTM >
[2012/01/22 06:45:35 | 000,000,497 | ---- | M] () MD5=1B56D9D09CBB58C2BE6FD84FE7563DEC -- C:\Users\linda\Documents\My Ewisoft Web\59 Rivoli\local\user\pages\services.htm
[2012/01/22 07:06:05 | 000,003,355 | ---- | M] () MD5=FBA5F1FF09DCDA97EEDFD9C04265942D -- C:\Users\linda\Documents\My Ewisoft Web\59 Rivoli\local\preview\pages\services.htm

< MD5 for: SERVICES.LNK >
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/26 19:59:19 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2010/11/26 19:59:19 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 13:14:34 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 13:14:04 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/14 07:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/14 07:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >


then
aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 23:30:47
-----------------------------
23:30:47.878 OS Version: Windows 6.1.7601 Service Pack 1
23:30:47.878 Number of processors: 2 586 0x1C0A
23:30:47.886 ComputerName: LINDA-PC UserName: linda
23:31:13.523 Initialize success
23:31:16.081 AVAST engine defs: 12081201
23:32:32.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:32:32.012 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
23:32:32.354 Disk 0 MBR read successfully
23:32:32.367 Disk 0 MBR scan
23:32:32.378 Disk 0 Windows 7 default MBR code
23:32:32.420 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
23:32:32.460 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
23:32:32.505 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
23:32:32.889 Disk 0 scanning sectors +488394752
23:32:33.043 Disk 0 scanning C:\Windows\system32\drivers
23:33:07.276 Service scanning
23:34:25.885 Modules scanning
23:35:20.594 Disk 0 trace - called modules:
23:35:20.616 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
23:35:20.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860fb948]
23:35:20.619 3 CLASSPNP.SYS[86d9159e] -> nt!IofCallDriver -> [0x84655360]
23:35:20.621 5 ACPI.sys[866a43d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8461e028]
23:35:22.581 AVAST engine scan C:\Windows
23:35:28.229 AVAST engine scan C:\Windows\system32
23:41:45.592 AVAST engine scan C:\Windows\system32\drivers
23:42:10.134 AVAST engine scan C:\Users\linda
23:44:14.465 Disk 0 MBR has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\MBR.dat"
23:44:14.502 The log file has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\aswMBR log 2.txt"


the warnings are still coming up. i've deleted 100s from the avast virus chest. what next?
thank you!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 13 August 2012 - 04:00 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 August 2012 - 02:46 PM

hi gringo
thanks for the quick reply. before getting your response last night, i tried one more thing Roguekiller. that stopped the problem. i'm not sure if everything is fine. i ran another malwarebyte's antimalware scan and it says that all is fine. the computer is running normally with no constant messages. i did run the security check as well. here are the logs for
1. Roguekiller
2. Security Check
3. Malwarebyte's Antimalware
i did not run Combofix as i know it's very strong and if everything is really okay, i didn't want to change it. could you quickly glance thru these logs and let me know if you think they are ok? thank you so so much! i will be definitely making a donation as soon as im sure my computer is safe for online banking.

1.ROGUEKILLER
RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur: linda [Droits d'admin]
Mode: Suppression -- Date: 13/08/2012 00:27:08

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] trz11D7.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz11D7.tmp --> REMOVED
[Del.Parent][FILE] trz1774.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz1774.tmp --> REMOVED
[Del.Parent][FILE] trz18F4.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz18F4.tmp --> REMOVED
[Del.Parent][FILE] trz1A6B.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz1A6B.tmp --> REMOVED
[Del.Parent][FILE] trz399F.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz399F.tmp --> REMOVED
[Del.Parent][FILE] trz39D3.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz39D3.tmp --> REMOVED
[Del.Parent][FILE] trz4BF6.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz4BF6.tmp --> REMOVED
[Del.Parent][FILE] trz50E.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz50E.tmp --> REMOVED
[Del.Parent][FILE] trz50F.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz50F.tmp --> REMOVED
[Del.Parent][FILE] trz5490.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz5490.tmp --> REMOVED
[Del.Parent][FILE] trz7046.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz7046.tmp --> REMOVED
[Del.Parent][FILE] trz7784.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz7784.tmp --> REMOVED
[Del.Parent][FILE] trz77A4.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz77A4.tmp --> REMOVED
[Del.Parent][FILE] trz8A01.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz8A01.tmp --> REMOVED
[Del.Parent][FILE] trz90A1.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz90A1.tmp --> REMOVED
[Del.Parent][FILE] trz9A90.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz9A90.tmp --> REMOVED
[Del.Parent][FILE] trz9A92.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trz9A92.tmp --> REMOVED
[Del.Parent][FILE] trzA283.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzA283.tmp --> REMOVED
[Del.Parent][FILE] trzA8AB.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzA8AB.tmp --> REMOVED
[Del.Parent][FILE] trzB553.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzB553.tmp --> REMOVED
[Del.Parent][FILE] trzB6DB.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzB6DB.tmp --> REMOVED
[Del.Parent][FILE] trzB8C6.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzB8C6.tmp --> REMOVED
[Del.Parent][FILE] trzC121.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzC121.tmp --> REMOVED
[Del.Parent][FILE] trzC129.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzC129.tmp --> REMOVED
[Del.Parent][FILE] trzC9B0.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzC9B0.tmp --> REMOVED
[Del.Parent][FILE] trzC9D6.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzC9D6.tmp --> REMOVED
[Del.Parent][FILE] trzDE5E.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzDE5E.tmp --> REMOVED
[Del.Parent][FILE] trzEAB0.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzEAB0.tmp --> REMOVED
[Del.Parent][FILE] trzEAF0.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzEAF0.tmp --> REMOVED
[Del.Parent][FILE] trzEED.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzEED.tmp --> REMOVED
[Del.Parent][FILE] trzF3E3.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzF3E3.tmp --> REMOVED
[Del.Parent][FILE] trzFD1B.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzFD1B.tmp --> REMOVED
[Del.Parent][FILE] trzFF4E.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzFF4E.tmp --> REMOVED
[Del.Parent][FILE] trzFF7D.tmp : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U\trzFF7D.tmp --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] L : c:\windows\installer\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\linda\appdata\local\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\linda\appdata\local\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\linda\appdata\local\{2acbbc90-bc75-1687-3fae-cc766d7fbc66}\L --> REMOVED
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> REPLACED AT REBOOT (c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe)
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] d3058ab587efa5bb6d0e6b6792296351
[BSP] 7b24558a43d307a286391f9e256e19ca : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


2. SECURITY CHECK

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

3. MALWAREBYTE'S ANTIMALWARE
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
linda :: LINDA-PC [administrator]

13/08/2012 12:14:31
mbam-log-2012-08-13 (12-14-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199225
Time elapsed: 19 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 13 August 2012 - 03:12 PM

go ahead and run combofix for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 August 2012 - 05:13 PM

ComboFix 12-08-10.02 - linda 13/08/2012 17:16:23.1.2 - x86
Microsoft Windows 7 Édition Starter 6.1.7601.1.1252.33.1036.18.1013.328 [GMT -4:00]
Lancé depuis: c:\users\linda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
c:\windows\system32\SETEFBA.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-13 au 2012-08-13 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-13 21:47 . 2012-08-13 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 13:56 . 2012-08-12 13:56 -------- d-----w- c:\program files\ESET
2012-08-10 17:17 . 2012-08-11 12:07 -------- d-----w- c:\programdata\036DFF8A006D2EA018488050F875F020
2012-07-20 20:37 . 2012-07-20 20:37 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-20 20:36 . 2012-07-20 20:36 -------- d--h--w- c:\programdata\CanonBJ
2012-07-20 20:36 . 2010-08-25 09:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL
2012-07-20 20:36 . 2010-08-25 09:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL
2012-07-20 20:33 . 2010-03-18 23:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll
2012-07-20 20:33 . 2010-03-18 21:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll
2012-07-20 20:33 . 2010-03-18 21:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll
2012-07-20 20:33 . 2010-03-18 21:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll
2012-07-20 20:33 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-07-20 20:33 . 2010-08-25 09:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 15:23 . 2012-03-29 21:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 15:23 . 2011-06-12 12:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 17:47 . 2012-08-02 17:47 0 ----a-w- c:\windows\system32\sho95C5.tmp
2012-07-30 13:30 . 2012-07-30 13:30 0 ----a-w- c:\windows\system32\shoD844.tmp
2012-07-18 06:39 . 2012-07-18 06:39 0 ----a-w- c:\windows\system32\sho28E2.tmp
2012-07-03 16:21 . 2011-06-10 14:41 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-24 08:31 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-06-10 14:41 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-06-10 14:41 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-06-10 14:41 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-06-10 14:41 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-06-10 14:41 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-06-10 14:41 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 02:51 . 2012-06-22 02:51 0 ----a-w- c:\windows\system32\shoD3F7.tmp
2012-06-15 21:10 . 2012-06-15 21:10 0 ----a-w- c:\windows\system32\sho4222.tmp
2012-06-12 02:40 . 2012-07-11 09:10 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-10 00:45 . 2012-06-10 00:45 0 ----a-w- c:\windows\system32\shoE006.tmp
2012-06-06 05:05 . 2012-07-11 07:22 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:22 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:21 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:55 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:55 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:54 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:54 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:55 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:55 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:54 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 01:53 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 01:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 07:22 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:22 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:22 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:22 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:22 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2011-06-10 14:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 23:24 . 2012-05-30 23:24 0 ----a-w- c:\windows\system32\sho2660.tmp
2012-05-28 00:09 . 2012-05-28 00:09 0 ----a-w- c:\windows\system32\sho170B.tmp
2012-05-27 00:17 . 2012-05-27 00:17 0 ----a-w- c:\windows\system32\sho341D.tmp
2012-07-17 21:59 . 2012-06-27 13:34 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 1801064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 715296]
"OMEA"="c:\program files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" [2009-06-04 184320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-13 144608]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-17 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 wqalgitt;wqalgitt;c:\windows\System32\drivers\nxppkero.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 GREGService;GREGService;c:\program files\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:23]
.
2012-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-102551191-1488360619-4100991086-1000Core.job
- c:\users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 17:39]
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-102551191-1488360619-4100991086-1000UA.job
- c:\users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 17:39]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 10:16]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 10:16]
.
2012-08-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-01-09 14:27]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.searchqu.com/102
mStart Page = hxxp://packardbell.msn.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\zwirutyp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-102551191-1488360619-4100991086-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-102551191-1488360619-4100991086-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Heure de fin: 2012-08-13 18:06:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-13 22:06
.
Avant-CF: 12 057 075 712 octets libres
Après-CF: 15 583 014 912 octets libres
.
- - End Of File - - 88C6605F4EF7991BD3A8080F8383918B

#6 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 August 2012 - 05:37 PM

i just realized that windows defender was on. i didn't even know i had it. should i run it again with windows defender off?
also, it's in french. the computer is french so it must have just adapted itself because i downloaded it in english. sorry!

