Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with virus Win32/Sirefef.R


  • This topic is locked This topic is locked
19 replies to this topic

#1 Tin01

Tin01

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 16 August 2012 - 01:31 AM

Hello there,

It seems that my computer has been infected with a virus. It was found through Microsoft Security Essentials but was unable to remove it.

I followed the preparation guide and here is the DDS log for my computer:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_33
Run by Mytien at 22:51:02 on 2012-08-15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1021.216 [GMT -7:00]
.
.
============== Running Processes ===============

.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\mytien\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PCHealthBoost] "c:\program files\pc healthboost\PCHealthBoost.exe" /s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4E1ACCE9-090C-4494-BBCF-B9DDC55DEDB4} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{979CD1F5-DEFB-4C6A-A232-E75305CCB202} : DhcpNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mytien\appdata\roaming\mozilla\firefox\profiles\se8amekw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\mytien\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-7-24 21728]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-7-24 285152]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-7-24 699896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-14 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-24 250056]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-14 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-7-24 50704]
.
=============== Created Last 30 ================
.
2012-08-15 21:21:47 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48649a42-3585-4f14-843a-23d8c52aa363}\offreg.dll
2012-08-15 16:31:10 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d039eef6-cf89-425e-985c-a6cad0ca8ecc}\gapaengine.dll
2012-08-15 16:29:55 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48649a42-3585-4f14-843a-23d8c52aa363}\mpengine.dll
2012-08-15 10:02:24 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-08-15 01:16:19 -------- d-----w- c:\program files\Enigma Software Group
2012-08-15 01:13:31 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-15 01:12:58 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-08-14 23:35:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 23:35:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-08 22:49:27 382464 ----a-w- c:\windows\system32\qmgr.dll
2012-08-08 21:17:07 -------- d-----w- c:\programdata\RegCure
2012-08-08 19:56:03 -------- d-----w- c:\users\mytien\appdata\roaming\Malwarebytes
2012-08-08 19:55:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 22:20:53 -------- d-----w- c:\program files\Xilisoft
2012-08-06 21:31:49 -------- d-----w- c:\users\mytien\appdata\roaming\ImTOO
2012-08-06 21:01:25 -------- d-----w- c:\users\mytien\appdata\roaming\Xilisoft
2012-07-21 10:06:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-07-20 00:52:41 -------- d-----w- c:\users\mytien\appdata\local\LogiShrd
2012-07-20 00:48:17 -------- d-----w- c:\program files\common files\LWS
2012-07-18 23:17:10 -------- d-----w- c:\program files\iPod
2012-07-18 23:16:41 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-08-14 21:07:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:07:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-30 22:02:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 22:02:29 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-04 07:04:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 22:52:49.31 ===============





I have also tried to run the GMER, but while running it, the blue screen appeared and restarted my computer. I tried it again but the same thing happened. I am using the Windows Vista Home Premium 32-bit.

Edit* I was able to successfully run the GMER scan in safe mode, and after it was done, it said there was no modifications and came back empty.

Any help will be appreciated. Thanks!!

Edited by Tin01, 16 August 2012 - 04:27 PM.


BC AdBot (Login to Remove)

 


#2 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 17 August 2012 - 06:00 PM

Here are the logs for the Farbar recovery scan.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 17-08-2012 15:43:43
Running from D:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-07-24] (Google)
HKLM\...\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent [5252936 2007-07-12] (SpareBackup, Inc.)
HKLM\...\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray [323216 2006-09-06] (Napster)
HKLM\...\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup [2348584 2006-11-16] (BigFix Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKU\Mytien\...\Run: [Google Update] "C:\Users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-24] (Google Inc.)
HKU\Mytien\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\Mytien\...\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
HKU\Mytien\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
HKU\Mytien\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-24] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-24] (Google)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [11736 2011-04-27] (Microsoft Corporation)
3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

========================== Drivers (Whitelisted) =============

3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [98408 2006-11-02] (Adaptec, Inc.)
3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [44288 2005-09-07] (Sonic Solutions)
1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [24960 2005-09-07] (Sonic Solutions)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-01] (Intel Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)
3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [14848 2006-11-02] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-17 15:43 - 2012-08-17 15:43 - 00000000 ____D C:\FRST
2012-08-17 02:02 - 2012-08-17 02:08 - 00000000 ____D C:\9c111a39e98bfba4475146fb8a
2012-08-16 12:30 - 2012-08-16 12:31 - 00143304 ____A C:\Windows\Minidump\Mini081612-01.dmp
2012-08-15 22:15 - 2012-08-15 22:15 - 00143304 ____A C:\Windows\Minidump\Mini081512-03.dmp
2012-08-15 22:11 - 2012-08-15 22:11 - 00143304 ____A C:\Windows\Minidump\Mini081512-02.dmp
2012-08-15 22:05 - 2012-08-15 22:05 - 00143304 ____A C:\Windows\Minidump\Mini081512-01.dmp
2012-08-15 22:02 - 2012-08-15 22:02 - 00000000 ____D C:\Users\Mytien\Desktop\gmer
2012-08-15 22:01 - 2012-08-15 22:01 - 00294216 ____A C:\Users\Mytien\Desktop\gmer.zip
2012-08-15 22:00 - 2012-08-15 22:00 - 00035230 ____A C:\Users\Mytien\Desktop\Attach.txt
2012-08-15 22:00 - 2012-08-15 22:00 - 00011655 ____A C:\Users\Mytien\Desktop\DDS.txt
2012-08-15 21:36 - 2012-08-15 21:36 - 00607260 ____R (Swearware) C:\Users\Mytien\Desktop\dds.com
2012-08-15 21:35 - 2012-08-15 21:36 - 00000474 ____A C:\Users\Mytien\Downloads\defogger_disable.log
2012-08-15 21:35 - 2012-08-15 21:35 - 00000000 ____A C:\Users\Mytien\defogger_reenable
2012-08-15 21:34 - 2012-08-15 21:34 - 00050477 ____A C:\Users\Mytien\Downloads\Defogger.exe
2012-08-14 18:55 - 2012-08-14 18:55 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-08-14 18:51 - 2012-08-17 14:06 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 18:51 - 2012-08-16 20:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-14 17:16 - 2012-08-14 17:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-14 17:13 - 2012-08-14 18:49 - 00000000 ____D C:\Windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-14 17:12 - 2012-08-14 17:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-08-14 15:36 - 2012-08-14 15:36 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 15:36 - 2012-08-14 15:36 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 15:35 - 2012-08-14 15:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-14 15:35 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-12 09:51 - 2012-08-12 09:51 - 00143304 ____A C:\Windows\Minidump\Mini081212-01.dmp
2012-08-08 15:54 - 2012-08-08 15:58 - 00002794 ____A C:\Windows\bitssetup.log
2012-08-08 14:49 - 2012-08-08 14:49 - 00382464 ____A (Microsoft Corporation) C:\Windows\System32\qmgr.dll
2012-08-08 14:40 - 2012-08-08 14:40 - 00000176 ____A C:\Users\Mytien\My Documents\BITS_fix.bat
2012-08-08 14:40 - 2012-08-08 14:40 - 00000176 ____A C:\Users\Mytien\Documents\BITS_fix.bat
2012-08-08 14:31 - 2012-08-08 14:34 - 00001136 ____A C:\Windows\BitsRepairTool.log
2012-08-08 13:17 - 2012-08-08 13:24 - 00000000 ____D C:\Users\All Users\RegCure
2012-08-08 13:17 - 2012-08-08 13:24 - 00000000 ____D C:\Users\All Users\Application Data\RegCure
2012-08-08 12:54 - 2012-08-08 16:26 - 01949696 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2012-08-08 12:54 - 2012-08-08 16:26 - 00114688 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2012-08-08 12:54 - 2012-08-08 16:26 - 00016384 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2012-08-08 11:56 - 2012-08-08 11:56 - 00000000 ____D C:\Users\Mytien\Application Data\Malwarebytes
2012-08-08 11:56 - 2012-08-08 11:56 - 00000000 ____D C:\Users\Mytien\AppData\Roaming\Malwarebytes
2012-08-08 11:55 - 2012-08-08 11:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-08 11:55 - 2012-08-08 11:55 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-08 11:54 - 2012-08-08 11:54 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mytien\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-06 14:20 - 2012-08-06 14:20 - 00000000 ____D C:\Program Files\Xilisoft
2012-08-06 14:10 - 2012-08-06 14:10 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521 (2).torrent
2012-08-06 14:07 - 2012-08-06 14:07 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521.torrent
2012-08-06 14:07 - 2012-08-06 14:07 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521 (1).torrent
2012-08-06 13:31 - 2012-08-06 13:31 - 00000000 ____D C:\Users\Mytien\Application Data\ImTOO
2012-08-06 13:31 - 2012-08-06 13:31 - 00000000 ____D C:\Users\Mytien\AppData\Roaming\ImTOO
2012-08-06 13:01 - 2012-08-06 14:21 - 00000000 ____D C:\Users\Mytien\Application Data\Xilisoft
2012-08-06 13:01 - 2012-08-06 14:21 - 00000000 ____D C:\Users\Mytien\AppData\Roaming\Xilisoft
2012-07-21 02:06 - 2012-07-21 02:06 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2012-07-19 16:58 - 2012-07-19 16:58 - 00000000 ____D C:\Users\All Users\LogiShrd
2012-07-19 16:58 - 2012-07-19 16:58 - 00000000 ____D C:\Users\All Users\Application Data\LogiShrd
2012-07-19 16:52 - 2012-08-06 17:05 - 00000000 ____D C:\Users\Mytien\Local Settings\LogiShrd
2012-07-19 16:52 - 2012-08-06 17:05 - 00000000 ____D C:\Users\Mytien\Local Settings\Application Data\LogiShrd
2012-07-19 16:52 - 2012-08-06 17:05 - 00000000 ____D C:\Users\Mytien\AppData\Local\LogiShrd
2012-07-19 16:49 - 2012-07-19 16:49 - 00000000 ____D C:\Users\Mytien\Application Data\Leadertech
2012-07-19 16:49 - 2012-07-19 16:49 - 00000000 ____D C:\Users\Mytien\AppData\Roaming\Leadertech
2012-07-19 16:48 - 2012-08-08 13:12 - 00000000 ____D C:\Program Files\Common Files\LWS
2012-07-19 16:48 - 2012-07-19 16:48 - 00000000 ____D C:\Users\All Users\Logitech
2012-07-19 16:48 - 2012-07-19 16:48 - 00000000 ____D C:\Users\All Users\Application Data\Logitech
2012-07-18 15:20 - 2012-07-18 15:20 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-18 15:20 - 2012-07-18 15:20 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-18 15:17 - 2012-07-18 15:17 - 00000000 ____D C:\Program Files\iPod
2012-07-18 15:16 - 2012-07-18 15:20 - 00000000 ____D C:\Program Files\iTunes
2012-07-18 13:05 - 2012-07-18 13:08 - 00000000 ____D C:\Program Files\QuickTime

============ 3 Months Modified Files ========================

2012-08-17 14:39 - 2006-11-02 05:01 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-17 14:39 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-17 14:06 - 2012-08-14 18:51 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-17 14:06 - 2012-06-24 19:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-17 13:55 - 2006-11-02 04:47 - 00003200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-17 13:55 - 2006-11-02 04:47 - 00003200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-17 13:47 - 2011-07-24 19:34 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000UA.job
2012-08-17 10:18 - 2011-07-18 19:50 - 01513604 ____A C:\Windows\WindowsUpdate.log
2012-08-17 09:47 - 2011-07-24 19:34 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000Core.job
2012-08-17 08:55 - 2011-09-11 02:02 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-08-17 02:08 - 2011-07-24 19:36 - 00002113 ____A C:\Windows\epplauncher.mif
2012-08-16 20:06 - 2012-08-14 18:51 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-16 13:35 - 2006-11-02 02:33 - 00716774 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-16 12:31 - 2012-08-16 12:30 - 00143304 ____A C:\Windows\Minidump\Mini081612-01.dmp
2012-08-16 12:30 - 2011-07-25 12:13 - 167943235 ____A C:\Windows\MEMORY.DMP
2012-08-16 02:06 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-15 22:15 - 2012-08-15 22:15 - 00143304 ____A C:\Windows\Minidump\Mini081512-03.dmp
2012-08-15 22:11 - 2012-08-15 22:11 - 00143304 ____A C:\Windows\Minidump\Mini081512-02.dmp
2012-08-15 22:05 - 2012-08-15 22:05 - 00143304 ____A C:\Windows\Minidump\Mini081512-01.dmp
2012-08-15 22:01 - 2012-08-15 22:01 - 00294216 ____A C:\Users\Mytien\Desktop\gmer.zip
2012-08-15 22:00 - 2012-08-15 22:00 - 00035230 ____A C:\Users\Mytien\Desktop\Attach.txt
2012-08-15 22:00 - 2012-08-15 22:00 - 00011655 ____A C:\Users\Mytien\Desktop\DDS.txt
2012-08-15 21:47 - 2011-07-18 20:59 - 00332740 ____A C:\Windows\PFRO.log
2012-08-15 21:36 - 2012-08-15 21:36 - 00607260 ____R (Swearware) C:\Users\Mytien\Desktop\dds.com
2012-08-15 21:36 - 2012-08-15 21:35 - 00000474 ____A C:\Users\Mytien\Downloads\defogger_disable.log
2012-08-15 21:35 - 2012-08-15 21:35 - 00000000 ____A C:\Users\Mytien\defogger_reenable
2012-08-15 21:34 - 2012-08-15 21:34 - 00050477 ____A C:\Users\Mytien\Downloads\Defogger.exe
2012-08-14 18:55 - 2012-08-14 18:55 - 00000049 ____A C:\Windows\NeroDigital.ini
2012-08-14 16:03 - 2011-07-24 19:35 - 00002047 ____A C:\Users\Mytien\Desktop\Google Chrome.lnk
2012-08-14 15:36 - 2012-08-14 15:36 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 15:36 - 2012-08-14 15:36 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 13:07 - 2012-06-24 19:19 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 13:07 - 2011-08-27 11:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-12 09:51 - 2012-08-12 09:51 - 00143304 ____A C:\Windows\Minidump\Mini081212-01.dmp
2012-08-08 16:26 - 2012-08-08 12:54 - 01949696 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2012-08-08 16:26 - 2012-08-08 12:54 - 00114688 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2012-08-08 16:26 - 2012-08-08 12:54 - 00016384 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2012-08-08 15:58 - 2012-08-08 15:54 - 00002794 ____A C:\Windows\bitssetup.log
2012-08-08 14:49 - 2012-08-08 14:49 - 00382464 ____A (Microsoft Corporation) C:\Windows\System32\qmgr.dll
2012-08-08 14:40 - 2012-08-08 14:40 - 00000176 ____A C:\Users\Mytien\My Documents\BITS_fix.bat
2012-08-08 14:40 - 2012-08-08 14:40 - 00000176 ____A C:\Users\Mytien\Documents\BITS_fix.bat
2012-08-08 14:34 - 2012-08-08 14:31 - 00001136 ____A C:\Windows\BitsRepairTool.log
2012-08-08 11:54 - 2012-08-08 11:54 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mytien\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-06 14:10 - 2012-08-06 14:10 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521 (2).torrent
2012-08-06 14:07 - 2012-08-06 14:07 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521.torrent
2012-08-06 14:07 - 2012-08-06 14:07 - 00013335 ____A C:\Users\Mytien\Downloads\3B0B0C9819BD0BD14523D753AC4EA77AC88AC521 (1).torrent
2012-08-06 14:01 - 2012-05-15 18:48 - 00000101 ____A C:\Users\Mytien\AppData\default.pls
2012-08-06 13:00 - 2011-07-19 15:02 - 00045056 ____A C:\Users\Mytien\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-06 13:00 - 2011-07-19 15:02 - 00045056 ____A C:\Users\Mytien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-06 13:00 - 2011-07-19 15:02 - 00045056 ____A C:\Users\Mytien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-19 16:36 - 2011-09-11 02:02 - 00007011 ____A C:\Windows\System32\lvcoinst.log
2012-07-18 15:20 - 2012-07-18 15:20 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-18 15:20 - 2012-07-18 15:20 - 00001664 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-05 11:14 - 2012-05-29 18:00 - 00000680 ____A C:\Users\Mytien\Local Settings\d3d9caps.dat
2012-07-05 11:14 - 2012-05-29 18:00 - 00000680 ____A C:\Users\Mytien\Local Settings\Application Data\d3d9caps.dat
2012-07-05 11:14 - 2012-05-29 18:00 - 00000680 ____A C:\Users\Mytien\AppData\Local\d3d9caps.dat
2012-07-03 12:46 - 2012-08-14 15:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 14:02 - 2012-06-30 14:02 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-30 14:02 - 2012-06-30 14:02 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-30 14:02 - 2012-06-30 14:02 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-30 14:02 - 2012-06-30 14:02 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-30 14:02 - 2011-10-22 12:11 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-22 22:03 - 2012-06-22 22:03 - 00143304 ____A C:\Windows\Minidump\Mini062212-01.dmp
2012-06-20 17:24 - 2011-09-07 21:03 - 00001078 ___AH C:\IPH.PH
2012-06-20 17:23 - 2011-09-07 21:04 - 00001696 ____A C:\Users\Public\Desktop\AIM.lnk
2012-06-20 17:23 - 2011-09-07 21:04 - 00001696 ____A C:\Users\All Users\Desktop\AIM.lnk
2012-06-20 17:20 - 2012-06-20 17:20 - 00143304 ____A C:\Windows\Minidump\Mini062012-01.dmp
2012-06-06 19:59 - 2012-06-06 19:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-06 17:29 - 2012-06-06 17:29 - 00143304 ____A C:\Windows\Minidump\Mini060612-01.dmp
2012-06-01 01:44 - 2012-06-01 01:44 - 00143304 ____A C:\Windows\Minidump\Mini060112-01.dmp