Edited by paris painter, 13 August 2012 - 05:39 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 13 August 2012 - 09:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 14 August 2012 - 11:22 AM

02:41:11.0343 6996 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:41:12.0096 6996 ============================================================
02:41:12.0096 6996 Current date / time: 2012/08/14 02:41:12.0096
02:41:12.0096 6996 SystemInfo:
02:41:12.0097 6996
02:41:12.0097 6996 OS Version: 6.1.7601 ServicePack: 1.0
02:41:12.0097 6996 Product type: Workstation
02:41:12.0098 6996 ComputerName: LINDA-PC
02:41:12.0098 6996 UserName: linda
02:41:12.0098 6996 Windows directory: C:\Windows
02:41:12.0098 6996 System windows directory: C:\Windows
02:41:12.0099 6996 Processor architecture: Intel x86
02:41:12.0099 6996 Number of processors: 2
02:41:12.0099 6996 Page size: 0x1000
02:41:12.0099 6996 Boot type: Normal boot
02:41:12.0099 6996 ============================================================
02:41:15.0110 6996 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:41:15.0183 6996 ============================================================
02:41:15.0183 6996 \Device\Harddisk0\DR0:
02:41:15.0219 6996 MBR partitions:
02:41:15.0220 6996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
02:41:15.0220 6996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
02:41:15.0220 6996 ============================================================
02:41:15.0854 6996 C: <-> \Device\Harddisk0\DR0\Partition1
02:41:15.0940 6996 ============================================================
02:41:15.0940 6996 Initialize success
02:41:15.0940 6996 ============================================================
02:41:22.0516 7024 ============================================================
02:41:22.0516 7024 Scan started
02:41:22.0516 7024 Mode: Manual;
02:41:22.0516 7024 ============================================================
02:41:24.0946 7024 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:41:24.0953 7024 1394ohci - ok
02:41:25.0030 7024 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:41:25.0069 7024 ACPI - ok
02:41:25.0112 7024 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:41:25.0114 7024 AcpiPmi - ok
02:41:25.0278 7024 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
02:41:25.0371 7024 AdobeActiveFileMonitor8.0 - ok
02:41:26.0372 7024 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:41:26.0394 7024 AdobeFlashPlayerUpdateSvc - ok
02:41:26.0913 7024 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:41:26.0977 7024 adp94xx - ok
02:41:27.0237 7024 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:41:27.0249 7024 adpahci - ok
02:41:27.0339 7024 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:41:27.0363 7024 adpu320 - ok
02:41:27.0723 7024 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
02:41:27.0735 7024 AeLookupSvc - ok
02:41:28.0903 7024 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:41:28.0971 7024 AFD - ok
02:41:29.0191 7024 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:41:29.0246 7024 agp440 - ok
02:41:29.0305 7024 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:41:29.0311 7024 aic78xx - ok
02:41:29.0376 7024 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
02:41:29.0383 7024 ALG - ok
02:41:29.0516 7024 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:41:29.0568 7024 aliide - ok
02:41:29.0859 7024 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:41:29.0907 7024 amdagp - ok
02:41:29.0983 7024 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:41:30.0016 7024 amdide - ok
02:41:30.0193 7024 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:41:30.0235 7024 AmdK8 - ok
02:41:30.0275 7024 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:41:30.0280 7024 AmdPPM - ok
02:41:30.0753 7024 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:41:30.0757 7024 amdsata - ok
02:41:31.0627 7024 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:41:31.0649 7024 amdsbs - ok
02:41:31.0872 7024 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:41:31.0933 7024 amdxata - ok
02:41:32.0371 7024 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:41:32.0399 7024 AppID - ok
02:41:32.0544 7024 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
02:41:32.0560 7024 AppIDSvc - ok
02:41:32.0864 7024 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
02:41:32.0877 7024 Appinfo - ok
02:41:33.0237 7024 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:41:33.0248 7024 Apple Mobile Device - ok
02:41:33.0502 7024 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:41:33.0510 7024 arc - ok
02:41:34.0539 7024 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:41:34.0572 7024 arcsas - ok
02:41:34.0745 7024 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
02:41:34.0761 7024 aswFsBlk - ok
02:41:34.0908 7024 aswKbd (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
02:41:34.0911 7024 aswKbd - ok
02:41:35.0048 7024 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
02:41:35.0053 7024 aswMonFlt - ok
02:41:35.0122 7024 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
02:41:35.0127 7024 aswRdr - ok
02:41:35.0225 7024 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
02:41:35.0241 7024 aswSnx - ok
02:41:35.0324 7024 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
02:41:35.0333 7024 aswSP - ok
02:41:35.0395 7024 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
02:41:35.0399 7024 aswTdi - ok
02:41:35.0598 7024 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:41:35.0625 7024 AsyncMac - ok
02:41:35.0737 7024 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:41:35.0741 7024 atapi - ok
02:41:37.0151 7024 athr (c35af075c15827d74b5c9702cbcb175b) C:\Windows\system32\DRIVERS\athr.sys
02:41:37.0245 7024 athr - ok
02:41:40.0426 7024 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:41:40.0453 7024 AudioEndpointBuilder - ok
02:41:40.0472 7024 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:41:40.0481 7024 Audiosrv - ok
02:41:40.0935 7024 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:41:40.0941 7024 avast! Antivirus - ok
02:41:40.0961 7024 avast! Firewall - ok
02:41:41.0223 7024 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
02:41:41.0231 7024 AxInstSV - ok
02:41:41.0515 7024 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:41:41.0529 7024 b06bdrv - ok
02:41:41.0568 7024 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:41:41.0585 7024 b57nd60x - ok
02:41:41.0630 7024 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
02:41:41.0635 7024 BDESVC - ok
02:41:41.0656 7024 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:41:41.0659 7024 Beep - ok
02:41:42.0770 7024 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
02:41:42.0795 7024 BFE - ok
02:41:43.0439 7024 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
02:41:43.0506 7024 BITS - ok
02:41:43.0544 7024 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:41:43.0548 7024 blbdrive - ok
02:41:43.0994 7024 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:41:44.0005 7024 Bonjour Service - ok
02:41:44.0061 7024 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:41:44.0100 7024 bowser - ok
02:41:44.0212 7024 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:41:44.0269 7024 BrFiltLo - ok
02:41:44.0300 7024 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:41:44.0305 7024 BrFiltUp - ok
02:41:44.0341 7024 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
02:41:44.0368 7024 BridgeMP - ok
02:41:44.0703 7024 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
02:41:44.0737 7024 Browser - ok
02:41:45.0850 7024 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:41:45.0863 7024 Brserid - ok
02:41:46.0019 7024 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:41:46.0071 7024 BrSerWdm - ok
02:41:46.0147 7024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:41:46.0192 7024 BrUsbMdm - ok
02:41:46.0209 7024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:41:46.0215 7024 BrUsbSer - ok
02:41:46.0247 7024 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:41:46.0251 7024 BTHMODEM - ok
02:41:46.0618 7024 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
02:41:46.0665 7024 bthserv - ok
02:41:48.0212 7024 catchme - ok
02:41:48.0270 7024 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:41:48.0293 7024 cdfs - ok
02:41:48.0760 7024 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
02:41:48.0804 7024 cdrom - ok
02:41:48.0934 7024 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:41:48.0944 7024 CertPropSvc - ok
02:41:49.0186 7024 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:41:49.0208 7024 circlass - ok
02:41:49.0757 7024 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:41:49.0792 7024 CLFS - ok
02:41:51.0172 7024 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:41:51.0189 7024 clr_optimization_v2.0.50727_32 - ok
02:41:51.0543 7024 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:41:51.0561 7024 clr_optimization_v4.0.30319_32 - ok
02:41:51.0588 7024 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:41:51.0596 7024 CmBatt - ok
02:41:51.0749 7024 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:41:51.0767 7024 cmdide - ok
02:41:52.0070 7024 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
02:41:52.0083 7024 CNG - ok
02:41:52.0226 7024 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:41:52.0232 7024 Compbatt - ok
02:41:52.0456 7024 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:41:52.0487 7024 CompositeBus - ok
02:41:52.0545 7024 COMSysApp - ok
02:41:52.0620 7024 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:41:52.0625 7024 crcdisk - ok
02:41:53.0844 7024 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
02:41:53.0859 7024 CryptSvc - ok
02:41:55.0492 7024 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:41:55.0604 7024 cvhsvc - ok
02:41:56.0938 7024 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:41:57.0019 7024 DcomLaunch - ok
02:41:57.0799 7024 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
02:41:57.0877 7024 defragsvc - ok
02:41:58.0059 7024 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:41:58.0074 7024 DfsC - ok
02:41:58.0263 7024 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
02:41:58.0276 7024 Dhcp - ok
02:41:58.0388 7024 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:41:58.0419 7024 discache - ok
02:41:58.0473 7024 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:41:58.0478 7024 Disk - ok
02:41:59.0183 7024 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
02:41:59.0194 7024 Dnscache - ok
02:41:59.0263 7024 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
02:41:59.0275 7024 dot3svc - ok
02:41:59.0547 7024 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
02:41:59.0580 7024 Dot4 - ok
02:41:59.0625 7024 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:41:59.0655 7024 Dot4Print - ok
02:41:59.0701 7024 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
02:41:59.0706 7024 dot4usb - ok
02:41:59.0781 7024 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
02:41:59.0790 7024 DPS - ok
02:41:59.0828 7024 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:41:59.0832 7024 drmkaud - ok
02:41:59.0970 7024 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files\Launch Manager\dsiwmis.exe
02:42:00.0005 7024 DsiWMIService - ok
02:42:00.0336 7024 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:42:00.0373 7024 DXGKrnl - ok
02:42:00.0441 7024 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
02:42:00.0456 7024 EapHost - ok
02:42:01.0991 7024 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:42:02.0094 7024 ebdrv - ok
02:42:02.0447 7024 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
02:42:02.0468 7024 EFS - ok
02:42:02.0811 7024 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:42:02.0846 7024 elxstor - ok
02:42:03.0272 7024 ePowerSvc (2609a5b13de9b2eeb38f3a83a406d079) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
02:42:03.0325 7024 ePowerSvc - ok
02:42:03.0432 7024 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:42:03.0453 7024 ErrDev - ok
02:42:03.0534 7024 EUCR (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
02:42:03.0541 7024 EUCR - ok
02:42:03.0726 7024 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
02:42:03.0771 7024 EventSystem - ok
02:42:04.0651 7024 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:42:04.0661 7024 exfat - ok
02:42:04.0695 7024 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:42:04.0700 7024 fastfat - ok
02:42:04.0821 7024 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
02:42:04.0838 7024 Fax - ok
02:42:04.0896 7024 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:42:04.0901 7024 fdc - ok
02:42:04.0948 7024 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
02:42:04.0955 7024 fdPHost - ok
02:42:04.0982 7024 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
02:42:04.0991 7024 FDResPub - ok
02:42:05.0026 7024 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:42:05.0032 7024 FileInfo - ok
02:42:05.0151 7024 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:42:05.0156 7024 Filetrace - ok
02:42:05.0541 7024 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:42:05.0589 7024 FLEXnet Licensing Service - ok
02:42:05.0641 7024 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:42:05.0664 7024 flpydisk - ok
02:42:05.0830 7024 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:42:05.0841 7024 FltMgr - ok
02:42:06.0052 7024 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
02:42:06.0075 7024 FontCache - ok
02:42:06.0181 7024 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:42:06.0189 7024 FontCache3.0.0.0 - ok
02:42:06.0237 7024 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:42:06.0262 7024 FsDepends - ok
02:42:06.0450 7024 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
02:42:06.0458 7024 fssfltr - ok
02:42:07.0710 7024 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:42:07.0877 7024 fsssvc - ok
02:42:08.0516 7024 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
02:42:08.0519 7024 Fs_Rec - ok
02:42:08.0694 7024 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:42:08.0705 7024 fvevol - ok
02:42:08.0778 7024 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:42:08.0783 7024 gagp30kx - ok
02:42:09.0023 7024 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
02:42:09.0033 7024 GameConsoleService - ok
02:42:09.0099 7024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:42:09.0102 7024 GEARAspiWDM - ok
02:42:09.0356 7024 Giraffic - ok
02:42:10.0018 7024 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
02:42:10.0036 7024 gpsvc - ok
02:42:10.0185 7024 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Packard Bell\Registration\GREGsvc.exe
02:42:10.0189 7024 GREGService - ok
02:42:10.0508 7024 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:42:10.0515 7024 gupdate - ok
02:42:10.0550 7024 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:42:10.0553 7024 gupdatem - ok
02:42:10.0658 7024 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:42:10.0663 7024 hcw85cir - ok
02:42:10.0859 7024 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:42:10.0872 7024 HdAudAddService - ok
02:42:10.0922 7024 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:42:10.0943 7024 HDAudBus - ok
02:42:10.0977 7024 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:42:10.0982 7024 HidBatt - ok
02:42:11.0013 7024 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:42:11.0018 7024 HidBth - ok
02:42:11.0043 7024 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:42:11.0047 7024 HidIr - ok
02:42:11.0235 7024 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
02:42:11.0268 7024 hidserv - ok
02:42:11.0400 7024 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
02:42:11.0407 7024 HidUsb - ok
02:42:11.0582 7024 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
02:42:11.0601 7024 hkmsvc - ok
02:42:12.0701 7024 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
02:42:12.0718 7024 HomeGroupListener - ok
02:42:12.0958 7024 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
02:42:12.0978 7024 HomeGroupProvider - ok
02:42:13.0313 7024 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
02:42:13.0382 7024 hpqcxs08 - ok
02:42:13.0495 7024 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
02:42:13.0499 7024 hpqddsvc - ok
02:42:13.0763 7024 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:42:13.0768 7024 HpSAMD - ok
02:42:14.0015 7024 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:42:14.0052 7024 HTTP - ok
02:42:14.0146 7024 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:42:14.0159 7024 hwpolicy - ok
02:42:14.0246 7024 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:42:14.0252 7024 i8042prt - ok
02:42:14.0362 7024 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
02:42:14.0370 7024 iaStor - ok
02:42:14.0503 7024 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:42:14.0508 7024 IAStorDataMgrSvc - ok
02:42:14.0651 7024 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:42:14.0661 7024 iaStorV - ok
02:42:15.0488 7024 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:42:15.0533 7024 IDriverT - ok
02:42:16.0156 7024 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:42:16.0244 7024 idsvc - ok
02:42:17.0283 7024 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:42:17.0437 7024 igfx - ok
02:42:18.0402 7024 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:42:18.0407 7024 iirsp - ok
02:42:18.0525 7024 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
02:42:18.0549 7024 IKEEXT - ok
02:42:19.0179 7024 IntcAzAudAddService (8c92829ccae93139b90c46389fbef4cf) C:\Windows\system32\drivers\RTKVHDA.sys
02:42:19.0276 7024 IntcAzAudAddService - ok
02:42:19.0787 7024 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:42:19.0794 7024 intelide - ok
02:42:19.0850 7024 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:42:19.0854 7024 intelppm - ok
02:42:19.0919 7024 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
02:42:19.0931 7024 IPBusEnum - ok
02:42:19.0960 7024 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:42:19.0967 7024 IpFilterDriver - ok
02:42:20.0146 7024 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
02:42:20.0171 7024 iphlpsvc - ok
02:42:20.0294 7024 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:42:20.0299 7024 IPMIDRV - ok
02:42:20.0859 7024 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:42:20.0865 7024 IPNAT - ok
02:42:21.0048 7024 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
02:42:21.0065 7024 iPod Service - ok
02:42:21.0126 7024 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:42:21.0148 7024 IRENUM - ok
02:42:21.0237 7024 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:42:21.0242 7024 isapnp - ok
02:42:21.0449 7024 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:42:21.0458 7024 iScsiPrt - ok
02:42:21.0549 7024 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
02:42:21.0554 7024 kbdclass - ok
02:42:21.0663 7024 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
02:42:21.0667 7024 kbdhid - ok