ZeroAccess:
C:\Windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}
C:\Windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}\@
C:\Windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}\L
C:\Windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}\U

ZeroAccess:
C:\Users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}
C:\Users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\@
C:\Users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\L
C:\Users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\n
C:\Users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 1020.63 MB
Available physical RAM: 778.13 MB
Total Pagefile: 985.58 MB
Available Pagefile: 839.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:287.92 GB) (Free:204.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (UNTITLED) (Removable) (Total:3.72 GB) (Free:2.09 GB) FAT32
8 Drive r: (MS-RAMDRIVE) (Fixed) (Total:0.01 GB) (Free:0.01 GB) FAT
9 Drive x: (RECOVERY) (Fixed) (Total:10.17 GB) (Free:4.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1528 KB
Disk 1 Online 3822 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 32 KB
Partition 2 Primary 288 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 X RECOVERY NTFS Partition 10 GB Healthy Boot

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3821 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 D UNTITLED FAT32 Removable 3821 MB Healthy

==================================================================================

Last Boot: 2012-08-16 13:38

======================= End Of Log ==========================



Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-17 15:44:59
Running from D:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\WINDOWS\System32\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2012-08-13 00:06] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

=== End Of Search ===

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 01:44 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 August 2012 - 01:23 PM

Thanks for replying, Gringo!
My computer so far has been running normally, just like it has been, but I will probably need a day to see if MSE is still detecting the virus.
Here are the logs from the scans.

Security check:
Results of screen317's Security Check version 0.99.46
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 6.0 Firefox out of Date!
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Combofix log:
ComboFix 12-08-18.03 - Mytien 08/19/2012 10:45:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1021.274 [GMT -7:00]
Running from: c:\users\Mytien\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}
c:\users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\@
c:\users\Mytien\AppData\Local\{b417603b-0908-e518-1ec5-69c03495cd60}\n
c:\windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}
c:\windows\Installer\{b417603b-0908-e518-1ec5-69c03495cd60}\@
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
H:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 17:14 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75EC0F58-5FF6-456C-A895-8B12E1FC8D8C}\gapaengine.dll
2012-08-19 17:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E80C2CDC-D616-4378-9504-424B97DE65E5}\mpengine.dll
2012-08-19 10:01 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-17 23:43 . 2012-08-17 23:43 -------- d-----w- C:\FRST
2012-08-15 01:16 . 2012-08-15 01:16 -------- d-----w- c:\program files\Enigma Software Group
2012-08-15 01:13 . 2012-08-15 02:49 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-15 01:12 . 2012-08-15 01:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-14 23:35 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 23:35 . 2012-08-14 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-08 22:49 . 2012-08-08 22:49 382464 ----a-w- c:\windows\system32\qmgr.dll
2012-08-08 21:17 . 2012-08-08 21:24 -------- d-----w- c:\programdata\RegCure
2012-08-08 19:56 . 2012-08-08 19:56 -------- d-----w- c:\users\Mytien\AppData\Roaming\Malwarebytes
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 22:20 . 2012-08-06 22:20 -------- d-----w- c:\program files\Xilisoft
2012-08-06 21:31 . 2012-08-06 21:31 -------- d-----w- c:\users\Mytien\AppData\Roaming\ImTOO
2012-08-06 21:01 . 2012-08-06 22:21 -------- d-----w- c:\users\Mytien\AppData\Roaming\Xilisoft
2012-07-21 10:06 . 2012-07-21 10:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:07 . 2012-06-25 03:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:07 . 2011-08-27 19:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-30 22:02 . 2012-06-30 22:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 22:02 . 2011-10-22 20:11 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 08:44 . 2011-07-26 04:17 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
2011-09-07 13:00 . 2011-08-14 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-08 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\System32\qmgr.dll
[7] 2011-07-26 . F1148566FA5173A4FD48AF8E8BC09401 . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll
[7] 2011-07-26 . DA551697E34D2B9943C8B1C8EAFFE89A . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[7] 2008-01-19 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[7] 2006-11-02 . 733FB484A06B9D6A44DD9CA1D3BE937B . 749568 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-25 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-7-24 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 21:07]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-15 02:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-15 02:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000Core.job
- c:\users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 03:34]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000UA.job
- c:\users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 03:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mytien\AppData\Roaming\Mozilla\Firefox\Profiles\se8amekw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-19 11:01
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-08-19 11:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 18:09
.
Pre-Run: 212,497,354,752 bytes free
Post-Run: 215,570,669,568 bytes free
.
- - End Of File - - 50B3C3ADC32CD0A8BBDA7FD30BADFE99

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 01:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 August 2012 - 03:25 PM

Here are the results.