02:42:21.0728 7024 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:42:21.0740 7024 KeyIso - ok
02:42:21.0858 7024 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
02:42:21.0877 7024 KSecDD - ok
02:42:21.0984 7024 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
02:42:21.0991 7024 KSecPkg - ok
02:42:22.0167 7024 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
02:42:22.0187 7024 KtmRm - ok
02:42:22.0228 7024 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
02:42:22.0235 7024 L1C - ok
02:42:22.0345 7024 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
02:42:22.0367 7024 LanmanServer - ok
02:42:22.0441 7024 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
02:42:22.0548 7024 LanmanWorkstation - ok
02:42:22.0656 7024 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:42:22.0661 7024 lltdio - ok
02:42:22.0737 7024 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
02:42:22.0755 7024 lltdsvc - ok
02:42:22.0773 7024 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
02:42:22.0786 7024 lmhosts - ok
02:42:22.0833 7024 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:42:22.0839 7024 LSI_FC - ok
02:42:22.0869 7024 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:42:22.0874 7024 LSI_SAS - ok
02:42:22.0915 7024 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:42:22.0920 7024 LSI_SAS2 - ok
02:42:22.0939 7024 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:42:22.0945 7024 LSI_SCSI - ok
02:42:22.0974 7024 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:42:22.0980 7024 luafv - ok
02:42:23.0017 7024 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:42:23.0023 7024 megasas - ok
02:42:23.0087 7024 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:42:23.0097 7024 MegaSR - ok
02:42:23.0143 7024 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:42:23.0158 7024 MMCSS - ok
02:42:23.0772 7024 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:42:23.0776 7024 Modem - ok
02:42:23.0829 7024 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:42:23.0834 7024 monitor - ok
02:42:23.0953 7024 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
02:42:23.0958 7024 mouclass - ok
02:42:23.0993 7024 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:42:23.0999 7024 mouhid - ok
02:42:24.0090 7024 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:42:24.0108 7024 mountmgr - ok
02:42:24.0516 7024 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:42:24.0587 7024 MozillaMaintenance - ok
02:42:24.0704 7024 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:42:24.0725 7024 mpio - ok
02:42:24.0764 7024 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:42:24.0776 7024 mpsdrv - ok
02:42:25.0014 7024 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
02:42:25.0039 7024 MpsSvc - ok
02:42:25.0216 7024 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:42:25.0222 7024 MRxDAV - ok
02:42:25.0336 7024 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:42:25.0401 7024 mrxsmb - ok
02:42:25.0467 7024 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:42:25.0475 7024 mrxsmb10 - ok
02:42:25.0503 7024 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:42:25.0515 7024 mrxsmb20 - ok
02:42:25.0621 7024 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:42:25.0626 7024 msahci - ok
02:42:25.0746 7024 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:42:25.0752 7024 msdsm - ok
02:42:25.0800 7024 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
02:42:25.0816 7024 MSDTC - ok
02:42:25.0860 7024 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:42:25.0869 7024 Msfs - ok
02:42:25.0895 7024 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:42:25.0900 7024 mshidkmdf - ok
02:42:26.0482 7024 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:42:26.0510 7024 msisadrv - ok
02:42:26.0579 7024 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
02:42:26.0592 7024 MSiSCSI - ok
02:42:26.0606 7024 msiserver - ok
02:42:26.0646 7024 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:42:26.0651 7024 MSKSSRV - ok
02:42:26.0669 7024 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:42:26.0675 7024 MSPCLOCK - ok
02:42:26.0689 7024 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:42:26.0694 7024 MSPQM - ok
02:42:26.0729 7024 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:42:26.0736 7024 MsRPC - ok
02:42:26.0879 7024 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:42:26.0883 7024 mssmbios - ok
02:42:26.0897 7024 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:42:26.0902 7024 MSTEE - ok
02:42:26.0932 7024 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:42:26.0937 7024 MTConfig - ok
02:42:26.0964 7024 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:42:26.0971 7024 Mup - ok
02:42:27.0055 7024 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
02:42:27.0077 7024 napagent - ok
02:42:27.0360 7024 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:42:27.0370 7024 NativeWifiP - ok
02:42:27.0497 7024 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:42:27.0530 7024 NDIS - ok
02:42:27.0583 7024 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:42:27.0598 7024 NdisCap - ok
02:42:27.0642 7024 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:42:27.0647 7024 NdisTapi - ok
02:42:27.0749 7024 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:42:27.0755 7024 Ndisuio - ok
02:42:27.0826 7024 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:42:27.0833 7024 NdisWan - ok
02:42:27.0915 7024 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:42:27.0921 7024 NDProxy - ok
02:42:27.0993 7024 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
02:42:28.0025 7024 Net Driver HPZ12 - ok
02:42:28.0091 7024 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:42:28.0096 7024 NetBIOS - ok
02:42:28.0200 7024 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:42:28.0213 7024 NetBT - ok
02:42:29.0049 7024 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:42:29.0060 7024 Netlogon - ok
02:42:29.0224 7024 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
02:42:29.0242 7024 Netman - ok
02:42:29.0327 7024 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
02:42:29.0362 7024 netprofm - ok
02:42:29.0553 7024 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:42:29.0558 7024 NetTcpPortSharing - ok
02:42:29.0597 7024 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:42:29.0602 7024 nfrd960 - ok
02:42:29.0671 7024 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
02:42:29.0696 7024 NlaSvc - ok
02:42:29.0721 7024 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:42:29.0726 7024 Npfs - ok
02:42:29.0768 7024 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
02:42:29.0782 7024 nsi - ok
02:42:29.0807 7024 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:42:29.0812 7024 nsiproxy - ok
02:42:29.0992 7024 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:42:30.0019 7024 Ntfs - ok
02:42:30.0057 7024 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:42:30.0062 7024 Null - ok
02:42:30.0129 7024 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:42:30.0135 7024 nvraid - ok
02:42:30.0175 7024 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:42:30.0182 7024 nvstor - ok
02:42:30.0339 7024 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:42:30.0345 7024 nv_agp - ok
02:42:30.0368 7024 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:42:30.0374 7024 ohci1394 - ok
02:42:30.0461 7024 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:42:30.0469 7024 ose - ok
02:42:31.0992 7024 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:42:32.0196 7024 osppsvc - ok
02:42:32.0609 7024 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:42:32.0650 7024 p2pimsvc - ok
02:42:32.0716 7024 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
02:42:32.0742 7024 p2psvc - ok
02:42:32.0926 7024 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:42:32.0940 7024 Parport - ok
02:42:33.0022 7024 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
02:42:33.0028 7024 partmgr - ok
02:42:33.0061 7024 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:42:33.0066 7024 Parvdm - ok
02:42:33.0119 7024 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
02:42:33.0137 7024 PcaSvc - ok
02:42:33.0204 7024 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:42:33.0211 7024 pci - ok
02:42:33.0229 7024 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:42:33.0235 7024 pciide - ok
02:42:33.0272 7024 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:42:33.0289 7024 pcmcia - ok
02:42:33.0312 7024 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:42:33.0321 7024 pcw - ok
02:42:34.0199 7024 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:42:34.0224 7024 PEAUTH - ok
02:42:34.0946 7024 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
02:42:35.0016 7024 pla - ok
02:42:35.0432 7024 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
02:42:35.0459 7024 PlugPlay - ok
02:42:35.0527 7024 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
02:42:35.0597 7024 Pml Driver HPZ12 - ok
02:42:35.0706 7024 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
02:42:35.0724 7024 PNRPAutoReg - ok
02:42:35.0775 7024 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:42:35.0793 7024 PNRPsvc - ok
02:42:36.0768 7024 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
02:42:36.0785 7024 PolicyAgent - ok
02:42:36.0876 7024 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
02:42:36.0898 7024 Power - ok
02:42:36.0984 7024 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:42:36.0989 7024 PptpMiniport - ok
02:42:37.0014 7024 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:42:37.0020 7024 Processor - ok
02:42:37.0200 7024 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
02:42:37.0218 7024 ProfSvc - ok
02:42:37.0297 7024 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:42:37.0308 7024 ProtectedStorage - ok
02:42:37.0362 7024 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:42:37.0379 7024 Psched - ok
02:42:37.0427 7024 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
02:42:37.0468 7024 PxHelp20 - ok
02:42:37.0665 7024 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:42:37.0694 7024 ql2300 - ok
02:42:38.0202 7024 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:42:38.0209 7024 ql40xx - ok
02:42:38.0261 7024 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
02:42:38.0283 7024 QWAVE - ok
02:42:38.0298 7024 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:42:38.0304 7024 QWAVEdrv - ok
02:42:38.0330 7024 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:42:38.0336 7024 RasAcd - ok
02:42:38.0381 7024 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:42:38.0385 7024 RasAgileVpn - ok
02:42:38.0449 7024 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
02:42:38.0466 7024 RasAuto - ok
02:42:38.0510 7024 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:42:38.0516 7024 Rasl2tp - ok
02:42:39.0318 7024 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
02:42:39.0339 7024 RasMan - ok
02:42:39.0372 7024 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:42:39.0378 7024 RasPppoe - ok
02:42:39.0406 7024 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:42:39.0420 7024 RasSstp - ok
02:42:39.0610 7024 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:42:39.0618 7024 rdbss - ok
02:42:39.0648 7024 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:42:39.0653 7024 rdpbus - ok
02:42:39.0726 7024 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:42:39.0731 7024 RDPCDD - ok
02:42:39.0784 7024 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:42:39.0800 7024 RDPENCDD - ok
02:42:39.0821 7024 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:42:39.0827 7024 RDPREFMP - ok
02:42:39.0980 7024 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
02:42:39.0988 7024 RDPWD - ok
02:42:40.0067 7024 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:42:40.0075 7024 rdyboost - ok
02:42:40.0114 7024 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
02:42:40.0139 7024 RemoteAccess - ok
02:42:40.0200 7024 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
02:42:40.0220 7024 RemoteRegistry - ok
02:42:40.0265 7024 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
02:42:40.0284 7024 RpcEptMapper - ok
02:42:40.0314 7024 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
02:42:40.0329 7024 RpcLocator - ok
02:42:40.0449 7024 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:42:40.0472 7024 RpcSs - ok
02:42:40.0529 7024 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:42:40.0547 7024 rspndr - ok
02:42:40.0618 7024 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:42:40.0632 7024 SamSs - ok
02:42:40.0704 7024 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:42:40.0711 7024 sbp2port - ok
02:42:40.0833 7024 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
02:42:40.0861 7024 SCardSvr - ok
02:42:40.0919 7024 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:42:40.0935 7024 scfilter - ok
02:42:41.0848 7024 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
02:42:41.0896 7024 Schedule - ok
02:42:42.0050 7024 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:42:42.0055 7024 SCPolicySvc - ok
02:42:42.0205 7024 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
02:42:42.0225 7024 SDRSVC - ok
02:42:42.0514 7024 SeagateDashboardService (2c542fb84b26459d437b22a9bc63c14d) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
02:42:42.0520 7024 SeagateDashboardService - ok
02:42:42.0628 7024 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:42:42.0649 7024 secdrv - ok
02:42:42.0699 7024 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
02:42:42.0716 7024 seclogon - ok
02:42:42.0747 7024 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
02:42:42.0771 7024 SENS - ok
02:42:42.0794 7024 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:42:42.0800 7024 Serenum - ok
02:42:42.0855 7024 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:42:42.0861 7024 Serial - ok
02:42:43.0025 7024 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:42:43.0041 7024 sermouse - ok
02:42:43.0160 7024 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
02:42:43.0186 7024 SessionEnv - ok
02:42:43.0280 7024 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:42:43.0297 7024 sffdisk - ok
02:42:43.0329 7024 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:42:43.0336 7024 sffp_mmc - ok
02:42:43.0369 7024 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:42:43.0374 7024 sffp_sd - ok
02:42:43.0409 7024 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:42:43.0414 7024 sfloppy - ok
02:42:43.0516 7024 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:42:43.0538 7024 Sftfs - ok
02:42:44.0478 7024 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
02:42:44.0490 7024 sftlist - ok
02:42:44.0658 7024 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:42:44.0666 7024 Sftplay - ok
02:42:44.0695 7024 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:42:44.0701 7024 Sftredir - ok
02:42:44.0727 7024 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:42:44.0732 7024 Sftvol - ok
02:42:44.0839 7024 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
02:42:44.0845 7024 sftvsa - ok
02:42:45.0010 7024 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
02:42:45.0041 7024 SharedAccess - ok
02:42:45.0118 7024 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
02:42:45.0146 7024 ShellHWDetection - ok
02:42:45.0224 7024 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:42:45.0239 7024 sisagp - ok
02:42:45.0307 7024 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:42:45.0314 7024 SiSRaid2 - ok
02:42:45.0341 7024 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:42:45.0347 7024 SiSRaid4 - ok
02:42:45.0550 7024 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
02:42:45.0557 7024 SkypeUpdate - ok
02:42:45.0671 7024 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:42:45.0683 7024 Smb - ok
02:42:45.0768 7024 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
02:42:45.0790 7024 SNMPTRAP - ok
02:42:45.0850 7024 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:42:45.0855 7024 spldr - ok
02:42:46.0014 7024 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
02:42:46.0077 7024 Spooler - ok
02:42:47.0484 7024 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
02:42:47.0656 7024 sppsvc - ok
02:42:47.0920 7024 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
02:42:47.0940 7024 sppuinotify - ok
02:42:48.0087 7024 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:42:48.0096 7024 srv - ok
02:42:48.0170 7024 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:42:48.0180 7024 srv2 - ok
02:42:48.0271 7024 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:42:48.0301 7024 srvnet - ok
02:42:48.0370 7024 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
02:42:48.0392 7024 SSDPSRV - ok
02:42:48.0432 7024 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
02:42:48.0467 7024 SstpSvc - ok
02:42:48.0582 7024 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:42:48.0588 7024 stexstor - ok
02:42:48.0690 7024 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
02:42:48.0695 7024 StillCam - ok
02:42:49.0507 7024 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
02:42:49.0540 7024 StiSvc - ok
02:42:49.0612 7024 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:42:49.0617 7024 swenum - ok
02:42:49.0694 7024 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
02:42:49.0725 7024 swprv - ok
02:42:49.0815 7024 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
02:42:49.0825 7024 SynTP - ok
02:42:50.0005 7024 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
02:42:50.0067 7024 SysMain - ok
02:42:50.0131 7024 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
02:42:50.0179 7024 TabletInputService - ok
02:42:50.0353 7024 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
02:42:50.0388 7024 TapiSrv - ok
02:42:50.0440 7024 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
02:42:50.0472 7024 TBS - ok
02:42:50.0783 7024 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
02:42:50.0851 7024 Tcpip - ok
02:42:50.0919 7024 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
02:42:50.0941 7024 TCPIP6 - ok
02:42:51.0051 7024 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:42:51.0057 7024 tcpipreg - ok
02:42:51.0124 7024 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:42:51.0138 7024 TDPIPE - ok
02:42:51.0195 7024 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
02:42:51.0201 7024 TDTCP - ok
02:42:51.0261 7024 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:42:51.0268 7024 tdx - ok
02:42:52.0191 7024 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:42:52.0199 7024 TermDD - ok
02:42:52.0346 7024 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
02:42:52.0377 7024 TermService - ok
02:42:52.0457 7024 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
02:42:52.0477 7024 Themes - ok
02:42:52.0565 7024 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:42:52.0578 7024 THREADORDER - ok
02:42:52.0645 7024 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
02:42:52.0671 7024 TrkWks - ok
02:42:52.0841 7024 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
02:42:52.0858 7024 TrustedInstaller - ok
02:42:52.0978 7024 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:42:52.0987 7024 tssecsrv - ok
02:42:53.0157 7024 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:42:53.0166 7024 TsUsbFlt - ok
02:42:53.0232 7024 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:42:53.0239 7024 tunnel - ok
02:42:53.0291 7024 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:42:53.0297 7024 uagp35 - ok
02:42:53.0425 7024 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:42:53.0438 7024 udfs - ok
02:42:53.0498 7024 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
02:42:53.0520 7024 UI0Detect - ok
02:42:53.0672 7024 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:42:53.0688 7024 uliagpkx - ok
02:42:53.0725 7024 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:42:53.0729 7024 umbus - ok
02:42:53.0763 7024 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:42:53.0767 7024 UmPass - ok
02:42:54.0917 7024 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
02:42:54.0976 7024 Updater Service - ok
02:42:55.0037 7024 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
02:42:55.0089 7024 upnphost - ok
02:42:55.0213 7024 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:42:55.0218 7024 usbccgp - ok
02:42:55.0329 7024 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:42:55.0337 7024 usbcir - ok
02:42:55.0397 7024 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
02:42:55.0401 7024 usbehci - ok
02:42:55.0487 7024 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:42:55.0502 7024 usbhub - ok
02:42:55.0535 7024 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
02:42:55.0539 7024 usbohci - ok
02:42:55.0570 7024 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:42:55.0576 7024 usbprint - ok
02:42:55.0676 7024 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
02:42:55.0691 7024 usbscan - ok
02:42:55.0772 7024 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:42:55.0779 7024 USBSTOR - ok
02:42:55.0834 7024 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
02:42:55.0839 7024 usbuhci - ok
02:42:55.0973 7024 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
02:42:55.0995 7024 usbvideo - ok
02:42:56.0068 7024 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
02:42:56.0088 7024 UxSms - ok
02:42:56.0232 7024 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:42:56.0248 7024 VaultSvc - ok
02:42:56.0354 7024 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:42:56.0360 7024 vdrvroot - ok
02:42:57.0287 7024 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
02:42:57.0376 7024 vds - ok
02:42:57.0457 7024 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:42:57.0465 7024 vga - ok
02:42:57.0501 7024 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:42:57.0507 7024 VgaSave - ok
02:42:57.0638 7024 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:42:57.0665 7024 vhdmp - ok
02:42:57.0761 7024 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:42:57.0770 7024 viaagp - ok
02:42:57.0836 7024 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:42:57.0841 7024 ViaC7 - ok
02:42:57.0867 7024 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:42:57.0884 7024 viaide - ok
02:42:57.0914 7024 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:42:57.0918 7024 volmgr - ok
02:42:58.0040 7024 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:42:58.0052 7024 volmgrx - ok
02:42:58.0241 7024 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:42:58.0250 7024 volsnap - ok
02:42:58.0299 7024 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:42:58.0307 7024 vsmraid - ok
02:42:58.0520 7024 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
02:42:58.0557 7024 VSS - ok
02:42:58.0604 7024 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
02:42:58.0608 7024 vwifibus - ok
02:42:58.0735 7024 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
02:42:58.0754 7024 vwififlt - ok
02:42:58.0815 7024 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
02:42:58.0834 7024 W32Time - ok
02:42:58.0866 7024 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:42:58.0871 7024 WacomPen - ok
02:42:58.0989 7024 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:42:58.0996 7024 WANARP - ok
02:42:59.0012 7024 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:42:59.0017 7024 Wanarpv6 - ok
02:43:00.0137 7024 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
02:43:00.0230 7024 wbengine - ok
02:43:00.0551 7024 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
02:43:00.0586 7024 WbioSrvc - ok
02:43:00.0951 7024 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
02:43:01.0019 7024 wcncsvc - ok
02:43:01.0075 7024 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
02:43:01.0096 7024 WcsPlugInService - ok
02:43:01.0173 7024 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:43:01.0179 7024 Wd - ok
02:43:01.0268 7024 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:43:01.0282 7024 Wdf01000 - ok
02:43:01.0324 7024 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:43:01.0346 7024 WdiServiceHost - ok
02:43:01.0359 7024 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:43:01.0382 7024 WdiSystemHost - ok
02:43:01.0448 7024 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
02:43:01.0473 7024 WebClient - ok
02:43:01.0508 7024 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
02:43:01.0531 7024 Wecsvc - ok
02:43:01.0565 7024 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
02:43:01.0587 7024 wercplsupport - ok
02:43:01.0636 7024 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
02:43:01.0663 7024 WerSvc - ok
02:43:02.0428 7024 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:43:02.0433 7024 WfpLwf - ok
02:43:02.0469 7024 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:43:02.0474 7024 WIMMount - ok
02:43:02.0717 7024 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
02:43:02.0734 7024 WinDefend - ok
02:43:02.0758 7024 WinHttpAutoProxySvc - ok
02:43:03.0191 7024 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
02:43:03.0216 7024 Winmgmt - ok
02:43:03.0731 7024 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
02:43:03.0840 7024 WinRM - ok
02:43:03.0976 7024 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
02:43:04.0012 7024 Wlansvc - ok
02:43:04.0988 7024 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:43:05.0023 7024 wlcrasvc - ok
02:43:05.0300 7024 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:43:05.0336 7024 wlidsvc - ok
02:43:05.0688 7024 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:43:05.0694 7024 WmiAcpi - ok
02:43:05.0781 7024 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
02:43:05.0789 7024 wmiApSrv - ok
02:43:06.0113 7024 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:43:06.0145 7024 WMPNetworkSvc - ok
02:43:06.0214 7024 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
02:43:06.0236 7024 WPCSvc - ok
02:43:06.0300 7024 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
02:43:06.0325 7024 WPDBusEnum - ok
02:43:06.0402 7024 wqalgitt - ok
02:43:06.0453 7024 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:43:06.0458 7024 ws2ifsl - ok
02:43:06.0500 7024 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
02:43:06.0524 7024 wscsvc - ok
02:43:06.0555 7024 WSearch - ok
02:43:07.0802 7024 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:43:07.0918 7024 wuauserv - ok
02:43:08.0245 7024 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:43:08.0252 7024 WudfPf - ok
02:43:08.0295 7024 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:43:08.0305 7024 WUDFRd - ok
02:43:08.0386 7024 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
02:43:08.0414 7024 wudfsvc - ok
02:43:08.0501 7024 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
02:43:08.0527 7024 WwanSvc - ok
02:43:08.0615 7024 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:43:09.0048 7024 \Device\Harddisk0\DR0 - ok
02:43:09.0076 7024 Boot (0x1200) (f0b7dfdcd3ec87d3f6d284e18928e3da) \Device\Harddisk0\DR0\Partition0
02:43:09.0080 7024 \Device\Harddisk0\DR0\Partition0 - ok
02:43:09.0099 7024 Boot (0x1200) (5979c50ebdaeb914198ced7202aacd7d) \Device\Harddisk0\DR0\Partition1
02:43:09.0103 7024 \Device\Harddisk0\DR0\Partition1 - ok
02:43:09.0105 7024 ============================================================
02:43:09.0105 7024 Scan finished
02:43:09.0105 7024 ============================================================
02:43:10.0177 4540 Detected object count: 0
02:43:10.0177 4540 Actual detected object count: 0
02:43:47.0751 7668 ============================================================
02:43:47.0751 7668 Scan started
02:43:47.0751 7668 Mode: Manual;
02:43:47.0751 7668 ============================================================
02:43:48.0580 7668 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:43:48.0585 7668 1394ohci - ok
02:43:48.0770 7668 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:43:48.0776 7668 ACPI - ok
02:43:48.0895 7668 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:43:48.0916 7668 AcpiPmi - ok
02:43:49.0881 7668 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
02:43:49.0886 7668 AdobeActiveFileMonitor8.0 - ok
02:43:49.0986 7668 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:43:49.0994 7668 AdobeFlashPlayerUpdateSvc - ok
02:43:50.0083 7668 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:43:50.0091 7668 adp94xx - ok
02:43:50.0148 7668 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:43:50.0154 7668 adpahci - ok
02:43:50.0203 7668 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:43:50.0207 7668 adpu320 - ok
02:43:50.0302 7668 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
02:43:50.0306 7668 AeLookupSvc - ok
02:43:50.0400 7668 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:43:50.0407 7668 AFD - ok
02:43:50.0503 7668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:43:50.0505 7668 agp440 - ok
02:43:50.0580 7668 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:43:50.0585 7668 aic78xx - ok
02:43:50.0639 7668 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
02:43:50.0642 7668 ALG - ok
02:43:50.0693 7668 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:43:50.0695 7668 aliide - ok
02:43:50.0765 7668 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:43:50.0767 7668 amdagp - ok
02:43:50.0835 7668 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:43:50.0837 7668 amdide - ok
02:43:50.0894 7668 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:43:50.0897 7668 AmdK8 - ok
02:43:50.0938 7668 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:43:50.0940 7668 AmdPPM - ok
02:43:51.0017 7668 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:43:51.0020 7668 amdsata - ok
02:43:51.0096 7668 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:43:51.0100 7668 amdsbs - ok
02:43:51.0236 7668 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:43:51.0238 7668 amdxata - ok
02:43:51.0438 7668 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:43:51.0440 7668 AppID - ok
02:43:51.0566 7668 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
02:43:51.0569 7668 AppIDSvc - ok
02:43:51.0640 7668 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
02:43:51.0643 7668 Appinfo - ok
02:43:51.0775 7668 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:43:51.0780 7668 Apple Mobile Device - ok
02:43:51.0840 7668 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:43:51.0843 7668 arc - ok
02:43:51.0893 7668 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:43:51.0896 7668 arcsas - ok
02:43:51.0953 7668 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
02:43:51.0955 7668 aswFsBlk - ok
02:43:52.0570 7668 aswKbd (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
02:43:52.0572 7668 aswKbd - ok
02:43:52.0632 7668 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
02:43:52.0634 7668 aswMonFlt - ok
02:43:52.0686 7668 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
02:43:52.0688 7668 aswRdr - ok
02:43:52.0780 7668 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
02:43:52.0797 7668 aswSnx - ok
02:43:52.0896 7668 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
02:43:52.0906 7668 aswSP - ok
02:43:52.0938 7668 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
02:43:52.0942 7668 aswTdi - ok
02:43:52.0994 7668 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:43:52.0997 7668 AsyncMac - ok
02:43:53.0068 7668 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:43:53.0071 7668 atapi - ok
02:43:53.0272 7668 athr (c35af075c15827d74b5c9702cbcb175b) C:\Windows\system32\DRIVERS\athr.sys
02:43:53.0325 7668 athr - ok
02:43:53.0518 7668 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:43:53.0528 7668 AudioEndpointBuilder - ok
02:43:53.0562 7668 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:43:53.0585 7668 Audiosrv - ok
02:43:53.0709 7668 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:43:53.0712 7668 avast! Antivirus - ok
02:43:53.0737 7668 avast! Firewall - ok
02:43:53.0809 7668 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
02:43:53.0813 7668 AxInstSV - ok
02:43:53.0910 7668 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:43:53.0922 7668 b06bdrv - ok
02:43:53.0972 7668 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:43:53.0979 7668 b57nd60x - ok
02:43:54.0036 7668 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
02:43:54.0041 7668 BDESVC - ok
02:43:54.0084 7668 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:43:54.0088 7668 Beep - ok
02:43:54.0189 7668 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
02:43:54.0199 7668 BFE - ok
02:43:54.0281 7668 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
02:43:54.0309 7668 BITS - ok
02:43:54.0350 7668 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:43:54.0356 7668 blbdrive - ok
02:43:54.0474 7668 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:43:54.0483 7668 Bonjour Service - ok
02:43:54.0545 7668 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:43:54.0550 7668 bowser - ok
02:43:54.0596 7668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:43:54.0601 7668 BrFiltLo - ok
02:43:54.0639 7668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:43:54.0643 7668 BrFiltUp - ok
02:43:54.0690 7668 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
02:43:54.0695 7668 BridgeMP - ok
02:43:54.0776 7668 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
02:43:54.0781 7668 Browser - ok
02:43:54.0837 7668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:43:54.0847 7668 Brserid - ok
02:43:54.0884 7668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:43:54.0888 7668 BrSerWdm - ok
02:43:54.0919 7668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:43:54.0923 7668 BrUsbMdm - ok
02:43:54.0952 7668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:43:54.0957 7668 BrUsbSer - ok
02:43:54.0990 7668 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:43:54.0994 7668 BTHMODEM - ok
02:43:55.0058 7668 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
02:43:55.0062 7668 bthserv - ok
02:43:55.0752 7668 catchme - ok
02:43:55.0808 7668 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:43:55.0813 7668 cdfs - ok
02:43:55.0907 7668 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
02:43:55.0912 7668 cdrom - ok
02:43:55.0989 7668 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:43:55.0993 7668 CertPropSvc - ok
02:43:56.0039 7668 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:43:56.0043 7668 circlass - ok
02:43:56.0114 7668 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:43:56.0121 7668 CLFS - ok
02:43:56.0201 7668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:43:56.0208 7668 clr_optimization_v2.0.50727_32 - ok
02:43:56.0289 7668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:43:56.0295 7668 clr_optimization_v4.0.30319_32 - ok
02:43:56.0362 7668 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:43:56.0366 7668 CmBatt - ok
02:43:56.0436 7668 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:43:56.0440 7668 cmdide - ok
02:43:56.0531 7668 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
02:43:56.0542 7668 CNG - ok
02:43:56.0587 7668 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:43:56.0591 7668 Compbatt - ok
02:43:56.0665 7668 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:43:56.0669 7668 CompositeBus - ok
02:43:56.0698 7668 COMSysApp - ok
02:43:56.0759 7668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:43:56.0762 7668 crcdisk - ok
02:43:56.0851 7668 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
02:43:56.0859 7668 CryptSvc - ok
02:43:57.0033 7668 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:43:57.0052 7668 cvhsvc - ok
02:43:57.0192 7668 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:43:57.0213 7668 DcomLaunch - ok
02:43:57.0270 7668 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
02:43:57.0278 7668 defragsvc - ok
02:43:57.0371 7668 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:43:57.0374 7668 DfsC - ok
02:43:57.0467 7668 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
02:43:57.0476 7668 Dhcp - ok
02:43:57.0538 7668 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:43:57.0541 7668 discache - ok
02:43:57.0579 7668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:43:57.0581 7668 Disk - ok
02:43:57.0638 7668 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
02:43:57.0646 7668 Dnscache - ok
02:43:57.0738 7668 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
02:43:57.0747 7668 dot3svc - ok
02:43:57.0833 7668 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
02:43:57.0837 7668 Dot4 - ok
02:43:57.0908 7668 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:43:57.0910 7668 Dot4Print - ok
02:43:57.0951 7668 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
02:43:57.0954 7668 dot4usb - ok
02:43:58.0031 7668 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
02:43:58.0039 7668 DPS - ok
02:43:58.0089 7668 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:43:58.0092 7668 drmkaud - ok
02:43:58.0744 7668 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files\Launch Manager\dsiwmis.exe
02:43:58.0750 7668 DsiWMIService - ok
02:43:58.0874 7668 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:43:58.0885 7668 DXGKrnl - ok
02:43:58.0946 7668 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
02:43:58.0954 7668 EapHost - ok
02:43:59.0230 7668 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:43:59.0281 7668 ebdrv - ok
02:43:59.0477 7668 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
02:43:59.0488 7668 EFS - ok
02:43:59.0583 7668 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:43:59.0591 7668 elxstor - ok
02:43:59.0740 7668 ePowerSvc (2609a5b13de9b2eeb38f3a83a406d079) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
02:43:59.0751 7668 ePowerSvc - ok
02:43:59.0863 7668 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:43:59.0865 7668 ErrDev - ok
02:44:00.0067 7668 EUCR (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
02:44:00.0072 7668 EUCR - ok
02:44:00.0259 7668 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