tdsskiller log:
12:24:41.0014 3200 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:24:41.0496 3200 ============================================================
12:24:41.0496 3200 Current date / time: 2012/08/19 12:24:41.0496
12:24:41.0496 3200 SystemInfo:
12:24:41.0496 3200
12:24:41.0497 3200 OS Version: 6.0.6000 ServicePack: 0.0
12:24:41.0497 3200 Product type: Workstation
12:24:41.0497 3200 ComputerName: MYTIEN-PC
12:24:41.0497 3200 UserName: Mytien
12:24:41.0497 3200 Windows directory: C:\Windows
12:24:41.0497 3200 System windows directory: C:\Windows
12:24:41.0497 3200 Processor architecture: Intel x86
12:24:41.0497 3200 Number of processors: 2
12:24:41.0497 3200 Page size: 0x1000
12:24:41.0497 3200 Boot type: Normal boot
12:24:41.0497 3200 ============================================================
12:24:42.0298 3200 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:24:42.0312 3200 Drive \Device\Harddisk1\DR1 - Size: 0xEEDF8000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:24:42.0335 3200 ============================================================
12:24:42.0335 3200 \Device\Harddisk0\DR0:
12:24:42.0335 3200 MBR partitions:
12:24:42.0335 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1454A30
12:24:42.0335 3200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1454A6F, BlocksNum 0x23FD8C52
12:24:42.0335 3200 \Device\Harddisk1\DR1:
12:24:42.0336 3200 MBR partitions:
12:24:42.0336 3200 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x776A81
12:24:42.0336 3200 ============================================================
12:24:42.0372 3200 C: <-> \Device\Harddisk0\DR0\Partition2
12:24:42.0390 3200 H: <-> \Device\Harddisk0\DR0\Partition1
12:24:42.0390 3200 ============================================================
12:24:42.0390 3200 Initialize success
12:24:42.0390 3200 ============================================================
12:24:44.0858 3516 ============================================================
12:24:44.0858 3516 Scan started
12:24:44.0858 3516 Mode: Manual;
12:24:44.0858 3516 ============================================================
12:24:45.0506 3516 ================ Scan services =============================
12:24:45.0668 3516 [ 4b56caafed0b0b996341d74ce0e76565 ] ac97intc C:\Windows\system32\drivers\ac97intc.sys
12:24:45.0671 3516 ac97intc - ok
12:24:45.0703 3516 [ 84fc6df81212d16be5c4f441682feccc ] ACPI C:\Windows\system32\drivers\acpi.sys
12:24:45.0709 3516 ACPI - ok
12:24:45.0791 3516 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:24:45.0796 3516 AdobeFlashPlayerUpdateSvc - ok
12:24:45.0855 3516 [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:24:45.0872 3516 adp94xx - ok
12:24:45.0891 3516 [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:24:45.0898 3516 adpahci - ok
12:24:45.0912 3516 [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:24:45.0915 3516 adpu160m - ok
12:24:45.0931 3516 [ 9ae713f8e30efc2abccd84904333df4d ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:24:45.0934 3516 adpu320 - ok
12:24:46.0000 3516 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:24:46.0001 3516 AeLookupSvc - ok
12:24:46.0055 3516 [ 5d24caf8efd924a875698ff28384db8b ] AFD C:\Windows\system32\drivers\afd.sys
12:24:46.0060 3516 AFD - ok
12:24:46.0116 3516 [ ef23439cdd587f64c2c1b8825cead7d8 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:24:46.0118 3516 agp440 - ok
12:24:46.0163 3516 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:24:46.0166 3516 aic78xx - ok
12:24:46.0181 3516 [ e69fb0e3112c40fdc0ef7d21a52dc951 ] ALG C:\Windows\System32\alg.exe
12:24:46.0183 3516 ALG - ok
12:24:46.0205 3516 [ 90395b64600ebb4552e26e178c94b2e4 ] aliide C:\Windows\system32\drivers\aliide.sys
12:24:46.0206 3516 aliide - ok
12:24:46.0239 3516 [ 2b13e304c9dfdfa5eb582f6a149fa2c7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:24:46.0241 3516 amdagp - ok
12:24:46.0258 3516 [ 0577df1d323fe75a739c787893d300ea ] amdide C:\Windows\system32\drivers\amdide.sys
12:24:46.0259 3516 amdide - ok
12:24:46.0301 3516 [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:24:46.0303 3516 AmdK7 - ok
12:24:46.0353 3516 [ 0ca0071da4315b00fc1328ca86b425da ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:24:46.0369 3516 AmdK8 - ok
12:24:46.0387 3516 [ cfa455816879f06f1c4e5bbf9e8aef7d ] Appinfo C:\Windows\System32\appinfo.dll
12:24:46.0388 3516 Appinfo - ok
12:24:46.0482 3516 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:46.0485 3516 Apple Mobile Device - ok
12:24:46.0544 3516 [ 5f673180268bb1fdb69c99b6619fe379 ] arc C:\Windows\system32\drivers\arc.sys
12:24:46.0547 3516 arc - ok
12:24:46.0590 3516 [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:24:46.0592 3516 arcsas - ok
12:24:46.0637 3516 [ e86cf7ce67d5de898f27ef884dc357d8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:46.0638 3516 AsyncMac - ok
12:24:46.0653 3516 [ b35cfcef838382ab6490b321c87edf17 ] atapi C:\Windows\system32\drivers\atapi.sys
12:24:46.0654 3516 atapi - ok
12:24:46.0691 3516 [ e760fc1bd68f7f6f1b17eb4e8d9480b0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:24:46.0695 3516 AudioEndpointBuilder - ok
12:24:46.0705 3516 [ e760fc1bd68f7f6f1b17eb4e8d9480b0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:24:46.0708 3516 Audiosrv - ok
12:24:46.0754 3516 [ 08015d34f6fdd0b355805bad978497c3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
12:24:46.0755 3516 bcm4sbxp - ok
12:24:46.0826 3516 [ 601259276b934f0c938bff4f558c5691 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
12:24:46.0850 3516 BCMH43XX - ok
12:24:46.0892 3516 [ ac3dd1708b22761ebd7cbe14dcc3b5d7 ] Beep C:\Windows\system32\drivers\Beep.sys
12:24:46.0893 3516 Beep - ok
12:24:46.0951 3516 [ 98ebdffb824a7c265337d68dd480e45c ] BFE C:\Windows\System32\bfe.dll
12:24:46.0957 3516 BFE - ok
12:24:47.0025 3516 [ 2c69ec7e5a311334d10dd95f338fccea ] BITS C:\Windows\system32\qmgr.dll
12:24:47.0042 3516 BITS - ok
12:24:47.0050 3516 blbdrive - ok
12:24:47.0117 3516 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:24:47.0133 3516 Bonjour Service - ok
12:24:47.0172 3516 [ 913cd06fbe9105ce6077e90fd4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:24:47.0174 3516 bowser - ok
12:24:47.0222 3516 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:24:47.0224 3516 BrFiltLo - ok
12:24:47.0242 3516 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:24:47.0243 3516 BrFiltUp - ok
12:24:47.0266 3516 [ beb6470532b7461d7bb426e3facb424f ] Browser C:\Windows\System32\browser.dll
12:24:47.0268 3516 Browser - ok
12:24:47.0312 3516 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:24:47.0314 3516 Brserid - ok
12:24:47.0347 3516 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:24:47.0349 3516 BrSerWdm - ok
12:24:47.0397 3516 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:24:47.0397 3516 BrUsbMdm - ok
12:24:47.0398 3516 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:24:47.0398 3516 BrUsbSer - ok
12:24:47.0431 3516 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:24:47.0433 3516 BTHMODEM - ok
12:24:47.0463 3516 catchme - ok
12:24:47.0498 3516 [ 6c3a437fc873c6f6a4fc620b6888cb86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:24:47.0500 3516 cdfs - ok
12:24:47.0552 3516 [ 814acb9b8a55804d9878248b3c79f862 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
12:24:47.0554 3516 Cdr4_xp - ok
12:24:47.0565 3516 [ bce7213f8aa1bc9d5c08f81cb05e10a7 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
12:24:47.0566 3516 Cdralw2k - ok
12:24:47.0621 3516 [ 8d1866e61af096ae8b582454f5e4d303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:24:47.0624 3516 cdrom - ok
12:24:47.0666 3516 [ 0600e04315fe543802a379d5d23c8be0 ] CertPropSvc C:\Windows\System32\certprop.dll
12:24:47.0667 3516 CertPropSvc - ok
12:24:47.0684 3516 [ da8e0afc7baa226c538ef53ac2f90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:24:47.0686 3516 circlass - ok
12:24:47.0713 3516 [ 1b84fd0937d3b99af9ba38ddff3daf54 ] CLFS C:\Windows\system32\CLFS.sys
12:24:47.0717 3516 CLFS - ok
12:24:47.0768 3516 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:47.0771 3516 clr_optimization_v2.0.50727_32 - ok
12:24:47.0833 3516 [ 0fed59edb4a83ff17f1778827b88ab1a ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:24:47.0834 3516 CmBatt - ok
12:24:47.0852 3516 [ 45201046c776ffdaf3fc8a0029c581c8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:24:47.0853 3516 cmdide - ok
12:24:47.0864 3516 [ 722936afb75a7f509662b69b5632f48a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:24:47.0866 3516 Compbatt - ok
12:24:47.0890 3516 COMSysApp - ok
12:24:47.0901 3516 [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:24:47.0903 3516 crcdisk - ok
12:24:47.0933 3516 [ 22a7f883508176489f559ee745b5bf5d ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:24:47.0935 3516 Crusoe - ok
12:24:47.0995 3516 [ 1c26fb097170a2a91066d1e3a24366e3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:24:47.0998 3516 CryptSvc - ok
12:24:48.0061 3516 [ 7b981222a257d076885bffb66f19b7ce ] DcomLaunch C:\Windows\system32\rpcss.dll
12:24:48.0079 3516 DcomLaunch - ok
12:24:48.0100 3516 [ a7179de59ae269ab70345527894ccd7c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:24:48.0103 3516 DfsC - ok
12:24:48.0206 3516 [ e0d584aa76c7d845ba9f3a788260528f ] DFSR C:\Windows\system32\DFSR.exe
12:24:48.0272 3516 DFSR - ok
12:24:48.0328 3516 [ dc45739bc22d528d2b3e50d3f6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:24:48.0334 3516 Dhcp - ok
12:24:48.0412 3516 [ 841af4c4d41d3e3b2f244e976b0f7963 ] disk C:\Windows\system32\drivers\disk.sys
12:24:48.0412 3516 disk - ok
12:24:48.0428 3516 [ eecba1dd142bf8693c476be8f32fe253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:24:48.0429 3516 Dnscache - ok
12:24:48.0436 3516 [ 1f795d214820e496bf1124434a6db546 ] dot3svc C:\Windows\System32\dot3svc.dll
12:24:48.0440 3516 dot3svc - ok
12:24:48.0493 3516 [ 032c90ad677bf7b7a8013d6087c7a921 ] DPS C:\Windows\system32\dps.dll
12:24:48.0497 3516 DPS - ok
12:24:48.0539 3516 [ ee472cd2c01f6f8e8aa1fa06ffef61b6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:24:48.0541 3516 drmkaud - ok
12:24:48.0571 3516 [ 334988883de69adb27e2cf9f9715bbdb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:24:48.0588 3516 DXGKrnl - ok
12:24:48.0611 3516 [ 5c940a174dfb2c42b9f6ba6edc2baa0b ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
12:24:48.0614 3516 E100B - ok
12:24:48.0660 3516 [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:24:48.0664 3516 E1G60 - ok
12:24:48.0698 3516 EagleXNt - ok
12:24:48.0729 3516 [ 90a0a875642e18618010645311b4e89e ] EapHost C:\Windows\System32\eapsvc.dll
12:24:48.0731 3516 EapHost - ok
12:24:48.0784 3516 [ 0efc7531b936ee57fdb4e837664c509f ] Ecache C:\Windows\system32\drivers\ecache.sys
12:24:48.0787 3516 Ecache - ok
12:24:48.0845 3516 [ b4580122b0a7b263b6ee9acba69c8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:24:48.0850 3516 ehRecvr - ok
12:24:48.0868 3516 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
12:24:48.0871 3516 ehSched - ok
12:24:48.0910 3516 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
12:24:48.0912 3516 ehstart - ok
12:24:48.0945 3516 [ e8f3f21a71720c84bcf423b80028359f ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:24:48.0951 3516 elxstor - ok
12:24:49.0011 3516 [ 3226fda08988526e819e364e8cce4cee ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:24:49.0112 3516 EMDMgmt - ok
12:24:49.0191 3516 esgiguard - ok
12:24:49.0233 3516 [ 7b4971c3d43525175a4ea0d143e0412e ] EventSystem C:\Windows\system32\es.dll
12:24:49.0238 3516 EventSystem - ok
12:24:49.0263 3516 [ 84a317cb0b3954d3768cdcd018dbf670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:24:49.0266 3516 fastfat - ok
12:24:49.0301 3516 [ 63bdada84951b9c03e641800e176898a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:24:49.0302 3516 fdc - ok
12:24:49.0336 3516 [ e43bce1a77d6fd4ed5f8e0482b9e7df1 ] fdPHost C:\Windows\system32\fdPHost.dll
12:24:49.0338 3516 fdPHost - ok
12:24:49.0394 3516 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:24:49.0396 3516 FDResPub - ok
12:24:49.0437 3516 [ 65773d6115c037ffd7ef8280ae85eb9d ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:24:49.0437 3516 FileInfo - ok
12:24:49.0452 3516 [ c226dd0de060745f3e042f58dcf78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:24:49.0452 3516 Filetrace - ok
12:24:49.0453 3516 [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:24:49.0453 3516 flpydisk - ok
12:24:49.0453 3516 [ a6a8da7ae4d53394ab22ac3ab6d3f5d3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:24:49.0456 3516 FltMgr - ok
12:24:49.0502 3516 [ c9be08664611ddaf98e2331e9288b00b ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:24:49.0504 3516 FontCache3.0.0.0 - ok
12:24:49.0533 3516 [ 66a078591208baa210c7634b11eb392c ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:24:49.0535 3516 Fs_Rec - ok
12:24:49.0566 3516 [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:24:49.0568 3516 gagp30kx - ok
12:24:49.0622 3516 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:49.0624 3516 GEARAspiWDM - ok
12:24:49.0712 3516 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:24:49.0713 3516 GoogleDesktopManager-051210-111108 - ok
12:24:49.0758 3516 [ bcf6589c42d8f6a20f33ef133ffe0524 ] gpsvc C:\Windows\System32\gpsvc.dll
12:24:49.0775 3516 gpsvc - ok
12:24:49.0819 3516 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:24:49.0822 3516 gupdate - ok
12:24:49.0847 3516 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:24:49.0849 3516 gupdatem - ok
12:24:49.0885 3516 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:24:49.0890 3516 gusvc - ok
12:24:49.0928 3516 [ cb04c744be0a61b1d648faed182c3b59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:24:49.0932 3516 HdAudAddService - ok
12:24:49.0963 3516 [ 0db613a7e427b5663563677796fd5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:24:49.0965 3516 HDAudBus - ok
12:24:49.0986 3516 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:24:49.0988 3516 HidBth - ok
12:24:50.0003 3516 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
12:24:50.0004 3516 HidIr - ok
12:24:50.0052 3516 [ 8fa640195279ace21bea91396a0054fc ] hidserv C:\Windows\System32\hidserv.dll
12:24:50.0055 3516 hidserv - ok
12:24:50.0081 3516 [ 01e7971e9f4bd6ac6a08db52d0ea0418 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:24:50.0083 3516 HidUsb - ok
12:24:50.0108 3516 [ d40aa05e29bf6ed29b139f044b461e9b ] hkmsvc C:\Windows\system32\kmsvc.dll
12:24:50.0111 3516 hkmsvc - ok
12:24:50.0138 3516 [ df353b401001246853763c4b7aaa6f50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:24:50.0140 3516 HpCISSs - ok
12:24:50.0204 3516 [ 9efa5fec26cec696a66a891ac90b412d ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:24:50.0247 3516 HSF_DPV - ok
12:24:50.0263 3516 [ a3077d9ed7ff612a033536a6009dbea5 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
12:24:50.0269 3516 HSXHWBS2 - ok
12:24:50.0364 3516 [ ea24fe637d974a8a31bc650f478e3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:24:50.0386 3516 HTTP - ok
12:24:50.0422 3516 [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:24:50.0423 3516 i2omp - ok
12:24:50.0531 3516 [ 1c9ee072baa3abb460b91d7ee9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:24:50.0534 3516 i8042prt - ok
12:24:50.0716 3516 [ 8318e04a6455ced1020bcc5039b62cfa ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
12:24:50.0960 3516 ialm - ok
12:24:51.0014 3516 [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:24:51.0020 3516 iaStorV - ok
12:24:51.0136 3516 [ 7b630acaed64fef0c3e1cf255cb56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:24:51.0242 3516 idsvc - ok
12:24:51.0263 3516 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:24:51.0264 3516 iirsp - ok
12:24:51.0324 3516 [ 35662fe4d8622f667aa5a5568f7f1b40 ] IKEEXT C:\Windows\System32\ikeext.dll
12:24:51.0331 3516 IKEEXT - ok
12:24:51.0423 3516 [ 04bef1c4aa990e0d5851c7532fc8642c ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:24:51.0514 3516 IntcAzAudAddService - ok
12:24:51.0578 3516 [ 97469037714070e45194ed318d636401 ] intelide C:\Windows\system32\drivers\intelide.sys
12:24:51.0579 3516 intelide - ok
12:24:51.0596 3516 [ ce44cc04262f28216dd4341e9e36a16f ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:24:51.0597 3516 intelppm - ok
12:24:51.0624 3516 [ 88cf5281ed9880d74dc9011cf8b5262d ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:24:51.0627 3516 IPBusEnum - ok
12:24:51.0641 3516 [ 880c6f86cc3f551b8fea2c11141268c0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:51.0644 3516 IpFilterDriver - ok
12:24:51.0702 3516 [ ecc9ad72cfc4ab41cf6a9bcc11f9fef6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:24:51.0706 3516 iphlpsvc - ok
12:24:51.0714 3516 IpInIp - ok
12:24:51.0743 3516 [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:24:51.0746 3516 IPMIDRV - ok