02:44:00.0271 7668 EventSystem - ok
02:44:00.0320 7668 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:44:00.0328 7668 exfat - ok
02:44:00.0378 7668 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:44:00.0382 7668 fastfat - ok
02:44:00.0473 7668 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
02:44:00.0487 7668 Fax - ok
02:44:00.0522 7668 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:44:00.0525 7668 fdc - ok
02:44:00.0575 7668 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
02:44:00.0581 7668 fdPHost - ok
02:44:00.0610 7668 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
02:44:00.0629 7668 FDResPub - ok
02:44:00.0675 7668 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:44:00.0678 7668 FileInfo - ok
02:44:00.0731 7668 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:44:00.0733 7668 Filetrace - ok
02:44:01.0833 7668 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:44:01.0850 7668 FLEXnet Licensing Service - ok
02:44:01.0890 7668 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:44:01.0893 7668 flpydisk - ok
02:44:01.0950 7668 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:44:01.0955 7668 FltMgr - ok
02:44:02.0081 7668 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
02:44:02.0098 7668 FontCache - ok
02:44:02.0207 7668 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:44:02.0210 7668 FontCache3.0.0.0 - ok
02:44:02.0254 7668 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:44:02.0257 7668 FsDepends - ok
02:44:02.0332 7668 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
02:44:02.0335 7668 fssfltr - ok
02:44:02.0526 7668 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:44:02.0547 7668 fsssvc - ok
02:44:02.0721 7668 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
02:44:02.0723 7668 Fs_Rec - ok
02:44:02.0799 7668 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:44:02.0803 7668 fvevol - ok
02:44:02.0854 7668 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:44:02.0858 7668 gagp30kx - ok
02:44:02.0996 7668 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
02:44:03.0003 7668 GameConsoleService - ok
02:44:03.0070 7668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:44:03.0073 7668 GEARAspiWDM - ok
02:44:03.0156 7668 Giraffic - ok
02:44:03.0288 7668 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
02:44:03.0311 7668 gpsvc - ok
02:44:03.0391 7668 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files\Packard Bell\Registration\GREGsvc.exe
02:44:03.0393 7668 GREGService - ok
02:44:04.0035 7668 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:44:04.0064 7668 gupdate - ok
02:44:04.0076 7668 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:44:04.0080 7668 gupdatem - ok
02:44:04.0154 7668 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:44:04.0157 7668 hcw85cir - ok
02:44:04.0289 7668 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:44:04.0297 7668 HdAudAddService - ok
02:44:04.0365 7668 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:44:04.0369 7668 HDAudBus - ok
02:44:04.0427 7668 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:44:04.0430 7668 HidBatt - ok
02:44:04.0475 7668 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:44:04.0478 7668 HidBth - ok
02:44:04.0503 7668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:44:04.0506 7668 HidIr - ok
02:44:04.0573 7668 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
02:44:04.0581 7668 hidserv - ok
02:44:04.0698 7668 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
02:44:04.0701 7668 HidUsb - ok
02:44:04.0767 7668 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
02:44:04.0783 7668 hkmsvc - ok
02:44:04.0816 7668 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
02:44:04.0827 7668 HomeGroupListener - ok
02:44:04.0943 7668 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
02:44:04.0960 7668 HomeGroupProvider - ok
02:44:05.0286 7668 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
02:44:05.0293 7668 hpqcxs08 - ok
02:44:05.0441 7668 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
02:44:05.0447 7668 hpqddsvc - ok
02:44:05.0569 7668 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:44:05.0574 7668 HpSAMD - ok
02:44:05.0769 7668 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:44:05.0781 7668 HTTP - ok
02:44:05.0851 7668 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:44:05.0853 7668 hwpolicy - ok
02:44:05.0907 7668 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:44:05.0911 7668 i8042prt - ok
02:44:05.0986 7668 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
02:44:05.0992 7668 iaStor - ok
02:44:06.0601 7668 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:44:06.0606 7668 IAStorDataMgrSvc - ok
02:44:06.0684 7668 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:44:06.0693 7668 iaStorV - ok
02:44:06.0801 7668 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:44:06.0807 7668 IDriverT - ok
02:44:06.0961 7668 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:44:06.0984 7668 idsvc - ok
02:44:07.0398 7668 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:44:07.0452 7668 igfx - ok
02:44:07.0607 7668 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:44:07.0610 7668 iirsp - ok
02:44:07.0709 7668 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
02:44:07.0729 7668 IKEEXT - ok
02:44:07.0957 7668 IntcAzAudAddService (8c92829ccae93139b90c46389fbef4cf) C:\Windows\system32\drivers\RTKVHDA.sys
02:44:07.0997 7668 IntcAzAudAddService - ok
02:44:08.0182 7668 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:44:08.0185 7668 intelide - ok
02:44:08.0236 7668 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:44:08.0241 7668 intelppm - ok
02:44:08.0290 7668 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
02:44:08.0298 7668 IPBusEnum - ok
02:44:08.0322 7668 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:44:08.0325 7668 IpFilterDriver - ok
02:44:08.0397 7668 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
02:44:08.0412 7668 iphlpsvc - ok
02:44:08.0466 7668 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:44:08.0469 7668 IPMIDRV - ok
02:44:08.0496 7668 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:44:08.0500 7668 IPNAT - ok
02:44:08.0641 7668 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
02:44:08.0653 7668 iPod Service - ok
02:44:09.0077 7668 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:44:09.0081 7668 IRENUM - ok
02:44:09.0149 7668 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:44:09.0152 7668 isapnp - ok
02:44:09.0206 7668 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:44:09.0213 7668 iScsiPrt - ok
02:44:09.0244 7668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
02:44:09.0249 7668 kbdclass - ok
02:44:09.0285 7668 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
02:44:09.0287 7668 kbdhid - ok
02:44:09.0335 7668 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:44:09.0344 7668 KeyIso - ok
02:44:09.0405 7668 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
02:44:09.0407 7668 KSecDD - ok
02:44:09.0460 7668 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
02:44:09.0463 7668 KSecPkg - ok
02:44:09.0526 7668 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
02:44:09.0538 7668 KtmRm - ok
02:44:09.0579 7668 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
02:44:09.0582 7668 L1C - ok
02:44:09.0648 7668 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
02:44:09.0663 7668 LanmanServer - ok
02:44:09.0723 7668 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
02:44:09.0738 7668 LanmanWorkstation - ok
02:44:09.0784 7668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:44:09.0787 7668 lltdio - ok
02:44:09.0833 7668 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
02:44:09.0843 7668 lltdsvc - ok
02:44:09.0868 7668 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
02:44:09.0876 7668 lmhosts - ok
02:44:09.0916 7668 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:44:09.0920 7668 LSI_FC - ok
02:44:09.0952 7668 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:44:09.0955 7668 LSI_SAS - ok
02:44:09.0986 7668 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:44:09.0988 7668 LSI_SAS2 - ok
02:44:10.0006 7668 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:44:10.0011 7668 LSI_SCSI - ok
02:44:10.0046 7668 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:44:10.0049 7668 luafv - ok
02:44:10.0089 7668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:44:10.0091 7668 megasas - ok
02:44:10.0132 7668 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:44:10.0137 7668 MegaSR - ok
02:44:10.0181 7668 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:44:10.0192 7668 MMCSS - ok
02:44:10.0221 7668 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:44:10.0224 7668 Modem - ok
02:44:10.0245 7668 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:44:10.0247 7668 monitor - ok
02:44:10.0308 7668 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
02:44:10.0311 7668 mouclass - ok
02:44:10.0333 7668 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:44:10.0335 7668 mouhid - ok
02:44:10.0392 7668 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:44:10.0395 7668 mountmgr - ok
02:44:10.0482 7668 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:44:10.0489 7668 MozillaMaintenance - ok
02:44:10.0558 7668 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:44:10.0565 7668 mpio - ok
02:44:10.0605 7668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:44:10.0609 7668 mpsdrv - ok
02:44:10.0706 7668 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
02:44:10.0727 7668 MpsSvc - ok
02:44:10.0789 7668 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:44:10.0794 7668 MRxDAV - ok
02:44:10.0855 7668 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:44:10.0859 7668 mrxsmb - ok
02:44:10.0927 7668 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:44:10.0932 7668 mrxsmb10 - ok
02:44:10.0964 7668 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:44:10.0967 7668 mrxsmb20 - ok
02:44:11.0023 7668 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:44:11.0025 7668 msahci - ok
02:44:11.0090 7668 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:44:11.0094 7668 msdsm - ok
02:44:11.0773 7668 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
02:44:11.0796 7668 MSDTC - ok
02:44:11.0842 7668 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:44:11.0845 7668 Msfs - ok
02:44:11.0867 7668 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:44:11.0869 7668 mshidkmdf - ok
02:44:11.0921 7668 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:44:11.0923 7668 msisadrv - ok
02:44:11.0962 7668 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
02:44:11.0970 7668 MSiSCSI - ok
02:44:11.0984 7668 msiserver - ok
02:44:12.0017 7668 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:44:12.0019 7668 MSKSSRV - ok
02:44:12.0040 7668 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:44:12.0042 7668 MSPCLOCK - ok
02:44:12.0055 7668 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:44:12.0058 7668 MSPQM - ok
02:44:12.0099 7668 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:44:12.0103 7668 MsRPC - ok
02:44:12.0129 7668 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:44:12.0132 7668 mssmbios - ok
02:44:12.0157 7668 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:44:12.0160 7668 MSTEE - ok
02:44:12.0182 7668 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:44:12.0185 7668 MTConfig - ok
02:44:12.0214 7668 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:44:12.0216 7668 Mup - ok
02:44:12.0289 7668 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
02:44:12.0305 7668 napagent - ok
02:44:12.0343 7668 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:44:12.0348 7668 NativeWifiP - ok
02:44:12.0410 7668 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:44:12.0422 7668 NDIS - ok
02:44:12.0455 7668 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:44:12.0457 7668 NdisCap - ok
02:44:12.0490 7668 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:44:12.0492 7668 NdisTapi - ok
02:44:12.0545 7668 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:44:12.0548 7668 Ndisuio - ok
02:44:12.0616 7668 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:44:12.0620 7668 NdisWan - ok
02:44:12.0675 7668 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:44:12.0678 7668 NDProxy - ok
02:44:12.0709 7668 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
02:44:12.0715 7668 Net Driver HPZ12 - ok
02:44:12.0751 7668 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:44:12.0755 7668 NetBIOS - ok
02:44:12.0823 7668 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:44:12.0829 7668 NetBT - ok
02:44:12.0880 7668 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:44:12.0888 7668 Netlogon - ok
02:44:12.0943 7668 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
02:44:12.0957 7668 Netman - ok
02:44:12.0998 7668 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
02:44:13.0013 7668 netprofm - ok
02:44:13.0116 7668 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:44:13.0121 7668 NetTcpPortSharing - ok
02:44:13.0160 7668 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:44:13.0164 7668 nfrd960 - ok
02:44:13.0256 7668 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
02:44:13.0276 7668 NlaSvc - ok
02:44:13.0326 7668 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:44:13.0329 7668 Npfs - ok
02:44:13.0373 7668 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
02:44:13.0383 7668 nsi - ok
02:44:13.0401 7668 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:44:13.0406 7668 nsiproxy - ok
02:44:13.0540 7668 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:44:13.0558 7668 Ntfs - ok
02:44:13.0595 7668 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:44:13.0598 7668 Null - ok
02:44:13.0657 7668 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:44:13.0660 7668 nvraid - ok
02:44:13.0685 7668 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:44:13.0689 7668 nvstor - ok
02:44:13.0751 7668 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:44:13.0754 7668 nv_agp - ok
02:44:13.0785 7668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:44:13.0789 7668 ohci1394 - ok
02:44:14.0323 7668 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:44:14.0334 7668 ose - ok
02:44:14.0651 7668 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:44:14.0730 7668 osppsvc - ok
02:44:14.0896 7668 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:44:14.0922 7668 p2pimsvc - ok
02:44:14.0968 7668 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
02:44:14.0982 7668 p2psvc - ok
02:44:15.0036 7668 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:44:15.0040 7668 Parport - ok
02:44:15.0098 7668 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
02:44:15.0101 7668 partmgr - ok
02:44:15.0122 7668 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:44:15.0124 7668 Parvdm - ok
02:44:15.0165 7668 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
02:44:15.0177 7668 PcaSvc - ok
02:44:15.0242 7668 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:44:15.0246 7668 pci - ok
02:44:15.0279 7668 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:44:15.0281 7668 pciide - ok
02:44:15.0322 7668 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:44:15.0326 7668 pcmcia - ok
02:44:15.0351 7668 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:44:15.0353 7668 pcw - ok
02:44:15.0416 7668 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:44:15.0425 7668 PEAUTH - ok
02:44:15.0604 7668 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
02:44:15.0646 7668 pla - ok
02:44:15.0812 7668 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
02:44:15.0833 7668 PlugPlay - ok
02:44:15.0888 7668 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
02:44:15.0896 7668 Pml Driver HPZ12 - ok
02:44:15.0940 7668 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
02:44:15.0953 7668 PNRPAutoReg - ok
02:44:15.0992 7668 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:44:16.0005 7668 PNRPsvc - ok
02:44:16.0734 7668 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
02:44:16.0750 7668 PolicyAgent - ok
02:44:16.0826 7668 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
02:44:16.0840 7668 Power - ok
02:44:16.0900 7668 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:44:16.0903 7668 PptpMiniport - ok
02:44:16.0929 7668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:44:16.0932 7668 Processor - ok
02:44:16.0999 7668 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
02:44:17.0012 7668 ProfSvc - ok
02:44:17.0069 7668 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:44:17.0077 7668 ProtectedStorage - ok
02:44:17.0124 7668 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:44:17.0128 7668 Psched - ok
02:44:17.0166 7668 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
02:44:17.0169 7668 PxHelp20 - ok
02:44:17.0290 7668 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:44:17.0311 7668 ql2300 - ok
02:44:17.0466 7668 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:44:17.0471 7668 ql40xx - ok
02:44:17.0534 7668 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
02:44:17.0556 7668 QWAVE - ok
02:44:17.0572 7668 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:44:17.0575 7668 QWAVEdrv - ok
02:44:17.0602 7668 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:44:17.0604 7668 RasAcd - ok
02:44:17.0640 7668 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:44:17.0642 7668 RasAgileVpn - ok
02:44:17.0667 7668 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
02:44:17.0682 7668 RasAuto - ok
02:44:17.0699 7668 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:44:17.0703 7668 Rasl2tp - ok
02:44:17.0769 7668 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
02:44:17.0783 7668 RasMan - ok
02:44:17.0811 7668 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:44:17.0815 7668 RasPppoe - ok
02:44:17.0833 7668 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:44:17.0837 7668 RasSstp - ok
02:44:17.0912 7668 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:44:17.0917 7668 rdbss - ok
02:44:17.0942 7668 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:44:17.0944 7668 rdpbus - ok
02:44:18.0009 7668 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:44:18.0011 7668 RDPCDD - ok
02:44:18.0056 7668 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:44:18.0058 7668 RDPENCDD - ok
02:44:18.0081 7668 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:44:18.0085 7668 RDPREFMP - ok
02:44:18.0154 7668 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
02:44:18.0158 7668 RDPWD - ok
02:44:18.0227 7668 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:44:18.0231 7668 rdyboost - ok
02:44:18.0275 7668 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
02:44:18.0285 7668 RemoteAccess - ok
02:44:18.0331 7668 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
02:44:18.0343 7668 RemoteRegistry - ok
02:44:18.0371 7668 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
02:44:18.0385 7668 RpcEptMapper - ok
02:44:18.0408 7668 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
02:44:18.0416 7668 RpcLocator - ok
02:44:18.0498 7668 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:44:18.0535 7668 RpcSs - ok
02:44:19.0212 7668 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:44:19.0217 7668 rspndr - ok
02:44:19.0280 7668 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:44:19.0294 7668 SamSs - ok
02:44:19.0365 7668 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:44:19.0370 7668 sbp2port - ok
02:44:19.0440 7668 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
02:44:19.0462 7668 SCardSvr - ok
02:44:19.0523 7668 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:44:19.0527 7668 scfilter - ok
02:44:19.0645 7668 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
02:44:19.0670 7668 Schedule - ok
02:44:19.0735 7668 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:44:19.0738 7668 SCPolicySvc - ok
02:44:19.0799 7668 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
02:44:19.0821 7668 SDRSVC - ok
02:44:19.0952 7668 SeagateDashboardService (2c542fb84b26459d437b22a9bc63c14d) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
02:44:19.0955 7668 SeagateDashboardService - ok
02:44:19.0997 7668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:44:20.0001 7668 secdrv - ok
02:44:20.0049 7668 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
02:44:20.0071 7668 seclogon - ok
02:44:20.0106 7668 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
02:44:20.0119 7668 SENS - ok
02:44:20.0143 7668 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:44:20.0145 7668 Serenum - ok
02:44:20.0171 7668 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:44:20.0174 7668 Serial - ok
02:44:20.0234 7668 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:44:20.0237 7668 sermouse - ok
02:44:20.0325 7668 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
02:44:20.0338 7668 SessionEnv - ok
02:44:20.0394 7668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:44:20.0396 7668 sffdisk - ok
02:44:20.0422 7668 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:44:20.0424 7668 sffp_mmc - ok
02:44:20.0451 7668 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:44:20.0453 7668 sffp_sd - ok
02:44:20.0491 7668 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:44:20.0493 7668 sfloppy - ok
02:44:20.0575 7668 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:44:20.0584 7668 Sftfs - ok
02:44:20.0695 7668 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
02:44:20.0704 7668 sftlist - ok
02:44:20.0741 7668 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:44:20.0746 7668 Sftplay - ok
02:44:20.0777 7668 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:44:20.0780 7668 Sftredir - ok
02:44:20.0842 7668 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:44:20.0845 7668 Sftvol - ok
02:44:20.0880 7668 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
02:44:20.0884 7668 sftvsa - ok
02:44:20.0955 7668 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
02:44:20.0967 7668 SharedAccess - ok
02:44:21.0703 7668 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
02:44:21.0729 7668 ShellHWDetection - ok
02:44:21.0794 7668 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:44:21.0796 7668 sisagp - ok
02:44:21.0821 7668 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:44:21.0824 7668 SiSRaid2 - ok
02:44:21.0855 7668 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:44:21.0858 7668 SiSRaid4 - ok
02:44:21.0944 7668 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
02:44:21.0950 7668 SkypeUpdate - ok
02:44:21.0987 7668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:44:21.0991 7668 Smb - ok
02:44:22.0050 7668 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
02:44:22.0067 7668 SNMPTRAP - ok
02:44:22.0093 7668 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:44:22.0096 7668 spldr - ok
02:44:22.0167 7668 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
02:44:22.0183 7668 Spooler - ok
02:44:22.0427 7668 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
02:44:22.0493 7668 sppsvc - ok
02:44:22.0653 7668 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
02:44:22.0682 7668 sppuinotify - ok
02:44:22.0783 7668 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:44:22.0792 7668 srv - ok
02:44:22.0843 7668 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:44:22.0849 7668 srv2 - ok
02:44:22.0881 7668 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:44:22.0885 7668 srvnet - ok
02:44:22.0930 7668 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
02:44:22.0949 7668 SSDPSRV - ok
02:44:22.0980 7668 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
02:44:22.0994 7668 SstpSvc - ok
02:44:23.0039 7668 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:44:23.0042 7668 stexstor - ok
02:44:23.0104 7668 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
02:44:23.0106 7668 StillCam - ok
02:44:23.0194 7668 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
02:44:23.0218 7668 StiSvc - ok
02:44:23.0283 7668 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:44:23.0286 7668 swenum - ok
02:44:23.0357 7668 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
02:44:23.0388 7668 swprv - ok
02:44:23.0465 7668 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
02:44:23.0471 7668 SynTP - ok
02:44:24.0239 7668 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
02:44:24.0287 7668 SysMain - ok
02:44:24.0358 7668 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
02:44:24.0383 7668 TabletInputService - ok
02:44:24.0476 7668 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
02:44:24.0503 7668 TapiSrv - ok
02:44:24.0544 7668 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
02:44:24.0559 7668 TBS - ok
02:44:24.0709 7668 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
02:44:24.0729 7668 Tcpip - ok
02:44:24.0765 7668 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
02:44:24.0781 7668 TCPIP6 - ok
02:44:24.0853 7668 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:44:24.0856 7668 tcpipreg - ok
02:44:24.0917 7668 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:44:24.0920 7668 TDPIPE - ok
02:44:24.0975 7668 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
02:44:24.0978 7668 TDTCP - ok
02:44:25.0032 7668 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:44:25.0035 7668 tdx - ok
02:44:25.0092 7668 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:44:25.0095 7668 TermDD - ok
02:44:25.0186 7668 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
02:44:25.0223 7668 TermService - ok
02:44:25.0289 7668 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
02:44:25.0309 7668 Themes - ok
02:44:25.0360 7668 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:44:25.0371 7668 THREADORDER - ok
02:44:25.0404 7668 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
02:44:25.0422 7668 TrkWks - ok
02:44:25.0512 7668 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
02:44:25.0518 7668 TrustedInstaller - ok
02:44:25.0555 7668 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:44:25.0560 7668 tssecsrv - ok
02:44:25.0622 7668 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:44:25.0627 7668 TsUsbFlt - ok
02:44:25.0692 7668 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:44:25.0697 7668 tunnel - ok
02:44:25.0742 7668 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:44:25.0746 7668 uagp35 - ok
02:44:25.0817 7668 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:44:25.0823 7668 udfs - ok
02:44:25.0893 7668 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
02:44:25.0910 7668 UI0Detect - ok
02:44:25.0975 7668 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:44:25.0980 7668 uliagpkx - ok
02:44:26.0652 7668 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:44:26.0658 7668 umbus - ok
02:44:26.0702 7668 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:44:26.0704 7668 UmPass - ok
02:44:26.0791 7668 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
02:44:26.0797 7668 Updater Service - ok
02:44:26.0863 7668 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
02:44:26.0889 7668 upnphost - ok
02:44:26.0951 7668 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:44:26.0955 7668 usbccgp - ok
02:44:27.0015 7668 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:44:27.0018 7668 usbcir - ok
02:44:27.0046 7668 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
02:44:27.0049 7668 usbehci - ok
02:44:27.0088 7668 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:44:27.0093 7668 usbhub - ok
02:44:27.0118 7668 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
02:44:27.0121 7668 usbohci - ok
02:44:27.0269 7668 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:44:27.0273 7668 usbprint - ok
02:44:27.0415 7668 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
02:44:27.0421 7668 usbscan - ok
02:44:27.0574 7668 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:44:27.0581 7668 USBSTOR - ok
02:44:27.0703 7668 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
02:44:27.0707 7668 usbuhci - ok
02:44:27.0991 7668 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
02:44:27.0998 7668 usbvideo - ok
02:44:28.0152 7668 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
02:44:28.0176 7668 UxSms - ok
02:44:28.0413 7668 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:44:28.0427 7668 VaultSvc - ok
02:44:29.0469 7668 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:44:29.0473 7668 vdrvroot - ok
02:44:30.0062 7668 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
02:44:30.0094 7668 vds - ok
02:44:30.0156 7668 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:44:30.0161 7668 vga - ok
02:44:30.0206 7668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:44:30.0209 7668 VgaSave - ok
02:44:30.0276 7668 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:44:30.0281 7668 vhdmp - ok
02:44:30.0305 7668 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:44:30.0308 7668 viaagp - ok
02:44:30.0330 7668 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:44:30.0334 7668 ViaC7 - ok
02:44:30.0361 7668 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:44:30.0363 7668 viaide - ok
02:44:30.0396 7668 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:44:30.0399 7668 volmgr - ok
02:44:30.0451 7668 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:44:30.0457 7668 volmgrx - ok
02:44:30.0493 7668 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:44:30.0497 7668 volsnap - ok
02:44:30.0534 7668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:44:30.0538 7668 vsmraid - ok
02:44:31.0035 7668 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
02:44:31.0076 7668 VSS - ok
02:44:31.0885 7668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
02:44:31.0891 7668 vwifibus - ok
02:44:32.0058 7668 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
02:44:32.0070 7668 vwififlt - ok
02:44:32.0277 7668 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
02:44:32.0300 7668 W32Time - ok
02:44:32.0375 7668 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:44:32.0377 7668 WacomPen - ok
02:44:32.0486 7668 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:32.0493 7668 WANARP - ok
02:44:32.0510 7668 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:44:32.0518 7668 Wanarpv6 - ok
02:44:32.0642 7668 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
02:44:32.0683 7668 wbengine - ok
02:44:32.0745 7668 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
02:44:32.0766 7668 WbioSrvc - ok
02:44:32.0919 7668 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
02:44:32.0946 7668 wcncsvc - ok
02:44:32.0983 7668 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
02:44:32.0999 7668 WcsPlugInService - ok
02:44:33.0055 7668 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:44:33.0060 7668 Wd - ok
02:44:33.0292 7668 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:44:33.0308 7668 Wdf01000 - ok
02:44:33.0475 7668 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:44:33.0491 7668 WdiServiceHost - ok
02:44:33.0504 7668 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:44:33.0523 7668 WdiSystemHost - ok
02:44:33.0598 7668 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
02:44:33.0624 7668 WebClient - ok
02:44:34.0309 7668 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
02:44:34.0335 7668 Wecsvc - ok
02:44:34.0382 7668 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
02:44:34.0407 7668 wercplsupport - ok
02:44:34.0440 7668 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
02:44:34.0456 7668 WerSvc - ok
02:44:34.0482 7668 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:44:34.0487 7668 WfpLwf - ok
02:44:34.0507 7668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:44:34.0512 7668 WIMMount - ok
02:44:34.0632 7668 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
02:44:34.0651 7668 WinDefend - ok
02:44:34.0683 7668 WinHttpAutoProxySvc - ok
02:44:34.0766 7668 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
02:44:34.0772 7668 Winmgmt - ok
02:44:34.0902 7668 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
02:44:34.0944 7668 WinRM - ok
02:44:35.0059 7668 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
02:44:35.0086 7668 Wlansvc - ok
02:44:35.0228 7668 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:44:35.0234 7668 wlcrasvc - ok
02:44:35.0504 7668 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:44:35.0534 7668 wlidsvc - ok
02:44:35.0693 7668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:44:35.0697 7668 WmiAcpi - ok
02:44:35.0785 7668 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
02:44:35.0794 7668 wmiApSrv - ok
02:44:35.0966 7668 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:44:35.0984 7668 WMPNetworkSvc - ok
02:44:36.0029 7668 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
02:44:36.0045 7668 WPCSvc - ok
02:44:36.0115 7668 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
02:44:36.0131 7668 WPDBusEnum - ok
02:44:36.0240 7668 wqalgitt - ok
02:44:36.0291 7668 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:44:36.0294 7668 ws2ifsl - ok
02:44:36.0758 7668 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
02:44:36.0788 7668 wscsvc - ok
02:44:36.0803 7668 WSearch - ok
02:44:37.0315 7668 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:44:37.0422 7668 wuauserv - ok
02:44:37.0655 7668 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:44:37.0663 7668 WudfPf - ok
02:44:37.0710 7668 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:44:37.0714 7668 WUDFRd - ok
02:44:37.0766 7668 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
02:44:37.0782 7668 wudfsvc - ok
02:44:37.0828 7668 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
02:44:37.0845 7668 WwanSvc - ok
02:44:37.0897 7668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:44:38.0128 7668 \Device\Harddisk0\DR0 - ok
02:44:38.0138 7668 Boot (0x1200) (f0b7dfdcd3ec87d3f6d284e18928e3da) \Device\Harddisk0\DR0\Partition0
02:44:38.0145 7668 \Device\Harddisk0\DR0\Partition0 - ok
02:44:38.0170 7668 Boot (0x1200) (5979c50ebdaeb914198ced7202aacd7d) \Device\Harddisk0\DR0\Partition1
02:44:38.0176 7668 \Device\Harddisk0\DR0\Partition1 - ok
02:44:38.0178 7668 ============================================================
02:44:38.0178 7668 Scan finished
02:44:38.0178 7668 ============================================================
02:44:38.0208 5220 Detected object count: 0
02:44:38.0208 5220 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 11:08:34
-----------------------------
11:08:34.070 OS Version: Windows 6.1.7601 Service Pack 1
11:08:34.071 Number of processors: 2 586 0x1C0A
11:08:34.075 ComputerName: LINDA-PC UserName: linda
11:08:37.655 Initialize success
11:08:39.470 AVAST engine defs: 12081400
11:16:38.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:16:38.142 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
11:16:38.187 Disk 0 MBR read successfully
11:16:38.195 Disk 0 MBR scan
11:16:38.205 Disk 0 Windows 7 default MBR code
11:16:38.239 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
11:16:38.268 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
11:16:38.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
11:16:38.316 Disk 0 scanning sectors +488394752
11:16:38.738 Disk 0 scanning C:\Windows\system32\drivers
11:17:21.000 Service scanning
11:18:17.216 Modules scanning
11:18:57.393 Disk 0 trace - called modules:
11:18:57.502 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:18:57.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ef5030]
11:18:57.537 3 CLASSPNP.SYS[86d8459e] -> nt!IofCallDriver -> [0x84455908]
11:18:57.554 5 ACPI.sys[8669f3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8378f028]
11:18:58.789 AVAST engine scan C:\Windows
11:19:10.490 AVAST engine scan C:\Windows\system32
11:24:47.479 AVAST engine scan C:\Windows\system32\drivers
11:25:19.857 AVAST engine scan C:\Users\linda
11:58:37.752 AVAST engine scan C:\ProgramData
12:04:23.296 Scan finished successfully
12:08:37.812 Disk 0 MBR has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\MBR.dat"
12:08:37.829 The log file has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\aswMBR final.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 11:08:34
-----------------------------
11:08:34.070 OS Version: Windows 6.1.7601 Service Pack 1
11:08:34.071 Number of processors: 2 586 0x1C0A
11:08:34.075 ComputerName: LINDA-PC UserName: linda
11:08:37.655 Initialize success
11:08:39.470 AVAST engine defs: 12081400
11:16:38.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:16:38.142 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
11:16:38.187 Disk 0 MBR read successfully
11:16:38.195 Disk 0 MBR scan
11:16:38.205 Disk 0 Windows 7 default MBR code
11:16:38.239 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
11:16:38.268 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
11:16:38.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
11:16:38.316 Disk 0 scanning sectors +488394752
11:16:38.738 Disk 0 scanning C:\Windows\system32\drivers
11:17:21.000 Service scanning
11:18:17.216 Modules scanning
11:18:57.393 Disk 0 trace - called modules:
11:18:57.502 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:18:57.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ef5030]
11:18:57.537 3 CLASSPNP.SYS[86d8459e] -> nt!IofCallDriver -> [0x84455908]
11:18:57.554 5 ACPI.sys[8669f3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8378f028]
11:18:58.789 AVAST engine scan C:\Windows
11:19:10.490 AVAST engine scan C:\Windows\system32
11:24:47.479 AVAST engine scan C:\Windows\system32\drivers
11:25:19.857 AVAST engine scan C:\Users\linda
11:58:37.752 AVAST engine scan C:\ProgramData
12:04:23.296 Scan finished successfully
12:08:37.812 Disk 0 MBR has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\MBR.dat"
12:08:37.829 The log file has been saved successfully to "C:\Users\linda\Desktop\scan logs and programs 08.2012\aswMBR final.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 14 August 2012 - 03:17 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 14 August 2012 - 03:17 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 August 2012 - 05:49 AM