12:24:51.0761 3516 [ 10077c35845101548037df04fd1a420b ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:24:51.0764 3516 IPNAT - ok
12:24:51.0823 3516 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:24:51.0850 3516 iPod Service - ok
12:24:51.0870 3516 [ a82f328f4792304184642d6d397bb1e3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:24:51.0872 3516 IRENUM - ok
12:24:51.0885 3516 [ 350fca7e73cf65bcef43fae1e4e91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:24:51.0888 3516 isapnp - ok
12:24:51.0916 3516 [ 4dca456d4d5723f8fa9c6760d240b0df ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:24:51.0920 3516 iScsiPrt - ok
12:24:51.0938 3516 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:24:51.0939 3516 iteatapi - ok
12:24:51.0961 3516 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:24:51.0963 3516 iteraid - ok
12:24:51.0976 3516 [ b076b2ab806b3f696dab21375389101c ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:24:51.0978 3516 kbdclass - ok
12:24:51.0992 3516 [ d2600cb17b7408b4a83f231dc9a11ac3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:24:52.0004 3516 kbdhid - ok
12:24:52.0024 3516 [ c731b1fe449d4e9cea358c9d55b69be9 ] KeyIso C:\Windows\system32\lsass.exe
12:24:52.0027 3516 KeyIso - ok
12:24:52.0050 3516 [ 0a829977b078dea11641fc2af87ceade ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:24:52.0058 3516 KSecDD - ok
12:24:52.0117 3516 [ 45c537fe5dde9a0146aeff76e615737d ] KtmRm C:\Windows\system32\msdtckrm.dll
12:24:52.0134 3516 KtmRm - ok
12:24:52.0163 3516 [ 53d1482fc1aa36ac015a85e6cf2146bd ] LanmanServer C:\Windows\System32\srvsvc.dll
12:24:52.0173 3516 LanmanServer - ok
12:24:52.0219 3516 [ 435f0f6dc87a4b5da78f1fa309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:24:52.0227 3516 LanmanWorkstation - ok
12:24:52.0272 3516 [ fd015b4f95daa2b712f0e372a116fbad ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:24:52.0274 3516 lltdio - ok
12:24:52.0291 3516 [ 7450dbcf754391dd6363fffd5ef0e789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:24:52.0297 3516 lltdsvc - ok
12:24:52.0317 3516 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:24:52.0319 3516 lmhosts - ok
12:24:52.0347 3516 [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:24:52.0349 3516 LSI_FC - ok
12:24:52.0361 3516 [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:24:52.0363 3516 LSI_SAS - ok
12:24:52.0402 3516 [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:24:52.0404 3516 LSI_SCSI - ok
12:24:52.0426 3516 [ 42885bb44b6e065b8575a8dd6c430c52 ] luafv C:\Windows\system32\drivers\luafv.sys
12:24:52.0429 3516 luafv - ok
12:24:52.0595 3516 [ 6c42815dd57e397f0cd988304b5eb4b3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
12:24:52.0694 3516 LVUVC - ok
12:24:52.0716 3516 [ e93c1ad58e88a0846eaee10671c2a8f3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:24:52.0719 3516 Mcx2Svc - ok
12:24:52.0747 3516 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:24:52.0748 3516 mdmxsdk - ok
12:24:52.0773 3516 [ d153b14fc6598eae8422a2037553adce ] megasas C:\Windows\system32\drivers\megasas.sys
12:24:52.0775 3516 megasas - ok
12:24:52.0791 3516 [ 9dfa3a459af0954aa85b4f7622ad87bb ] MMCSS C:\Windows\system32\mmcss.dll
12:24:52.0795 3516 MMCSS - ok
12:24:52.0808 3516 [ 21755967298a46fb6adfec9db6012211 ] Modem C:\Windows\system32\drivers\modem.sys
12:24:52.0810 3516 Modem - ok
12:24:52.0858 3516 [ 7446e104a5fe5987ca9e4983fbac4f97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:24:52.0860 3516 monitor - ok
12:24:52.0878 3516 [ 5fba13c1a1841b0885d316ed3589489d ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:24:52.0880 3516 mouclass - ok
12:24:52.0894 3516 [ b569b5c5d3bde545df3a6af512cccdba ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:24:52.0896 3516 mouhid - ok
12:24:52.0921 3516 [ 01f1e5a3e4877c931cbb31613fec16a6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:24:52.0923 3516 MountMgr - ok
12:24:52.0959 3516 [ fee0baded54222e9f1dae9541212aab1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:24:52.0963 3516 MpFilter - ok
12:24:53.0002 3516 [ 583a41f26278d9e0ea548163d6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:24:53.0005 3516 mpio - ok
12:24:53.0031 3516 [ 2c3489660d4a8d514c123c3f0d67df46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
12:24:53.0033 3516 MpNWMon - ok
12:24:53.0063 3516 [ 6e7a7f0c1193ee5648443fe2d4b789ec ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:24:53.0065 3516 mpsdrv - ok
12:24:53.0112 3516 [ 563ed845885c6a7c09a7715d8bd0585c ] MpsSvc C:\Windows\system32\mpssvc.dll
12:24:53.0123 3516 MpsSvc - ok
12:24:53.0146 3516 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:24:53.0148 3516 Mraid35x - ok
12:24:53.0173 3516 [ 1d8828b98ee309d65e006f0829e280e5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:24:53.0176 3516 MRxDAV - ok
12:24:53.0188 3516 [ 8af705ce1bb907932157fab821170f27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:53.0191 3516 mrxsmb - ok
12:24:53.0217 3516 [ 47e13ab23371be3279eef22bbfa2c1be ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:53.0221 3516 mrxsmb10 - ok
12:24:53.0238 3516 [ 90b3fc7bd6b3d7ee7635debba2187f66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:53.0254 3516 mrxsmb20 - ok
12:24:53.0273 3516 [ 742aed7939e734c36b7e8d6228ce26b7 ] msahci C:\Windows\system32\drivers\msahci.sys
12:24:53.0274 3516 msahci - ok
12:24:53.0289 3516 [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:24:53.0291 3516 msdsm - ok
12:24:53.0310 3516 [ bc64a92d821efea8bab8e8caf1b668bc ] MSDTC C:\Windows\System32\msdtc.exe
12:24:53.0314 3516 MSDTC - ok
12:24:53.0331 3516 [ 729eafefd4e7417165f353a18dbe947d ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:24:53.0332 3516 Msfs - ok
12:24:53.0373 3516 [ 5f454a16a5146cd91a176d70f0cfa3ec ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:24:53.0374 3516 msisadrv - ok
12:24:53.0401 3516 [ 8acf956d9154e893e789881430c12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:24:53.0404 3516 MSiSCSI - ok
12:24:53.0413 3516 msiserver - ok
12:24:53.0428 3516 [ 892cedefa7e0ffe7be8da651b651d047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:24:53.0429 3516 MSKSSRV - ok
12:24:53.0477 3516 [ cfce43b70ca0cc4dcc8adb62b792b173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:24:53.0480 3516 MsMpSvc - ok
12:24:53.0487 3516 [ ae2cb1da69b2676b4cee2a501af5871c ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:53.0489 3516 MSPCLOCK - ok
12:24:53.0498 3516 [ f910da84fa90c44a3addb7cd874463fd ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:24:53.0499 3516 MSPQM - ok
12:24:53.0519 3516 [ 84571c0ae07647ba38d493f5f0015df7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:24:53.0551 3516 MsRPC - ok
12:24:53.0567 3516 [ 4385c80ede885e25492d408cad91bd6f ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:24:53.0567 3516 mssmbios - ok
12:24:53.0568 3516 [ c826dd1373f38afd9ca46ec3c436a14e ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:24:53.0568 3516 MSTEE - ok
12:24:53.0571 3516 [ fa7aa70050cf5e2d15de00941e5665e5 ] Mup C:\Windows\system32\Drivers\mup.sys
12:24:53.0573 3516 Mup - ok
12:24:53.0609 3516 [ 1cdbb5d002fe2bc5300aa20550d8a52e ] napagent C:\Windows\system32\qagentRT.dll
12:24:53.0626 3516 napagent - ok
12:24:53.0679 3516 [ 6da4a0fc7c0e83df0cb3cfd0a514c3bc ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:24:53.0683 3516 NativeWifiP - ok
12:24:53.0762 3516 [ b498a14133bd09ad0817590ace4470ad ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:24:53.0795 3516 NBService - ok
12:24:53.0826 3516 [ 227c11e1e7cf6ef8afb2a238d209760c ] NDIS C:\Windows\system32\drivers\ndis.sys
12:24:53.0843 3516 NDIS - ok
12:24:53.0862 3516 [ 81659cdcbd0f9a9e07e6878ad8c78d3f ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:53.0864 3516 NdisTapi - ok
12:24:53.0887 3516 [ 5de5ee546bf40838ebe0e01cb629df64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:53.0888 3516 Ndisuio - ok
12:24:53.0902 3516 [ 397402adcbb8946223a1950101f6cd94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:53.0905 3516 NdisWan - ok
12:24:53.0917 3516 [ 1b24fa907af283199a81b3bb37e5e526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:24:53.0919 3516 NDProxy - ok
12:24:53.0938 3516 [ 356dbb9f98e8dc1028dd3092fceeb877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:24:53.0940 3516 NetBIOS - ok
12:24:53.0958 3516 [ e3a168912e7eefc3bd3b814720d68b41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:24:53.0963 3516 netbt - ok
12:24:53.0974 3516 [ c731b1fe449d4e9cea358c9d55b69be9 ] Netlogon C:\Windows\system32\lsass.exe
12:24:53.0976 3516 Netlogon - ok
12:24:54.0009 3516 [ 90a4dae28b94497f83bea0f2a3b77092 ] Netman C:\Windows\System32\netman.dll
12:24:54.0018 3516 Netman - ok
12:24:54.0043 3516 [ 7c5c3d9ceee838856b828ab6f98a2857 ] netprofm C:\Windows\System32\netprofm.dll
12:24:54.0049 3516 netprofm - ok
12:24:54.0078 3516 [ 0ad5876ef4e9eb77c8f93eb5b2fff386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:54.0081 3516 NetTcpPortSharing - ok
12:24:54.0248 3516 [ 6e9edc1020b319e7676387b8cdf2398c ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
12:24:54.0465 3516 NETw2v32 - ok
12:24:54.0487 3516 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:24:54.0489 3516 nfrd960 - ok
12:24:54.0530 3516 [ c424117a562f2de37a42266894c79aeb ] NlaSvc C:\Windows\System32\nlasvc.dll
12:24:54.0534 3516 NlaSvc - ok
12:24:54.0607 3516 [ a328a46d87bb92ce4d8a4528e9d84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:24:54.0613 3516 NMIndexingService - ok
12:24:54.0626 3516 [ 4f9832beb9fafd8ceb0e541f1323b26e ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:24:54.0628 3516 Npfs - ok
12:24:54.0652 3516 [ 23b8201a363de0e649fc75ee9874dee2 ] nsi C:\Windows\system32\nsisvc.dll
12:24:54.0655 3516 nsi - ok
12:24:54.0678 3516 [ b488dfec274de1fc9d653870ef2587be ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:24:54.0680 3516 nsiproxy - ok
12:24:54.0736 3516 [ 37430aa7a66d7a63407adc2c0d05e9f6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:24:54.0769 3516 Ntfs - ok
12:24:54.0801 3516 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:24:54.0802 3516 ntrigdigi - ok
12:24:54.0814 3516 [ ec5efb3c60f1b624648344a328bce596 ] Null C:\Windows\system32\drivers\Null.sys
12:24:54.0816 3516 Null - ok
12:24:54.0831 3516 [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:24:54.0834 3516 nvraid - ok
12:24:54.0845 3516 [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:24:54.0847 3516 nvstor - ok
12:24:54.0861 3516 [ 07c186427eb8fcc3d8d7927187f260f7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:24:54.0863 3516 nv_agp - ok
12:24:54.0871 3516 NwlnkFlt - ok
12:24:54.0882 3516 NwlnkFwd - ok
12:24:54.0991 3516 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:24:55.0009 3516 odserv - ok
12:24:55.0054 3516 [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:24:55.0056 3516 ohci1394 - ok
12:24:55.0128 3516 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:55.0131 3516 ose - ok
12:24:55.0169 3516 [ 016d01d3b8fb976a193c7434bed8dccf ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:24:55.0194 3516 p2pimsvc - ok
12:24:55.0230 3516 [ 016d01d3b8fb976a193c7434bed8dccf ] p2psvc C:\Windows\system32\p2psvc.dll
12:24:55.0237 3516 p2psvc - ok
12:24:55.0290 3516 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:24:55.0292 3516 Parport - ok
12:24:55.0303 3516 [ 555a5b2c8022983bc7467bc925b222ee ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:24:55.0304 3516 partmgr - ok
12:24:55.0320 3516 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:24:55.0322 3516 Parvdm - ok
12:24:55.0341 3516 [ d8c5c215c932233a4f1d7f368f4e4e65 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:24:55.0344 3516 PcaSvc - ok
12:24:55.0355 3516 [ 1085d75657807e0e8b32f9e19a1647c3 ] pci C:\Windows\system32\drivers\pci.sys
12:24:55.0359 3516 pci - ok
12:24:55.0405 3516 [ caba65e9c41cd2900d4c92d4f825c5f8 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:24:55.0406 3516 pciide - ok
12:24:55.0460 3516 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:24:55.0463 3516 pcmcia - ok
12:24:55.0529 3516 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:24:55.0561 3516 PEAUTH - ok
12:24:55.0633 3516 [ cd05a38d166beade18030bafc0c0a939 ] pla C:\Windows\system32\pla.dll
12:24:55.0676 3516 pla - ok
12:24:55.0702 3516 [ 747bb4c31f3b6e8d1b5ed0ad61518cb5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:24:55.0709 3516 PlugPlay - ok
12:24:55.0744 3516 [ 016d01d3b8fb976a193c7434bed8dccf ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:24:55.0752 3516 PNRPAutoReg - ok
12:24:55.0777 3516 [ 016d01d3b8fb976a193c7434bed8dccf ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:24:55.0785 3516 PNRPsvc - ok
12:24:55.0808 3516 [ 5ebdec613bd377ce9a85382be5c6b83b ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:24:55.0815 3516 PolicyAgent - ok
12:24:55.0844 3516 [ c04dec5ace67c5247b150c4223970bb7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:24:55.0846 3516 PptpMiniport - ok
12:24:55.0872 3516 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
12:24:55.0873 3516 Processor - ok
12:24:55.0897 3516 [ 213112e152e68f0e4705e36f052a2880 ] ProfSvc C:\Windows\system32\profsvc.dll
12:24:55.0904 3516 ProfSvc - ok
12:24:55.0922 3516 [ c731b1fe449d4e9cea358c9d55b69be9 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:24:55.0925 3516 ProtectedStorage - ok
12:24:55.0952 3516 [ 2c8bae55247c4e09352e870292e4d1ab ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:24:55.0954 3516 PSched - ok
12:24:55.0998 3516 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:24:56.0023 3516 ql2300 - ok
12:24:56.0046 3516 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:24:56.0049 3516 ql40xx - ok
12:24:56.0079 3516 [ ca61bdfd3713a7ce75f2812afc431594 ] QWAVE C:\Windows\system32\qwave.dll
12:24:56.0086 3516 QWAVE - ok
12:24:56.0101 3516 [ d2b3e2b7426dc23e185fbc73c8936c12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:24:56.0103 3516 QWAVEdrv - ok
12:24:56.0189 3516 [ e642b131fb74caf4bb8a014f31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
12:24:56.0239 3516 R300 - ok
12:24:56.0305 3516 [ fbe824717b9537383730c634d06ccfb0 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:24:56.0308 3516 RapiMgr - ok
12:24:56.0321 3516 [ bd7b30f55b3649506dd8b3d38f571d2a ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:24:56.0323 3516 RasAcd - ok
12:24:56.0350 3516 [ f14f4aab9f54d099fe99192bdb100ac9 ] RasAuto C:\Windows\System32\rasauto.dll
12:24:56.0354 3516 RasAuto - ok
12:24:56.0382 3516 [ 68b0019fee429ec49d29017af937e482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:56.0385 3516 Rasl2tp - ok
12:24:56.0408 3516 [ 11d65e29bc9d1e4114d18fe68194394c ] RasMan C:\Windows\System32\rasmans.dll
12:24:56.0416 3516 RasMan - ok
12:24:56.0449 3516 [ ccf4e9c6cbbac81437f88cb2ae0b6c96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:56.0451 3516 RasPppoe - ok
12:24:56.0473 3516 [ 54129c5d9581bbec8bd1ebd3ba813f47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:24:56.0478 3516 rdbss - ok
12:24:56.0487 3516 [ 794585276b5d7fca9f3fc15543f9f0b9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:56.0489 3516 RDPCDD - ok
12:24:56.0519 3516 [ e8bd98d46f2ed77132ba927fccb47d8b ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:24:56.0524 3516 rdpdr - ok
12:24:56.0532 3516 [ 980b56e2e273e19d3a9d72d5c420f008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:24:56.0534 3516 RDPENCDD - ok
12:24:56.0559 3516 [ 8830e790a74a96605faba74f9665bb3c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:24:56.0563 3516 RDPWD - ok
12:24:56.0594 3516 [ 6c1a43c589ee8011a1ebfd51c01b77ce ] RemoteAccess C:\Windows\System32\mprdim.dll
12:24:56.0597 3516 RemoteAccess - ok
12:24:56.0651 3516 [ 9a043808667c8c1893da7275af373f0e ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:24:56.0651 3516 RemoteRegistry - ok
12:24:56.0652 3516 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
12:24:56.0652 3516 RpcLocator - ok
12:24:56.0673 3516 [ 7b981222a257d076885bffb66f19b7ce ] RpcSs C:\Windows\system32\rpcss.dll
12:24:56.0681 3516 RpcSs - ok
12:24:56.0704 3516 [ 97e939d2128fec5d5a3e6e79b290a2f4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:24:56.0706 3516 rspndr - ok
12:24:56.0730 3516 [ c731b1fe449d4e9cea358c9d55b69be9 ] SamSs C:\Windows\system32\lsass.exe
12:24:56.0732 3516 SamSs - ok
12:24:56.0751 3516 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:24:56.0753 3516 sbp2port - ok
12:24:56.0808 3516 [ 565b4b9e5ad2f2f18a4f8aafa6c06bbb ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:24:56.0813 3516 SCardSvr - ok
12:24:56.0851 3516 [ 886cec884b5be29ab9828b8ab46b11f7 ] Schedule C:\Windows\system32\schedsvc.dll
12:24:56.0877 3516 Schedule - ok
12:24:56.0930 3516 [ 3b68015683c27cb00c7a6b60a37cbcfd ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
12:24:56.0931 3516 SCMNdisP - ok
12:24:56.0944 3516 [ 0600e04315fe543802a379d5d23c8be0 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:24:56.0945 3516 SCPolicySvc - ok
12:24:56.0973 3516 [ 4339a2585708c7d9b0c0ce5aad3dd6ff ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:24:56.0975 3516 sdbus - ok
12:24:56.0999 3516 [ f7b6bf02240d0a764adf8c8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:24:57.0003 3516 SDRSVC - ok
12:24:57.0020 3516 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:24:57.0021 3516 secdrv - ok
12:24:57.0037 3516 [ 8388c4133ddbe62ad7bc3ec9f14271ed ] seclogon C:\Windows\system32\seclogon.dll
12:24:57.0041 3516 seclogon - ok
12:24:57.0053 3516 [ 34350ae2c1d33d21c7305f861bd8dad8 ] SENS C:\Windows\system32\sens.dll
12:24:57.0058 3516 SENS - ok
12:24:57.0073 3516 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:24:57.0075 3516 Serenum - ok
12:24:57.0088 3516 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:24:57.0091 3516 Serial - ok
12:24:57.0109 3516 [ 450accd77ec5cea720c1cdb9e26b953b ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:24:57.0110 3516 sermouse - ok
12:24:57.0154 3516 [ 78878235da4df0d116e86837a0a21df8 ] SessionEnv C:\Windows\system32\sessenv.dll
12:24:57.0160 3516 SessionEnv - ok
12:24:57.0181 3516 [ 103b79418da647736ee95645f305f68a ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:24:57.0183 3516 sffdisk - ok
12:24:57.0201 3516 [ 8fd08a310645fe872eeec6e08c6bf3ee ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:24:57.0202 3516 sffp_mmc - ok
12:24:57.0219 3516 [ 9cfa05fcfcb7124e69cfc812b72f9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:24:57.0220 3516 sffp_sd - ok
12:24:57.0250 3516 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:24:57.0252 3516 sfloppy - ok
12:24:57.0300 3516 [ 9a82bf4c90b00a63150a606a1e2fd82b ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:24:57.0307 3516 SharedAccess - ok
12:24:57.0328 3516 [ b264dfa21677728613267fe63802b332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:24:57.0335 3516 ShellHWDetection - ok
12:24:57.0352 3516 [ d2a595d6eebeeaf4334f8e50efbc9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:24:57.0354 3516 sisagp - ok
12:24:57.0367 3516 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:24:57.0369 3516 SiSRaid2 - ok
12:24:57.0384 3516 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:24:57.0386 3516 SiSRaid4 - ok
12:24:57.0496 3516 [ a1dcd30534835cb67733ad00175125a6 ] slsvc C:\Windows\system32\SLsvc.exe
12:24:57.0587 3516 slsvc - ok
12:24:57.0627 3516 [ 56da296e7b376a727e7bdc5ac7fbee02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:24:57.0658 3516 SLUINotify - ok
12:24:57.0658 3516 [ ac0d90738adb51a6fd12ff00874a2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:24:57.0674 3516 Smb - ok
12:24:57.0676 3516 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:24:57.0680 3516 SNMPTRAP - ok
12:24:57.0714 3516 [ 426f9b029aa9162ceccf65369457d046 ] spldr C:\Windows\system32\drivers\spldr.sys
12:24:57.0716 3516 spldr - ok
12:24:57.0746 3516 [ da612ef2556776df2630b68bf2d48935 ] Spooler C:\Windows\System32\spoolsv.exe
12:24:57.0754 3516 Spooler - ok
12:24:57.0785 3516 [ 038579c35f7cad4a4bbf735dbf83277d ] srv C:\Windows\system32\DRIVERS\srv.sys
12:24:57.0791 3516 srv - ok
12:24:57.0817 3516 [ 6971a757af8cb5e2cbcbb76cc530db6c ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:24:57.0820 3516 srv2 - ok
12:24:57.0830 3516 [ 9e1a4603b874eebce0298113951abefb ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:24:57.0832 3516 srvnet - ok
12:24:57.0865 3516 [ 8d3e4baff8b3997138c38eb1b600519a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:24:57.0871 3516 SSDPSRV - ok
12:24:57.0903 3516 [ a941e099ef46e3cc12f898cbe1c39910 ] stisvc C:\Windows\System32\wiaservc.dll
12:24:57.0921 3516 stisvc - ok
12:24:57.0946 3516 [ 1379bdb336f8158c176a465e30759f57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:24:57.0948 3516 swenum - ok
12:24:57.0965 3516 [ 749ada8d6c18a08adfede69cbf5db2e0 ] swprv C:\Windows\System32\swprv.dll
12:24:57.0974 3516 swprv - ok
12:24:57.0993 3516 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:24:57.0994 3516 Symc8xx - ok
12:24:58.0009 3516 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:24:58.0011 3516 Sym_hi - ok
12:24:58.0027 3516 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:24:58.0029 3516 Sym_u3 - ok
12:24:58.0059 3516 [ 8f2b5fede18bd3c4c926cbf88e6f1264 ] SysMain C:\Windows\system32\sysmain.dll
12:24:58.0076 3516 SysMain - ok
12:24:58.0101 3516 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:24:58.0106 3516 TabletInputService - ok
12:24:58.0127 3516 [ ef3dd33c740fc2f82e7e4622f1c49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:24:58.0134 3516 TapiSrv - ok
12:24:58.0154 3516 [ 68fa52794ae9acc61bde16fe0956b414 ] TBS C:\Windows\System32\tbssvc.dll
12:24:58.0159 3516 TBS - ok
12:24:58.0208 3516 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:24:58.0236 3516 Tcpip - ok
12:24:58.0266 3516 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:24:58.0274 3516 Tcpip6 - ok
12:24:58.0300 3516 [ 5ce0c4a7b12d0067dad527d72b68c726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:24:58.0302 3516 tcpipreg - ok
12:24:58.0318 3516 [ 964248aef49c31fa6a93201a73ffaf50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:24:58.0320 3516 TDPIPE - ok
12:24:58.0329 3516 [ 7d2c1ae1648a60fce4aa0f7982e419d3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:24:58.0331 3516 TDTCP - ok
12:24:58.0349 3516 [ ab4fde8af4a0270a46a001c08cbce1c2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:24:58.0351 3516 tdx - ok
12:24:58.0365 3516 [ 2c549bd9dd091fbfaa0a2a48e82ec2fb ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:24:58.0367 3516 TermDD - ok
12:24:58.0401 3516 [ fad71c1e8e4047b154e899ae31eb8caa ] TermService C:\Windows\System32\termsrv.dll
12:24:58.0418 3516 TermService - ok
12:24:58.0436 3516 [ b264dfa21677728613267fe63802b332 ] Themes C:\Windows\system32\shsvcs.dll
12:24:58.0442 3516 Themes - ok
12:24:58.0450 3516 [ 9dfa3a459af0954aa85b4f7622ad87bb ] THREADORDER C:\Windows\system32\mmcss.dll
12:24:58.0453 3516 THREADORDER - ok
12:24:58.0471 3516 [ 6bba0582c0025d43729a1112d3b57897 ] TrkWks C:\Windows\System32\trkwks.dll
12:24:58.0480 3516 TrkWks - ok
12:24:58.0522 3516 [ 34e388a395fedba1d0511ed39bbf4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:24:58.0524 3516 TrustedInstaller - ok
12:24:58.0556 3516 [ 29f0eca726f0d51f7e048bdb0b372f29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:58.0557 3516 tssecsrv - ok
12:24:58.0609 3516 [ 65e953bc0084d44498b51f59784d2a82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:24:58.0611 3516 tunmp - ok
12:24:58.0634 3516 [ 4a39bda5e0fd30bdf4884f9d33ae6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:24:58.0636 3516 tunnel - ok
12:24:58.0669 3516 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:24:58.0685 3516 uagp35 - ok
12:24:58.0701 3516 [ 6348da98707ceda8a0dfb05820e17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:24:58.0701 3516 udfs - ok
12:24:58.0709 3516 [ 24a333f4f14dcfb6ff6d5a1b9e5d79dd ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:24:58.0713 3516 UI0Detect - ok
12:24:58.0744 3516 [ 75e6890ebfce0841d3291b02e7a8bdb0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:24:58.0747 3516 uliagpkx - ok
12:24:58.0766 3516 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:24:58.0771 3516 uliahci - ok
12:24:58.0792 3516 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:24:58.0795 3516 UlSata - ok
12:24:58.0814 3516 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:24:58.0816 3516 ulsata2 - ok
12:24:58.0833 3516 [ 3fb78f1d1dd86d87bececd9dffa24dd9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:24:58.0835 3516 umbus - ok
12:24:58.0870 3516 [ 8b802b483cbde06f62dbc04dc7afaf8e ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:24:58.0878 3516 UMVPFSrv - ok
12:24:58.0910 3516 [ 8eb871a3deb6b3d5a85eb6ddfc390b59 ] upnphost C:\Windows\System32\upnphost.dll
12:24:58.0919 3516 upnphost - ok
12:24:58.0980 3516 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:24:58.0981 3516 USBAAPL - ok
12:24:59.0034 3516 [ f6bf998ae33e3fb6c7d27f0560f1173f ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:24:59.0036 3516 usbaudio - ok
12:24:59.0059 3516 [ 51480458e6e9863f856ebf35aae801b4 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:59.0061 3516 usbccgp - ok
12:24:59.0088 3516 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:24:59.0090 3516 usbcir - ok
12:24:59.0143 3516 [ 11fa3acbf0de0286829c69e01fe705e4 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:24:59.0144 3516 usbehci - ok
12:24:59.0172 3516 [ 6a7858a38b5105731e219e7c6a238730 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:24:59.0177 3516 usbhub - ok
12:24:59.0202 3516 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:24:59.0204 3516 usbohci - ok
12:24:59.0213 3516 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:24:59.0216 3516 usbprint - ok
12:24:59.0244 3516 [ 7887ce56934e7f104e98c975f47353c5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:59.0246 3516 USBSTOR - ok
12:24:59.0258 3516 [ 4013315fed70a2d293b998cbba4022ee ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:24:59.0260 3516 usbuhci - ok
12:24:59.0315 3516 [ 0a6b81f01bc86399482e27e6fda7b33b ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:24:59.0319 3516 usbvideo - ok
12:24:59.0341 3516 [ db4721908daa0383ee82ffe430aebae1 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:24:59.0343 3516 usb_rndisx - ok
12:24:59.0374 3516 [ f79d0d7c9004474cb42746d9b2c30a2b ] UxSms C:\Windows\System32\uxsms.dll
12:24:59.0378 3516 UxSms - ok
12:24:59.0401 3516 [ c9d0bafee0d0a2681f048ca61bc0da96 ] vds C:\Windows\System32\vds.exe
12:24:59.0410 3516 vds - ok
12:24:59.0463 3516 [ 7d92be0028ecdedec74617009084b5ef ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:59.0465 3516 vga - ok
12:24:59.0480 3516 [ 17a8f877314e4067f8c8172cc6d9101c ] VgaSave C:\Windows\System32\drivers\vga.sys
12:24:59.0482 3516 VgaSave - ok
12:24:59.0499 3516 [ 045d9961e591cf0674a920b6ba3ba5cb ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:24:59.0501 3516 viaagp - ok
12:24:59.0521 3516 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:24:59.0523 3516 ViaC7 - ok
12:24:59.0532 3516 [ fd2e3175fcada350c7ab4521dca187ec ] viaide C:\Windows\system32\drivers\viaide.sys
12:24:59.0535 3516 viaide - ok
12:24:59.0550 3516 [ 103e84c95832d0ed93507997cc7b54e8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:24:59.0552 3516 volmgr - ok
12:24:59.0571 3516 [ 294da8d3f965f6a8db934a83c7b461ff ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:24:59.0578 3516 volmgrx - ok
12:24:59.0602 3516 [ 80dc0c9bcb579ed9815001a4d37cbfd5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:24:59.0607 3516 volsnap - ok
12:24:59.0629 3516 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:24:59.0632 3516 vsmraid - ok
12:24:59.0679 3516 [ e0e29d9ef2524abd11749c7c2fd7f607 ] VSS C:\Windows\system32\vssvc.exe
12:24:59.0729 3516 VSS - ok
12:24:59.0730 3516 [ 62b0d0f6f5580d9d0dfa5e0b466ff2ed ] W32Time C:\Windows\system32\w32time.dll
12:24:59.0736 3516 W32Time - ok
12:24:59.0763 3516 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:24:59.0764 3516 WacomPen - ok
12:24:59.0787 3516 [ 6798c1209a53b5a0ded8d437c45145ff ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:24:59.0789 3516 Wanarp - ok
12:24:59.0804 3516 [ 6798c1209a53b5a0ded8d437c45145ff ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:24:59.0805 3516 Wanarpv6 - ok
12:24:59.0836 3516 [ 3350874e51132ea86d153c1b566e261d ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:24:59.0842 3516 WcesComm - ok
12:24:59.0874 3516 [ c1b19162e0509ceab4cdf664e139d956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:24:59.0881 3516 wcncsvc - ok
12:24:59.0901 3516 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:24:59.0905 3516 WcsPlugInService - ok
12:24:59.0929 3516 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
12:24:59.0930 3516 Wd - ok
12:24:59.0967 3516 [ 6d77ff2224d2d3984760acbdf4024a7b ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:24:59.0976 3516 Wdf01000 - ok
12:24:59.0990 3516 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:24:59.0995 3516 WdiServiceHost - ok
12:25:00.0007 3516 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:25:00.0010 3516 WdiSystemHost - ok
12:25:00.0032 3516 [ 01e41c264eedcb827820a1909162579f ] WebClient C:\Windows\System32\webclnt.dll
12:25:00.0050 3516 WebClient - ok
12:25:00.0079 3516 [ 9cf67ff7f8d34cbf115d0c278b9f74aa ] Wecsvc C:\Windows\system32\wecsvc.dll
12:25:00.0086 3516 Wecsvc - ok
12:25:00.0099 3516 [ b68cab45db1dab59d92acadfad6364a8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:25:00.0108 3516 wercplsupport - ok
12:25:00.0123 3516 [ 36ba0707680ef4236fd752bee982cc25 ] WerSvc C:\Windows\System32\WerSvc.dll
12:25:00.0129 3516 WerSvc - ok
12:25:00.0160 3516 [ cf27edac75c87f2b776d9218f02f8301 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:25:00.0177 3516 winachsf - ok
12:25:00.0231 3516 [ 0d5ad0e71ff5ddac5dd2f443b499abd0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:25:00.0237 3516 WinDefend - ok
12:25:00.0246 3516 WinHttpAutoProxySvc - ok
12:25:00.0303 3516 [ 38a7b89de4e3417c122317949667fdd8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:25:00.0307 3516 Winmgmt - ok
12:25:00.0339 3516 [ 3f6823040030c3e4da1cf11cd40b7534 ] WinRM C:\Windows\system32\WsmSvc.dll
12:25:00.0357 3516 WinRM - ok
12:25:00.0388 3516 [ 7640acea41348bfef34b76e245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:25:00.0405 3516 Wlansvc - ok
12:25:00.0426 3516 [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:25:00.0427 3516 WmiAcpi - ok
12:25:00.0462 3516 [ a279323bee5fffafda222910bce92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:25:00.0466 3516 wmiApSrv - ok
12:25:00.0524 3516 [ acb2e63d50157e3ea7140f29d9e76a48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:25:00.0549 3516 WMPNetworkSvc - ok
12:25:00.0583 3516 [ 3d3b3b80c12abe506f56930c46422c28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:25:00.0590 3516 WPCSvc - ok
12:25:00.0598 3516 [ c24844a1d0d9528b19d5bc266b8cd572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:25:00.0603 3516 WPDBusEnum - ok
12:25:00.0625 3516 [ 2d27171b16a577ef14c1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:25:00.0627 3516 WpdUsb - ok
12:25:00.0653 3516 [ 84620aecdcfd2a7a14e6263927d8c0ed ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:25:00.0654 3516 ws2ifsl - ok
12:25:00.0670 3516 [ f97cbb919af6d0a6643d1a59c15014d1 ] wscsvc C:\Windows\system32\wscsvc.dll
12:25:00.0675 3516 wscsvc - ok
12:25:00.0683 3516 WSearch - ok
12:25:00.0763 3516 [ d0697918519a4cf059c2c7e3b9e93a53 ] WSWNA3100 C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
12:25:00.0763 3516 WSWNA3100 - ok
12:25:00.0879 3516 [ 6298277b73c77fa99106b271a7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
12:25:00.0929 3516 wuauserv - ok
12:25:00.0987 3516 [ a2aafcc8a204736296d937c7c545b53f ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:25:01.0007 3516 WUDFRd - ok
12:25:01.0071 3516 [ db5bf5aab72b1b99b5331231d09ebb26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:25:01.0098 3516 wudfsvc - ok
12:25:01.0150 3516 [ 5a7ff9a18ff6d7e0527fe3abf9204ef8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:25:01.0173 3516 XAudio - ok
12:25:01.0220 3516 [ 28dc5d626e036a75a572556f0a6eb1f6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:25:01.0232 3516 XAudioService - ok
12:25:01.0265 3516 ================ Scan global ===============================
12:25:01.0322 3516 (8cd98a8ec9cadaf4e051cdcac15c96c4) C:\Windows\system32\basesrv.dll
12:25:01.0369 3516 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:25:01.0395 3516 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:25:01.0421 3516 (329cf3c97ce4c19375c8abcabae258b0) C:\Windows\system32\services.exe
12:25:01.0438 3516 [Global] - ok
12:25:01.0438 3516 ================ Scan MBR ==================================
12:25:01.0455 3516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:25:01.0640 3516 \Device\Harddisk0\DR0 - ok
12:25:01.0647 3516 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
12:25:01.0655 3516 \Device\Harddisk1\DR1 - ok
12:25:01.0658 3516 ================ Scan VBR ==================================
12:25:01.0661 3516 Boot (0x1200) (cc6b02fbd6916138bcd4f0d5d7b9a256) \Device\Harddisk0\DR0\Partition1
12:25:01.0663 3516 \Device\Harddisk0\DR0\Partition1 - ok
12:25:01.0693 3516 Boot (0x1200) (1f0bc9e263e784422453f4c576dfc035) \Device\Harddisk0\DR0\Partition2
12:25:01.0695 3516 \Device\Harddisk0\DR0\Partition2 - ok
12:25:01.0701 3516 Boot (0x1200) (4d96783a1ceca947ba1ea12a02b83970) \Device\Harddisk1\DR1\Partition1
12:25:01.0703 3516 \Device\Harddisk1\DR1\Partition1 - ok