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 8.0
Adobe Reader 9.5.1 MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
B010
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
BookSmart® 3.2.2 3.2.2
BufferChm
Canon MG5200 series MP Drivers
Chuzzle Deluxe
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
ENE USB Card Reader Driver
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
Final Drive Nitro
Galerie de photos Windows Live
Google Chrome
Google Update Helper
GPBaseService2
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart 5510 series - Enquête sur l'amélioration du produit
HP Photosmart 5510 series Aide
HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
Identity Card
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 31
Jewel Quest
Jewel Quest - Heritage
Jewel Quest Solitaire 2
Junk Mail filter update
jZip
Launch Manager
Logiciel de base du périphérique HP Photosmart 5510 series
Memeo AutoSync
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Office « Démarrer en un clic » 2010
Microsoft Office 2010
Microsoft Office Starter 2010 - Français
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox 14.0.1 (x86 fr)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF Codec
Nikon File Uploader 2
Nikon Message Center
Nikon Message Center 2
OpenOffice.org 3.3
Packard Bell Game Console
Packard Bell Games
Packard Bell InfoCentre
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Social Networks
Packard Bell Updater
Packard Bell XSync
Penguins!
Picture Control Utility
Plants vs. Zombies
Polar Bowler
PS_AIO_07_B010_SW_Min
QuickTime
Realtek High Definition Audio Driver
Scan
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veoh Giraffic Video Accelerator
Veoh Web Player
Video Web Camera
ViewNX 2
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
WebReg
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live FolderShare
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Yahoo! Detect
Zuma's Revenge
Zuma Deluxe