12:25:01.0708 3516 ============================================================
12:25:01.0708 3516 Scan finished
12:25:01.0708 3516 ============================================================
12:25:01.0728 4016 Detected object count: 0
12:25:01.0728 4016 Actual detected object count: 0
12:25:51.0513 1636 ============================================================
12:25:51.0513 1636 Scan started
12:25:51.0513 1636 Mode: Manual;
12:25:51.0514 1636 ============================================================
12:25:51.0640 1636 ================ Scan services =============================
12:25:51.0761 1636 [ 4b56caafed0b0b996341d74ce0e76565 ] ac97intc C:\Windows\system32\drivers\ac97intc.sys
12:25:51.0762 1636 ac97intc - ok
12:25:51.0788 1636 [ 84fc6df81212d16be5c4f441682feccc ] ACPI C:\Windows\system32\drivers\acpi.sys
12:25:51.0791 1636 ACPI - ok
12:25:51.0842 1636 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:25:51.0844 1636 AdobeFlashPlayerUpdateSvc - ok
12:25:51.0864 1636 [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:25:51.0867 1636 adp94xx - ok
12:25:51.0925 1636 [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:25:51.0927 1636 adpahci - ok
12:25:51.0946 1636 [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:25:51.0947 1636 adpu160m - ok
12:25:51.0991 1636 [ 9ae713f8e30efc2abccd84904333df4d ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:25:51.0991 1636 adpu320 - ok
12:25:52.0007 1636 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:25:52.0007 1636 AeLookupSvc - ok
12:25:52.0023 1636 [ 5d24caf8efd924a875698ff28384db8b ] AFD C:\Windows\system32\drivers\afd.sys
12:25:52.0026 1636 AFD - ok
12:25:52.0042 1636 [ ef23439cdd587f64c2c1b8825cead7d8 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:25:52.0043 1636 agp440 - ok
12:25:52.0065 1636 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:25:52.0066 1636 aic78xx - ok
12:25:52.0082 1636 [ e69fb0e3112c40fdc0ef7d21a52dc951 ] ALG C:\Windows\System32\alg.exe
12:25:52.0083 1636 ALG - ok
12:25:52.0098 1636 [ 90395b64600ebb4552e26e178c94b2e4 ] aliide C:\Windows\system32\drivers\aliide.sys
12:25:52.0098 1636 aliide - ok
12:25:52.0115 1636 [ 2b13e304c9dfdfa5eb582f6a149fa2c7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:25:52.0116 1636 amdagp - ok
12:25:52.0134 1636 [ 0577df1d323fe75a739c787893d300ea ] amdide C:\Windows\system32\drivers\amdide.sys
12:25:52.0135 1636 amdide - ok
12:25:52.0153 1636 [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:25:52.0154 1636 AmdK7 - ok
12:25:52.0172 1636 [ 0ca0071da4315b00fc1328ca86b425da ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:25:52.0173 1636 AmdK8 - ok
12:25:52.0196 1636 [ cfa455816879f06f1c4e5bbf9e8aef7d ] Appinfo C:\Windows\System32\appinfo.dll
12:25:52.0197 1636 Appinfo - ok
12:25:52.0267 1636 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:25:52.0268 1636 Apple Mobile Device - ok
12:25:52.0296 1636 [ 5f673180268bb1fdb69c99b6619fe379 ] arc C:\Windows\system32\drivers\arc.sys
12:25:52.0297 1636 arc - ok
12:25:52.0324 1636 [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:25:52.0325 1636 arcsas - ok
12:25:52.0347 1636 [ e86cf7ce67d5de898f27ef884dc357d8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:25:52.0347 1636 AsyncMac - ok
12:25:52.0371 1636 [ b35cfcef838382ab6490b321c87edf17 ] atapi C:\Windows\system32\drivers\atapi.sys
12:25:52.0372 1636 atapi - ok
12:25:52.0408 1636 [ e760fc1bd68f7f6f1b17eb4e8d9480b0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:25:52.0411 1636 AudioEndpointBuilder - ok
12:25:52.0433 1636 [ e760fc1bd68f7f6f1b17eb4e8d9480b0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:25:52.0436 1636 Audiosrv - ok
12:25:52.0455 1636 [ 08015d34f6fdd0b355805bad978497c3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
12:25:52.0456 1636 bcm4sbxp - ok
12:25:52.0502 1636 [ 601259276b934f0c938bff4f558c5691 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
12:25:52.0508 1636 BCMH43XX - ok
12:25:52.0518 1636 [ ac3dd1708b22761ebd7cbe14dcc3b5d7 ] Beep C:\Windows\system32\drivers\Beep.sys
12:25:52.0519 1636 Beep - ok
12:25:52.0544 1636 [ 98ebdffb824a7c265337d68dd480e45c ] BFE C:\Windows\System32\bfe.dll
12:25:52.0547 1636 BFE - ok
12:25:52.0585 1636 [ 2c69ec7e5a311334d10dd95f338fccea ] BITS C:\Windows\system32\qmgr.dll
12:25:52.0590 1636 BITS - ok
12:25:52.0598 1636 blbdrive - ok
12:25:52.0642 1636 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:25:52.0646 1636 Bonjour Service - ok
12:25:52.0665 1636 [ 913cd06fbe9105ce6077e90fd4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:25:52.0666 1636 bowser - ok
12:25:52.0690 1636 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:25:52.0691 1636 BrFiltLo - ok
12:25:52.0701 1636 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:25:52.0702 1636 BrFiltUp - ok
12:25:52.0734 1636 [ beb6470532b7461d7bb426e3facb424f ] Browser C:\Windows\System32\browser.dll
12:25:52.0735 1636 Browser - ok
12:25:52.0746 1636 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:25:52.0747 1636 Brserid - ok
12:25:52.0765 1636 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:25:52.0767 1636 BrSerWdm - ok
12:25:52.0786 1636 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:25:52.0787 1636 BrUsbMdm - ok
12:25:52.0811 1636 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:25:52.0812 1636 BrUsbSer - ok
12:25:52.0823 1636 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:25:52.0824 1636 BTHMODEM - ok
12:25:52.0829 1636 catchme - ok
12:25:52.0849 1636 [ 6c3a437fc873c6f6a4fc620b6888cb86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:25:52.0850 1636 cdfs - ok
12:25:52.0878 1636 [ 814acb9b8a55804d9878248b3c79f862 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
12:25:52.0879 1636 Cdr4_xp - ok
12:25:52.0900 1636 [ bce7213f8aa1bc9d5c08f81cb05e10a7 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
12:25:52.0900 1636 Cdralw2k - ok
12:25:52.0930 1636 [ 8d1866e61af096ae8b582454f5e4d303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:25:52.0931 1636 cdrom - ok
12:25:52.0958 1636 [ 0600e04315fe543802a379d5d23c8be0 ] CertPropSvc C:\Windows\System32\certprop.dll
12:25:52.0959 1636 CertPropSvc - ok
12:25:52.0977 1636 [ da8e0afc7baa226c538ef53ac2f90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:25:52.0978 1636 circlass - ok
12:25:53.0020 1636 [ 1b84fd0937d3b99af9ba38ddff3daf54 ] CLFS C:\Windows\system32\CLFS.sys
12:25:53.0036 1636 CLFS - ok
12:25:53.0061 1636 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:25:53.0063 1636 clr_optimization_v2.0.50727_32 - ok
12:25:53.0092 1636 [ 0fed59edb4a83ff17f1778827b88ab1a ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:25:53.0093 1636 CmBatt - ok
12:25:53.0104 1636 [ 45201046c776ffdaf3fc8a0029c581c8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:25:53.0105 1636 cmdide - ok
12:25:53.0116 1636 [ 722936afb75a7f509662b69b5632f48a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:25:53.0116 1636 Compbatt - ok
12:25:53.0126 1636 COMSysApp - ok
12:25:53.0139 1636 [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:25:53.0140 1636 crcdisk - ok
12:25:53.0151 1636 [ 22a7f883508176489f559ee745b5bf5d ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:25:53.0152 1636 Crusoe - ok
12:25:53.0188 1636 [ 1c26fb097170a2a91066d1e3a24366e3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:25:53.0189 1636 CryptSvc - ok
12:25:53.0228 1636 [ 7b981222a257d076885bffb66f19b7ce ] DcomLaunch C:\Windows\system32\rpcss.dll
12:25:53.0236 1636 DcomLaunch - ok
12:25:53.0268 1636 [ a7179de59ae269ab70345527894ccd7c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:25:53.0269 1636 DfsC - ok
12:25:53.0357 1636 [ e0d584aa76c7d845ba9f3a788260528f ] DFSR C:\Windows\system32\DFSR.exe
12:25:53.0374 1636 DFSR - ok
12:25:53.0396 1636 [ dc45739bc22d528d2b3e50d3f6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:25:53.0399 1636 Dhcp - ok
12:25:53.0428 1636 [ 841af4c4d41d3e3b2f244e976b0f7963 ] disk C:\Windows\system32\drivers\disk.sys
12:25:53.0429 1636 disk - ok
12:25:53.0454 1636 [ eecba1dd142bf8693c476be8f32fe253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:25:53.0456 1636 Dnscache - ok
12:25:53.0473 1636 [ 1f795d214820e496bf1124434a6db546 ] dot3svc C:\Windows\System32\dot3svc.dll
12:25:53.0475 1636 dot3svc - ok
12:25:53.0503 1636 [ 032c90ad677bf7b7a8013d6087c7a921 ] DPS C:\Windows\system32\dps.dll
12:25:53.0505 1636 DPS - ok
12:25:53.0516 1636 [ ee472cd2c01f6f8e8aa1fa06ffef61b6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:25:53.0516 1636 drmkaud - ok
12:25:53.0588 1636 [ 334988883de69adb27e2cf9f9715bbdb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:25:53.0594 1636 DXGKrnl - ok
12:25:53.0645 1636 [ 5c940a174dfb2c42b9f6ba6edc2baa0b ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
12:25:53.0647 1636 E100B - ok
12:25:53.0686 1636 [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:25:53.0687 1636 E1G60 - ok
12:25:53.0695 1636 EagleXNt - ok
12:25:53.0708 1636 [ 90a0a875642e18618010645311b4e89e ] EapHost C:\Windows\System32\eapsvc.dll
12:25:53.0710 1636 EapHost - ok
12:25:53.0735 1636 [ 0efc7531b936ee57fdb4e837664c509f ] Ecache C:\Windows\system32\drivers\ecache.sys
12:25:53.0737 1636 Ecache - ok
12:25:53.0789 1636 [ b4580122b0a7b263b6ee9acba69c8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:25:53.0792 1636 ehRecvr - ok
12:25:53.0819 1636 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
12:25:53.0820 1636 ehSched - ok
12:25:53.0837 1636 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
12:25:53.0838 1636 ehstart - ok
12:25:53.0862 1636 [ e8f3f21a71720c84bcf423b80028359f ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:25:53.0865 1636 elxstor - ok
12:25:53.0929 1636 [ 3226fda08988526e819e364e8cce4cee ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:25:53.0935 1636 EMDMgmt - ok
12:25:53.0959 1636 esgiguard - ok
12:25:53.0992 1636 [ 7b4971c3d43525175a4ea0d143e0412e ] EventSystem C:\Windows\system32\es.dll
12:25:53.0996 1636 EventSystem - ok
12:25:54.0043 1636 [ 84a317cb0b3954d3768cdcd018dbf670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:25:54.0043 1636 fastfat - ok
12:25:54.0059 1636 [ 63bdada84951b9c03e641800e176898a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:25:54.0060 1636 fdc - ok
12:25:54.0071 1636 [ e43bce1a77d6fd4ed5f8e0482b9e7df1 ] fdPHost C:\Windows\system32\fdPHost.dll
12:25:54.0073 1636 fdPHost - ok
12:25:54.0088 1636 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:25:54.0089 1636 FDResPub - ok
12:25:54.0106 1636 [ 65773d6115c037ffd7ef8280ae85eb9d ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:25:54.0107 1636 FileInfo - ok
12:25:54.0123 1636 [ c226dd0de060745f3e042f58dcf78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:25:54.0123 1636 Filetrace - ok
12:25:54.0138 1636 [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:25:54.0139 1636 flpydisk - ok
12:25:54.0151 1636 [ a6a8da7ae4d53394ab22ac3ab6d3f5d3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:25:54.0153 1636 FltMgr - ok
12:25:54.0196 1636 [ c9be08664611ddaf98e2331e9288b00b ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:25:54.0197 1636 FontCache3.0.0.0 - ok
12:25:54.0236 1636 [ 66a078591208baa210c7634b11eb392c ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:25:54.0236 1636 Fs_Rec - ok
12:25:54.0251 1636 [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:25:54.0252 1636 gagp30kx - ok
12:25:54.0275 1636 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:25:54.0275 1636 GEARAspiWDM - ok
12:25:54.0314 1636 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:25:54.0315 1636 GoogleDesktopManager-051210-111108 - ok
12:25:54.0351 1636 [ bcf6589c42d8f6a20f33ef133ffe0524 ] gpsvc C:\Windows\System32\gpsvc.dll
12:25:54.0357 1636 gpsvc - ok
12:25:54.0404 1636 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:25:54.0406 1636 gupdate - ok
12:25:54.0413 1636 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:25:54.0415 1636 gupdatem - ok
12:25:54.0446 1636 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:25:54.0448 1636 gusvc - ok
12:25:54.0480 1636 [ cb04c744be0a61b1d648faed182c3b59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:25:54.0482 1636 HdAudAddService - ok
12:25:54.0507 1636 [ 0db613a7e427b5663563677796fd5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:25:54.0508 1636 HDAudBus - ok
12:25:54.0531 1636 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:25:54.0531 1636 HidBth - ok
12:25:54.0547 1636 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
12:25:54.0548 1636 HidIr - ok
12:25:54.0580 1636 [ 8fa640195279ace21bea91396a0054fc ] hidserv C:\Windows\System32\hidserv.dll
12:25:54.0581 1636 hidserv - ok
12:25:54.0609 1636 [ 01e7971e9f4bd6ac6a08db52d0ea0418 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:25:54.0610 1636 HidUsb - ok
12:25:54.0635 1636 [ d40aa05e29bf6ed29b139f044b461e9b ] hkmsvc C:\Windows\system32\kmsvc.dll
12:25:54.0638 1636 hkmsvc - ok
12:25:54.0666 1636 [ df353b401001246853763c4b7aaa6f50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:25:54.0667 1636 HpCISSs - ok
12:25:54.0714 1636 [ 9efa5fec26cec696a66a891ac90b412d ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:25:54.0723 1636 HSF_DPV - ok
12:25:54.0749 1636 [ a3077d9ed7ff612a033536a6009dbea5 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
12:25:54.0751 1636 HSXHWBS2 - ok
12:25:54.0787 1636 [ ea24fe637d974a8a31bc650f478e3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:25:54.0791 1636 HTTP - ok
12:25:54.0807 1636 [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:25:54.0808 1636 i2omp - ok
12:25:54.0833 1636 [ 1c9ee072baa3abb460b91d7ee9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:25:54.0834 1636 i8042prt - ok
12:25:54.0877 1636 [ 8318e04a6455ced1020bcc5039b62cfa ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
12:25:54.0889 1636 ialm - ok
12:25:54.0916 1636 [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:25:54.0918 1636 iaStorV - ok
12:25:54.0979 1636 [ 7b630acaed64fef0c3e1cf255cb56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:25:54.0987 1636 idsvc - ok
12:25:55.0007 1636 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:25:55.0008 1636 iirsp - ok
12:25:55.0064 1636 [ 35662fe4d8622f667aa5a5568f7f1b40 ] IKEEXT C:\Windows\System32\ikeext.dll
12:25:55.0080 1636 IKEEXT - ok
12:25:55.0134 1636 [ 04bef1c4aa990e0d5851c7532fc8642c ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:25:55.0149 1636 IntcAzAudAddService - ok
12:25:55.0172 1636 [ 97469037714070e45194ed318d636401 ] intelide C:\Windows\system32\drivers\intelide.sys
12:25:55.0173 1636 intelide - ok
12:25:55.0190 1636 [ ce44cc04262f28216dd4341e9e36a16f ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:25:55.0191 1636 intelppm - ok
12:25:55.0210 1636 [ 88cf5281ed9880d74dc9011cf8b5262d ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:25:55.0213 1636 IPBusEnum - ok
12:25:55.0226 1636 [ 880c6f86cc3f551b8fea2c11141268c0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:25:55.0227 1636 IpFilterDriver - ok
12:25:55.0263 1636 [ ecc9ad72cfc4ab41cf6a9bcc11f9fef6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:25:55.0268 1636 iphlpsvc - ok
12:25:55.0277 1636 IpInIp - ok
12:25:55.0312 1636 [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:25:55.0314 1636 IPMIDRV - ok
12:25:55.0331 1636 [ 10077c35845101548037df04fd1a420b ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:25:55.0332 1636 IPNAT - ok
12:25:55.0369 1636 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:25:55.0376 1636 iPod Service - ok
12:25:55.0390 1636 [ a82f328f4792304184642d6d397bb1e3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:25:55.0391 1636 IRENUM - ok
12:25:55.0404 1636 [ 350fca7e73cf65bcef43fae1e4e91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:25:55.0405 1636 isapnp - ok
12:25:55.0435 1636 [ 4dca456d4d5723f8fa9c6760d240b0df ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:25:55.0437 1636 iScsiPrt - ok
12:25:55.0449 1636 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:25:55.0450 1636 iteatapi - ok
12:25:55.0472 1636 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:25:55.0473 1636 iteraid - ok
12:25:55.0487 1636 [ b076b2ab806b3f696dab21375389101c ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:25:55.0488 1636 kbdclass - ok
12:25:55.0496 1636 [ d2600cb17b7408b4a83f231dc9a11ac3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:25:55.0497 1636 kbdhid - ok
12:25:55.0519 1636 [ c731b1fe449d4e9cea358c9d55b69be9 ] KeyIso C:\Windows\system32\lsass.exe
12:25:55.0522 1636 KeyIso - ok
12:25:55.0545 1636 [ 0a829977b078dea11641fc2af87ceade ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:25:55.0548 1636 KSecDD - ok
12:25:55.0578 1636 [ 45c537fe5dde9a0146aeff76e615737d ] KtmRm C:\Windows\system32\msdtckrm.dll
12:25:55.0595 1636 KtmRm - ok
12:25:55.0624 1636 [ 53d1482fc1aa36ac015a85e6cf2146bd ] LanmanServer C:\Windows\System32\srvsvc.dll
12:25:55.0632 1636 LanmanServer - ok
12:25:55.0655 1636 [ 435f0f6dc87a4b5da78f1fa309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:25:55.0673 1636 LanmanWorkstation - ok
12:25:55.0700 1636 [ fd015b4f95daa2b712f0e372a116fbad ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:25:55.0701 1636 lltdio - ok
12:25:55.0728 1636 [ 7450dbcf754391dd6363fffd5ef0e789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:25:55.0733 1636 lltdsvc - ok
12:25:55.0744 1636 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:25:55.0747 1636 lmhosts - ok
12:25:55.0767 1636 [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:25:55.0768 1636 LSI_FC - ok
12:25:55.0777 1636 [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:25:55.0779 1636 LSI_SAS - ok
12:25:55.0793 1636 [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:25:55.0794 1636 LSI_SCSI - ok
12:25:55.0812 1636 [ 42885bb44b6e065b8575a8dd6c430c52 ] luafv C:\Windows\system32\drivers\luafv.sys
12:25:55.0813 1636 luafv - ok
12:25:55.0956 1636 [ 6c42815dd57e397f0cd988304b5eb4b3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
12:25:55.0995 1636 LVUVC - ok
12:25:56.0027 1636 [ e93c1ad58e88a0846eaee10671c2a8f3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:25:56.0030 1636 Mcx2Svc - ok
12:25:56.0050 1636 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:25:56.0050 1636 mdmxsdk - ok
12:25:56.0093 1636 [ d153b14fc6598eae8422a2037553adce ] megasas C:\Windows\system32\drivers\megasas.sys
12:25:56.0093 1636 megasas - ok
12:25:56.0109 1636 [ 9dfa3a459af0954aa85b4f7622ad87bb ] MMCSS C:\Windows\system32\mmcss.dll
12:25:56.0109 1636 MMCSS - ok
12:25:56.0118 1636 [ 21755967298a46fb6adfec9db6012211 ] Modem C:\Windows\system32\drivers\modem.sys
12:25:56.0120 1636 Modem - ok
12:25:56.0135 1636 [ 7446e104a5fe5987ca9e4983fbac4f97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:25:56.0136 1636 monitor - ok
12:25:56.0155 1636 [ 5fba13c1a1841b0885d316ed3589489d ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:25:56.0156 1636 mouclass - ok
12:25:56.0170 1636 [ b569b5c5d3bde545df3a6af512cccdba ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:25:56.0171 1636 mouhid - ok
12:25:56.0189 1636 [ 01f1e5a3e4877c931cbb31613fec16a6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:25:56.0191 1636 MountMgr - ok
12:25:56.0227 1636 [ fee0baded54222e9f1dae9541212aab1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:25:56.0229 1636 MpFilter - ok
12:25:56.0271 1636 [ 583a41f26278d9e0ea548163d6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:25:56.0272 1636 mpio - ok
12:25:56.0300 1636 [ 2c3489660d4a8d514c123c3f0d67df46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
12:25:56.0301 1636 MpNWMon - ok
12:25:56.0331 1636 [ 6e7a7f0c1193ee5648443fe2d4b789ec ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:25:56.0332 1636 mpsdrv - ok
12:25:56.0356 1636 [ 563ed845885c6a7c09a7715d8bd0585c ] MpsSvc C:\Windows\system32\mpssvc.dll
12:25:56.0365 1636 MpsSvc - ok
12:25:56.0390 1636 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:25:56.0391 1636 Mraid35x - ok
12:25:56.0408 1636 [ 1d8828b98ee309d65e006f0829e280e5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:25:56.0410 1636 MRxDAV - ok
12:25:56.0427 1636 [ 8af705ce1bb907932157fab821170f27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:25:56.0428 1636 mrxsmb - ok
12:25:56.0451 1636 [ 47e13ab23371be3279eef22bbfa2c1be ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:25:56.0454 1636 mrxsmb10 - ok
12:25:56.0465 1636 [ 90b3fc7bd6b3d7ee7635debba2187f66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:25:56.0466 1636 mrxsmb20 - ok
12:25:56.0483 1636 [ 742aed7939e734c36b7e8d6228ce26b7 ] msahci C:\Windows\system32\drivers\msahci.sys
12:25:56.0484 1636 msahci - ok
12:25:56.0499 1636 [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:25:56.0500 1636 msdsm - ok
12:25:56.0520 1636 [ bc64a92d821efea8bab8e8caf1b668bc ] MSDTC C:\Windows\System32\msdtc.exe
12:25:56.0523 1636 MSDTC - ok
12:25:56.0541 1636 [ 729eafefd4e7417165f353a18dbe947d ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:25:56.0543 1636 Msfs - ok
12:25:56.0558 1636 [ 5f454a16a5146cd91a176d70f0cfa3ec ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:25:56.0560 1636 msisadrv - ok
12:25:56.0586 1636 [ 8acf956d9154e893e789881430c12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:25:56.0590 1636 MSiSCSI - ok
12:25:56.0597 1636 msiserver - ok
12:25:56.0613 1636 [ 892cedefa7e0ffe7be8da651b651d047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:25:56.0614 1636 MSKSSRV - ok
12:25:56.0662 1636 [ cfce43b70ca0cc4dcc8adb62b792b173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:25:56.0663 1636 MsMpSvc - ok
12:25:56.0673 1636 [ ae2cb1da69b2676b4cee2a501af5871c ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:25:56.0675 1636 MSPCLOCK - ok
12:25:56.0690 1636 [ f910da84fa90c44a3addb7cd874463fd ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:25:56.0692 1636 MSPQM - ok
12:25:56.0713 1636 [ 84571c0ae07647ba38d493f5f0015df7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:25:56.0714 1636 MsRPC - ok
12:25:56.0736 1636 [ 4385c80ede885e25492d408cad91bd6f ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:25:56.0737 1636 mssmbios - ok
12:25:56.0748 1636 [ c826dd1373f38afd9ca46ec3c436a14e ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:25:56.0750 1636 MSTEE - ok
12:25:56.0765 1636 [ fa7aa70050cf5e2d15de00941e5665e5 ] Mup C:\Windows\system32\Drivers\mup.sys
12:25:56.0766 1636 Mup - ok
12:25:56.0802 1636 [ 1cdbb5d002fe2bc5300aa20550d8a52e ] napagent C:\Windows\system32\qagentRT.dll
12:25:56.0807 1636 napagent - ok
12:25:56.0831 1636 [ 6da4a0fc7c0e83df0cb3cfd0a514c3bc ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:25:56.0833 1636 NativeWifiP - ok
12:25:56.0888 1636 [ b498a14133bd09ad0817590ace4470ad ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:25:56.0896 1636 NBService - ok
12:25:56.0928 1636 [ 227c11e1e7cf6ef8afb2a238d209760c ] NDIS C:\Windows\system32\drivers\ndis.sys
12:25:56.0933 1636 NDIS - ok
12:25:56.0956 1636 [ 81659cdcbd0f9a9e07e6878ad8c78d3f ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:25:56.0957 1636 NdisTapi - ok
12:25:56.0980 1636 [ 5de5ee546bf40838ebe0e01cb629df64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:25:56.0981 1636 Ndisuio - ok
12:25:56.0995 1636 [ 397402adcbb8946223a1950101f6cd94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:25:56.0997 1636 NdisWan - ok
12:25:57.0019 1636 [ 1b24fa907af283199a81b3bb37e5e526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:25:57.0020 1636 NDProxy - ok
12:25:57.0032 1636 [ 356dbb9f98e8dc1028dd3092fceeb877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:25:57.0033 1636 NetBIOS - ok
12:25:57.0052 1636 [ e3a168912e7eefc3bd3b814720d68b41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:25:57.0054 1636 netbt - ok
12:25:57.0067 1636 [ c731b1fe449d4e9cea358c9d55b69be9 ] Netlogon C:\Windows\system32\lsass.exe
12:25:57.0071 1636 Netlogon - ok
12:25:57.0129 1636 [ 90a4dae28b94497f83bea0f2a3b77092 ] Netman C:\Windows\System32\netman.dll
12:25:57.0129 1636 Netman - ok
12:25:57.0130 1636 [ 7c5c3d9ceee838856b828ab6f98a2857 ] netprofm C:\Windows\System32\netprofm.dll
12:25:57.0132 1636 netprofm - ok
12:25:57.0163 1636 [ 0ad5876ef4e9eb77c8f93eb5b2fff386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:25:57.0164 1636 NetTcpPortSharing - ok
12:25:57.0267 1636 [ 6e9edc1020b319e7676387b8cdf2398c ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
12:25:57.0293 1636 NETw2v32 - ok
12:25:57.0314 1636 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:25:57.0315 1636 nfrd960 - ok
12:25:57.0340 1636 [ c424117a562f2de37a42266894c79aeb ] NlaSvc C:\Windows\System32\nlasvc.dll
12:25:57.0343 1636 NlaSvc - ok
12:25:57.0394 1636 [ a328a46d87bb92ce4d8a4528e9d84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:25:57.0397 1636 NMIndexingService - ok
12:25:57.0412 1636 [ 4f9832beb9fafd8ceb0e541f1323b26e ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:25:57.0414 1636 Npfs - ok
12:25:57.0446 1636 [ 23b8201a363de0e649fc75ee9874dee2 ] nsi C:\Windows\system32\nsisvc.dll
12:25:57.0449 1636 nsi - ok
12:25:57.0465 1636 [ b488dfec274de1fc9d653870ef2587be ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:25:57.0466 1636 nsiproxy - ok
12:25:57.0512 1636 [ 37430aa7a66d7a63407adc2c0d05e9f6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:25:57.0522 1636 Ntfs - ok
12:25:57.0554 1636 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:25:57.0554 1636 ntrigdigi - ok
12:25:57.0567 1636 [ ec5efb3c60f1b624648344a328bce596 ] Null C:\Windows\system32\drivers\Null.sys
12:25:57.0569 1636 Null - ok
12:25:57.0584 1636 [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:25:57.0586 1636 nvraid - ok
12:25:57.0598 1636 [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:25:57.0599 1636 nvstor - ok
12:25:57.0614 1636 [ 07c186427eb8fcc3d8d7927187f260f7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:25:57.0615 1636 nv_agp - ok
12:25:57.0624 1636 NwlnkFlt - ok
12:25:57.0634 1636 NwlnkFwd - ok
12:25:57.0702 1636 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:25:57.0706 1636 odserv - ok
12:25:57.0724 1636 [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:25:57.0725 1636 ohci1394 - ok
12:25:57.0756 1636 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:25:57.0757 1636 ose - ok
12:25:57.0796 1636 [ 016d01d3b8fb976a193c7434bed8dccf ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:25:57.0822 1636 p2pimsvc - ok
12:25:57.0846 1636 [ 016d01d3b8fb976a193c7434bed8dccf ] p2psvc C:\Windows\system32\p2psvc.dll
12:25:57.0854 1636 p2psvc - ok
12:25:57.0884 1636 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:25:57.0886 1636 Parport - ok
12:25:57.0897 1636 [ 555a5b2c8022983bc7467bc925b222ee ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:25:57.0898 1636 partmgr - ok
12:25:57.0915 1636 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:25:57.0916 1636 Parvdm - ok
12:25:57.0935 1636 [ d8c5c215c932233a4f1d7f368f4e4e65 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:25:57.0939 1636 PcaSvc - ok
12:25:57.0950 1636 [ 1085d75657807e0e8b32f9e19a1647c3 ] pci C:\Windows\system32\drivers\pci.sys
12:25:57.0952 1636 pci - ok
12:25:57.0974 1636 [ caba65e9c41cd2900d4c92d4f825c5f8 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:25:57.0976 1636 pciide - ok
12:25:57.0996 1636 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:25:57.0998 1636 pcmcia - ok
12:25:58.0039 1636 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:25:58.0048 1636 PEAUTH - ok
12:25:58.0154 1636 [ cd05a38d166beade18030bafc0c0a939 ] pla C:\Windows\system32\pla.dll
12:25:58.0170 1636 pla - ok
12:25:58.0196 1636 [ 747bb4c31f3b6e8d1b5ed0ad61518cb5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:25:58.0205 1636 PlugPlay - ok
12:25:58.0237 1636 [ 016d01d3b8fb976a193c7434bed8dccf ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:25:58.0246 1636 PNRPAutoReg - ok
12:25:58.0280 1636 [ 016d01d3b8fb976a193c7434bed8dccf ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:25:58.0289 1636 PNRPsvc - ok
12:25:58.0336 1636 [ 5ebdec613bd377ce9a85382be5c6b83b ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:25:58.0353 1636 PolicyAgent - ok
12:25:58.0413 1636 [ c04dec5ace67c5247b150c4223970bb7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:25:58.0414 1636 PptpMiniport - ok
12:25:58.0475 1636 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
12:25:58.0476 1636 Processor - ok
12:25:58.0534 1636 [ 213112e152e68f0e4705e36f052a2880 ] ProfSvc C:\Windows\system32\profsvc.dll
12:25:58.0583 1636 ProfSvc - ok
12:25:58.0634 1636 [ c731b1fe449d4e9cea358c9d55b69be9 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:25:58.0636 1636 ProtectedStorage - ok
12:25:58.0688 1636 [ 2c8bae55247c4e09352e870292e4d1ab ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:25:58.0689 1636 PSched - ok
12:25:58.0742 1636 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:25:58.0750 1636 ql2300 - ok
12:25:58.0799 1636 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:25:58.0801 1636 ql40xx - ok
12:25:58.0823 1636 [ ca61bdfd3713a7ce75f2812afc431594 ] QWAVE C:\Windows\system32\qwave.dll
12:25:58.0848 1636 QWAVE - ok
12:25:58.0904 1636 [ d2b3e2b7426dc23e185fbc73c8936c12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:25:58.0929 1636 QWAVEdrv - ok
12:25:59.0031 1636 [ e642b131fb74caf4bb8a014f31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
12:25:59.0050 1636 R300 - ok
12:25:59.0116 1636 [ fbe824717b9537383730c634d06ccfb0 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:25:59.0118 1636 RapiMgr - ok
12:25:59.0159 1636 [ bd7b30f55b3649506dd8b3d38f571d2a ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:25:59.0159 1636 RasAcd - ok
12:25:59.0175 1636 [ f14f4aab9f54d099fe99192bdb100ac9 ] RasAuto C:\Windows\System32\rasauto.dll
12:25:59.0175 1636 RasAuto - ok
12:25:59.0185 1636 [ 68b0019fee429ec49d29017af937e482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:25:59.0187 1636 Rasl2tp - ok
12:25:59.0211 1636 [ 11d65e29bc9d1e4114d18fe68194394c ] RasMan C:\Windows\System32\rasmans.dll
12:25:59.0218 1636 RasMan - ok
12:25:59.0252 1636 [ ccf4e9c6cbbac81437f88cb2ae0b6c96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:25:59.0253 1636 RasPppoe - ok
12:25:59.0268 1636 [ 54129c5d9581bbec8bd1ebd3ba813f47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:25:59.0271 1636 rdbss - ok
12:25:59.0279 1636 [ 794585276b5d7fca9f3fc15543f9f0b9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:25:59.0282 1636 RDPCDD - ok
12:25:59.0314 1636 [ e8bd98d46f2ed77132ba927fccb47d8b ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:25:59.0316 1636 rdpdr - ok
12:25:59.0324 1636 [ 980b56e2e273e19d3a9d72d5c420f008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:25:59.0325 1636 RDPENCDD - ok
12:25:59.0353 1636 [ 8830e790a74a96605faba74f9665bb3c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:25:59.0355 1636 RDPWD - ok
12:25:59.0380 1636 [ 6c1a43c589ee8011a1ebfd51c01b77ce ] RemoteAccess C:\Windows\System32\mprdim.dll
12:25:59.0384 1636 RemoteAccess - ok
12:25:59.0409 1636 [ 9a043808667c8c1893da7275af373f0e ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:25:59.0412 1636 RemoteRegistry - ok
12:25:59.0445 1636 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
12:25:59.0447 1636 RpcLocator - ok
12:25:59.0476 1636 [ 7b981222a257d076885bffb66f19b7ce ] RpcSs C:\Windows\system32\rpcss.dll
12:25:59.0484 1636 RpcSs - ok
12:25:59.0507 1636 [ 97e939d2128fec5d5a3e6e79b290a2f4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:25:59.0508 1636 rspndr - ok
12:25:59.0525 1636 [ c731b1fe449d4e9cea358c9d55b69be9 ] SamSs C:\Windows\system32\lsass.exe
12:25:59.0527 1636 SamSs - ok
12:25:59.0546 1636 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:25:59.0547 1636 sbp2port - ok
12:25:59.0578 1636 [ 565b4b9e5ad2f2f18a4f8aafa6c06bbb ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:25:59.0583 1636 SCardSvr - ok
12:25:59.0623 1636 [ 886cec884b5be29ab9828b8ab46b11f7 ] Schedule C:\Windows\system32\schedsvc.dll
12:25:59.0633 1636 Schedule - ok
12:25:59.0666 1636 [ 3b68015683c27cb00c7a6b60a37cbcfd ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
12:25:59.0667 1636 SCMNdisP - ok
12:25:59.0689 1636 [ 0600e04315fe543802a379d5d23c8be0 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:25:59.0690 1636 SCPolicySvc - ok
12:25:59.0726 1636 [ 4339a2585708c7d9b0c0ce5aad3dd6ff ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:25:59.0728 1636 sdbus - ok
12:25:59.0760 1636 [ f7b6bf02240d0a764adf8c8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:25:59.0765 1636 SDRSVC - ok
12:25:59.0781 1636 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:25:59.0782 1636 secdrv - ok
12:25:59.0807 1636 [ 8388c4133ddbe62ad7bc3ec9f14271ed ] seclogon C:\Windows\system32\seclogon.dll
12:25:59.0811 1636 seclogon - ok
12:25:59.0838 1636 [ 34350ae2c1d33d21c7305f861bd8dad8 ] SENS C:\Windows\system32\sens.dll
12:25:59.0842 1636 SENS - ok
12:25:59.0869 1636 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:25:59.0871 1636 Serenum - ok
12:25:59.0908 1636 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:25:59.0909 1636 Serial - ok
12:25:59.0920 1636 [ 450accd77ec5cea720c1cdb9e26b953b ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:25:59.0922 1636 sermouse - ok
12:25:59.0965 1636 [ 78878235da4df0d116e86837a0a21df8 ] SessionEnv C:\Windows\system32\sessenv.dll
12:25:59.0970 1636 SessionEnv - ok
12:25:59.0984 1636 [ 103b79418da647736ee95645f305f68a ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:25:59.0986 1636 sffdisk - ok
12:26:00.0004 1636 [ 8fd08a310645fe872eeec6e08c6bf3ee ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:26:00.0004 1636 sffp_mmc - ok