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 15 August 2012 - 09:48 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1 MUI
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 August 2012 - 12:52 PM

Hi Gringo,
Deleted the old acrobat reader and java files and downloaded the newest versions then did the CCleaner, etc. the only thing that is weird, that i caused myself, is when i was trying to get the extra log from combofix, i clicked on the combofix icon because i thought i had to start it before doing the windows key plus R. i was afraid to stop it so i let it go. it was supposed to make a log but just shut off the window. now my desktop screen is black. all the icons are there and working. it was never a screen that i could make wallpaper for and was just plain blue. it doesnt bother me but i hope i didn't mess something up.
everything seems to be fine. this computer runs slow normally because i've got too much stuff on it but it seems to be somewhat quicker. question: if i zipfile some photo files, for example, will that make them take up less space?
thanks,
linda

MBAM LOG
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
linda :: LINDA-PC [administrator]

15/08/2012 18:51:44
mbam-log-2012-08-15 (18-51-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197340
Time elapsed: 17 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:31, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\linda\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/102
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [OMEA] "C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AB04GJ305NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 25925 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 15 August 2012 - 01:00 PM

Greetings

question: if i zipfile some photo files, for example, will that make them take up less space? - I have never tried it, so I don't know how much space you would gain

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\linda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
      O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo

Edited by gringo_pr, 15 August 2012 - 01:01 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 paris painter

paris painter
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 August 2012 - 06:29 PM

unfortunatzely, eset online scanner found 2 bad files:


C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users