12:26:00.0022 1636 [ 9cfa05fcfcb7124e69cfc812b72f9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:26:00.0022 1636 sffp_sd - ok
12:26:00.0053 1636 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:26:00.0054 1636 sfloppy - ok
12:26:00.0078 1636 [ 9a82bf4c90b00a63150a606a1e2fd82b ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:26:00.0085 1636 SharedAccess - ok
12:26:00.0106 1636 [ b264dfa21677728613267fe63802b332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:26:00.0111 1636 ShellHWDetection - ok
12:26:00.0130 1636 [ d2a595d6eebeeaf4334f8e50efbc9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:26:00.0131 1636 sisagp - ok
12:26:00.0145 1636 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:26:00.0146 1636 SiSRaid2 - ok
12:26:00.0185 1636 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:26:00.0185 1636 SiSRaid4 - ok
12:26:00.0265 1636 [ a1dcd30534835cb67733ad00175125a6 ] slsvc C:\Windows\system32\SLsvc.exe
12:26:00.0292 1636 slsvc - ok
12:26:00.0314 1636 [ 56da296e7b376a727e7bdc5ac7fbee02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:26:00.0318 1636 SLUINotify - ok
12:26:00.0337 1636 [ ac0d90738adb51a6fd12ff00874a2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:26:00.0338 1636 Smb - ok
12:26:00.0371 1636 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:26:00.0374 1636 SNMPTRAP - ok
12:26:00.0409 1636 [ 426f9b029aa9162ceccf65369457d046 ] spldr C:\Windows\system32\drivers\spldr.sys
12:26:00.0410 1636 spldr - ok
12:26:00.0432 1636 [ da612ef2556776df2630b68bf2d48935 ] Spooler C:\Windows\System32\spoolsv.exe
12:26:00.0436 1636 Spooler - ok
12:26:00.0463 1636 [ 038579c35f7cad4a4bbf735dbf83277d ] srv C:\Windows\system32\DRIVERS\srv.sys
12:26:00.0465 1636 srv - ok
12:26:00.0478 1636 [ 6971a757af8cb5e2cbcbb76cc530db6c ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:26:00.0480 1636 srv2 - ok
12:26:00.0492 1636 [ 9e1a4603b874eebce0298113951abefb ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:26:00.0493 1636 srvnet - ok
12:26:00.0526 1636 [ 8d3e4baff8b3997138c38eb1b600519a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:26:00.0530 1636 SSDPSRV - ok
12:26:00.0565 1636 [ a941e099ef46e3cc12f898cbe1c39910 ] stisvc C:\Windows\System32\wiaservc.dll
12:26:00.0572 1636 stisvc - ok
12:26:00.0599 1636 [ 1379bdb336f8158c176a465e30759f57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:26:00.0600 1636 swenum - ok
12:26:00.0626 1636 [ 749ada8d6c18a08adfede69cbf5db2e0 ] swprv C:\Windows\System32\swprv.dll
12:26:00.0635 1636 swprv - ok
12:26:00.0646 1636 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:26:00.0647 1636 Symc8xx - ok
12:26:00.0662 1636 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:26:00.0663 1636 Sym_hi - ok
12:26:00.0680 1636 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:26:00.0681 1636 Sym_u3 - ok
12:26:00.0711 1636 [ 8f2b5fede18bd3c4c926cbf88e6f1264 ] SysMain C:\Windows\system32\sysmain.dll
12:26:00.0729 1636 SysMain - ok
12:26:00.0754 1636 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:26:00.0759 1636 TabletInputService - ok
12:26:00.0780 1636 [ ef3dd33c740fc2f82e7e4622f1c49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:26:00.0786 1636 TapiSrv - ok
12:26:00.0799 1636 [ 68fa52794ae9acc61bde16fe0956b414 ] TBS C:\Windows\System32\tbssvc.dll
12:26:00.0803 1636 TBS - ok
12:26:00.0835 1636 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:26:00.0846 1636 Tcpip - ok
12:26:00.0878 1636 [ 4a82fa8f0df67aa354580c3faaf8bde3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:26:00.0886 1636 Tcpip6 - ok
12:26:00.0911 1636 [ 5ce0c4a7b12d0067dad527d72b68c726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:26:00.0913 1636 tcpipreg - ok
12:26:00.0929 1636 [ 964248aef49c31fa6a93201a73ffaf50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:26:00.0931 1636 TDPIPE - ok
12:26:00.0940 1636 [ 7d2c1ae1648a60fce4aa0f7982e419d3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:26:00.0942 1636 TDTCP - ok
12:26:00.0960 1636 [ ab4fde8af4a0270a46a001c08cbce1c2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:26:00.0962 1636 tdx - ok
12:26:00.0976 1636 [ 2c549bd9dd091fbfaa0a2a48e82ec2fb ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:26:00.0977 1636 TermDD - ok
12:26:01.0013 1636 [ fad71c1e8e4047b154e899ae31eb8caa ] TermService C:\Windows\System32\termsrv.dll
12:26:01.0019 1636 TermService - ok
12:26:01.0039 1636 [ b264dfa21677728613267fe63802b332 ] Themes C:\Windows\system32\shsvcs.dll
12:26:01.0043 1636 Themes - ok
12:26:01.0058 1636 [ 9dfa3a459af0954aa85b4f7622ad87bb ] THREADORDER C:\Windows\system32\mmcss.dll
12:26:01.0060 1636 THREADORDER - ok
12:26:01.0082 1636 [ 6bba0582c0025d43729a1112d3b57897 ] TrkWks C:\Windows\System32\trkwks.dll
12:26:01.0087 1636 TrkWks - ok
12:26:01.0125 1636 [ 34e388a395fedba1d0511ed39bbf4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:26:01.0126 1636 TrustedInstaller - ok
12:26:01.0159 1636 [ 29f0eca726f0d51f7e048bdb0b372f29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:26:01.0160 1636 tssecsrv - ok
12:26:01.0207 1636 [ 65e953bc0084d44498b51f59784d2a82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:26:01.0207 1636 tunmp - ok
12:26:01.0223 1636 [ 4a39bda5e0fd30bdf4884f9d33ae6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:26:01.0223 1636 tunnel - ok
12:26:01.0233 1636 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:26:01.0235 1636 uagp35 - ok
12:26:01.0265 1636 [ 6348da98707ceda8a0dfb05820e17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:26:01.0268 1636 udfs - ok
12:26:01.0303 1636 [ 24a333f4f14dcfb6ff6d5a1b9e5d79dd ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:26:01.0306 1636 UI0Detect - ok
12:26:01.0321 1636 [ 75e6890ebfce0841d3291b02e7a8bdb0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:26:01.0322 1636 uliagpkx - ok
12:26:01.0343 1636 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:26:01.0345 1636 uliahci - ok
12:26:01.0361 1636 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:26:01.0363 1636 UlSata - ok
12:26:01.0382 1636 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:26:01.0384 1636 ulsata2 - ok
12:26:01.0402 1636 [ 3fb78f1d1dd86d87bececd9dffa24dd9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:26:01.0403 1636 umbus - ok
12:26:01.0430 1636 [ 8b802b483cbde06f62dbc04dc7afaf8e ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:26:01.0434 1636 UMVPFSrv - ok
12:26:01.0470 1636 [ 8eb871a3deb6b3d5a85eb6ddfc390b59 ] upnphost C:\Windows\System32\upnphost.dll
12:26:01.0475 1636 upnphost - ok
12:26:01.0507 1636 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:26:01.0508 1636 USBAAPL - ok
12:26:01.0536 1636 [ f6bf998ae33e3fb6c7d27f0560f1173f ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:26:01.0537 1636 usbaudio - ok
12:26:01.0561 1636 [ 51480458e6e9863f856ebf35aae801b4 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:26:01.0562 1636 usbccgp - ok
12:26:01.0590 1636 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:26:01.0591 1636 usbcir - ok
12:26:01.0620 1636 [ 11fa3acbf0de0286829c69e01fe705e4 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:26:01.0621 1636 usbehci - ok
12:26:01.0649 1636 [ 6a7858a38b5105731e219e7c6a238730 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:26:01.0651 1636 usbhub - ok
12:26:01.0662 1636 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:26:01.0663 1636 usbohci - ok
12:26:01.0673 1636 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:26:01.0674 1636 usbprint - ok
12:26:01.0705 1636 [ 7887ce56934e7f104e98c975f47353c5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:26:01.0706 1636 USBSTOR - ok
12:26:01.0718 1636 [ 4013315fed70a2d293b998cbba4022ee ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:26:01.0720 1636 usbuhci - ok
12:26:01.0742 1636 [ 0a6b81f01bc86399482e27e6fda7b33b ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:26:01.0744 1636 usbvideo - ok
12:26:01.0768 1636 [ db4721908daa0383ee82ffe430aebae1 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:26:01.0770 1636 usb_rndisx - ok
12:26:01.0793 1636 [ f79d0d7c9004474cb42746d9b2c30a2b ] UxSms C:\Windows\System32\uxsms.dll
12:26:01.0796 1636 UxSms - ok
12:26:01.0820 1636 [ c9d0bafee0d0a2681f048ca61bc0da96 ] vds C:\Windows\System32\vds.exe
12:26:01.0828 1636 vds - ok
12:26:01.0857 1636 [ 7d92be0028ecdedec74617009084b5ef ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:26:01.0858 1636 vga - ok
12:26:01.0874 1636 [ 17a8f877314e4067f8c8172cc6d9101c ] VgaSave C:\Windows\System32\drivers\vga.sys
12:26:01.0875 1636 VgaSave - ok
12:26:01.0893 1636 [ 045d9961e591cf0674a920b6ba3ba5cb ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:26:01.0894 1636 viaagp - ok
12:26:01.0914 1636 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:26:01.0915 1636 ViaC7 - ok
12:26:01.0925 1636 [ fd2e3175fcada350c7ab4521dca187ec ] viaide C:\Windows\system32\drivers\viaide.sys
12:26:01.0927 1636 viaide - ok
12:26:01.0944 1636 [ 103e84c95832d0ed93507997cc7b54e8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:26:01.0945 1636 volmgr - ok
12:26:01.0965 1636 [ 294da8d3f965f6a8db934a83c7b461ff ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:26:01.0968 1636 volmgrx - ok
12:26:01.0996 1636 [ 80dc0c9bcb579ed9815001a4d37cbfd5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:26:01.0998 1636 volsnap - ok
12:26:02.0014 1636 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:26:02.0016 1636 vsmraid - ok
12:26:02.0066 1636 [ e0e29d9ef2524abd11749c7c2fd7f607 ] VSS C:\Windows\system32\vssvc.exe
12:26:02.0077 1636 VSS - ok
12:26:02.0098 1636 [ 62b0d0f6f5580d9d0dfa5e0b466ff2ed ] W32Time C:\Windows\system32\w32time.dll
12:26:02.0106 1636 W32Time - ok
12:26:02.0132 1636 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:26:02.0133 1636 WacomPen - ok
12:26:02.0157 1636 [ 6798c1209a53b5a0ded8d437c45145ff ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:26:02.0158 1636 Wanarp - ok
12:26:02.0164 1636 [ 6798c1209a53b5a0ded8d437c45145ff ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:26:02.0165 1636 Wanarpv6 - ok
12:26:02.0197 1636 [ 3350874e51132ea86d153c1b566e261d ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:26:02.0200 1636 WcesComm - ok
12:26:02.0252 1636 [ c1b19162e0509ceab4cdf664e139d956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:26:02.0253 1636 wcncsvc - ok
12:26:02.0262 1636 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:26:02.0266 1636 WcsPlugInService - ok
12:26:02.0290 1636 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
12:26:02.0292 1636 Wd - ok
12:26:02.0329 1636 [ 6d77ff2224d2d3984760acbdf4024a7b ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:26:02.0334 1636 Wdf01000 - ok
12:26:02.0368 1636 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:26:02.0372 1636 WdiServiceHost - ok
12:26:02.0385 1636 [ 2a424b89b14ef17a3d06bcb5a8f79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:26:02.0389 1636 WdiSystemHost - ok
12:26:02.0410 1636 [ 01e41c264eedcb827820a1909162579f ] WebClient C:\Windows\System32\webclnt.dll
12:26:02.0417 1636 WebClient - ok
12:26:02.0441 1636 [ 9cf67ff7f8d34cbf115d0c278b9f74aa ] Wecsvc C:\Windows\system32\wecsvc.dll
12:26:02.0447 1636 Wecsvc - ok
12:26:02.0461 1636 [ b68cab45db1dab59d92acadfad6364a8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:26:02.0464 1636 wercplsupport - ok
12:26:02.0484 1636 [ 36ba0707680ef4236fd752bee982cc25 ] WerSvc C:\Windows\System32\WerSvc.dll
12:26:02.0491 1636 WerSvc - ok
12:26:02.0522 1636 [ cf27edac75c87f2b776d9218f02f8301 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:26:02.0529 1636 winachsf - ok
12:26:02.0574 1636 [ 0d5ad0e71ff5ddac5dd2f443b499abd0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:26:02.0580 1636 WinDefend - ok
12:26:02.0589 1636 WinHttpAutoProxySvc - ok
12:26:02.0648 1636 [ 38a7b89de4e3417c122317949667fdd8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:26:02.0652 1636 Winmgmt - ok
12:26:02.0685 1636 [ 3f6823040030c3e4da1cf11cd40b7534 ] WinRM C:\Windows\system32\WsmSvc.dll
12:26:02.0702 1636 WinRM - ok
12:26:02.0732 1636 [ 7640acea41348bfef34b76e245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:26:02.0750 1636 Wlansvc - ok
12:26:02.0770 1636 [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:26:02.0771 1636 WmiAcpi - ok
12:26:02.0799 1636 [ a279323bee5fffafda222910bce92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:26:02.0801 1636 wmiApSrv - ok
12:26:02.0861 1636 [ acb2e63d50157e3ea7140f29d9e76a48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:26:02.0879 1636 WMPNetworkSvc - ok
12:26:02.0911 1636 [ 3d3b3b80c12abe506f56930c46422c28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:26:02.0915 1636 WPCSvc - ok
12:26:02.0931 1636 [ c24844a1d0d9528b19d5bc266b8cd572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:26:02.0935 1636 WPDBusEnum - ok
12:26:02.0953 1636 [ 2d27171b16a577ef14c1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:26:02.0954 1636 WpdUsb - ok
12:26:02.0981 1636 [ 84620aecdcfd2a7a14e6263927d8c0ed ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:26:02.0982 1636 ws2ifsl - ok
12:26:02.0998 1636 [ f97cbb919af6d0a6643d1a59c15014d1 ] wscsvc C:\Windows\system32\wscsvc.dll
12:26:03.0003 1636 wscsvc - ok
12:26:03.0010 1636 WSearch - ok
12:26:03.0058 1636 [ d0697918519a4cf059c2c7e3b9e93a53 ] WSWNA3100 C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
12:26:03.0061 1636 WSWNA3100 - ok
12:26:03.0132 1636 [ 6298277b73c77fa99106b271a7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
12:26:03.0198 1636 wuauserv - ok
12:26:03.0223 1636 [ a2aafcc8a204736296d937c7c545b53f ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:26:03.0225 1636 WUDFRd - ok
12:26:03.0270 1636 [ db5bf5aab72b1b99b5331231d09ebb26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:26:03.0270 1636 wudfsvc - ok
12:26:03.0287 1636 [ 5a7ff9a18ff6d7e0527fe3abf9204ef8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:26:03.0287 1636 XAudio - ok
12:26:03.0314 1636 [ 28dc5d626e036a75a572556f0a6eb1f6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:26:03.0318 1636 XAudioService - ok
12:26:03.0340 1636 ================ Scan global ===============================
12:26:03.0367 1636 (8cd98a8ec9cadaf4e051cdcac15c96c4) C:\Windows\system32\basesrv.dll
12:26:03.0405 1636 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:26:03.0432 1636 (e3f137adc0a9d7f3a2e4f557272fe6b3) C:\Windows\system32\winsrv.dll
12:26:03.0466 1636 (329cf3c97ce4c19375c8abcabae258b0) C:\Windows\system32\services.exe
12:26:03.0470 1636 [Global] - ok
12:26:03.0471 1636 ================ Scan MBR ==================================
12:26:03.0483 1636 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:26:03.0676 1636 \Device\Harddisk0\DR0 - ok
12:26:03.0684 1636 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
12:26:03.0692 1636 \Device\Harddisk1\DR1 - ok
12:26:03.0693 1636 ================ Scan VBR ==================================
12:26:03.0697 1636 Boot (0x1200) (cc6b02fbd6916138bcd4f0d5d7b9a256) \Device\Harddisk0\DR0\Partition1
12:26:03.0702 1636 \Device\Harddisk0\DR0\Partition1 - ok
12:26:03.0707 1636 Boot (0x1200) (1f0bc9e263e784422453f4c576dfc035) \Device\Harddisk0\DR0\Partition2
12:26:03.0710 1636 \Device\Harddisk0\DR0\Partition2 - ok
12:26:03.0719 1636 Boot (0x1200) (4d96783a1ceca947ba1ea12a02b83970) \Device\Harddisk1\DR1\Partition1
12:26:03.0721 1636 \Device\Harddisk1\DR1\Partition1 - ok
12:26:03.0722 1636 ============================================================
12:26:03.0722 1636 Scan finished
12:26:03.0722 1636 ============================================================
12:26:03.0738 1572 Detected object count: 0
12:26:03.0738 1572 Actual detected object count: 0


aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 12:49:40
-----------------------------
12:49:40.173 OS Version: Windows 6.0.6000
12:49:40.173 Number of processors: 2 586 0xF0D
12:49:40.173 ComputerName: MYTIEN-PC UserName: Mytien
12:49:50.313 Initialize success
12:50:08.877 AVAST engine defs: 12081900
12:51:05.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:51:05.053 Disk 0 Vendor: ST3320820AS 3.AAD Size: 305245MB BusType: 3
12:51:05.115 Disk 0 MBR read successfully
12:51:05.131 Disk 0 MBR scan
12:51:05.474 Disk 0 Windows VISTA default MBR code
12:51:05.537 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10409 MB offset 63
12:51:05.615 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294833 MB offset 21318255
12:51:05.708 Disk 0 scanning sectors +625137345
12:51:06.145 Disk 0 scanning C:\Windows\system32\drivers
12:51:45.907 Service scanning
12:52:05.156 Service MpKslb56cf75e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{274BF995-7E75-4669-89E3-FC79397E2629}\MpKslb56cf75e.sys **LOCKED** 32
12:52:05.280 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:52:31.736 Modules scanning
12:52:36.665 Disk 0 trace - called modules:
12:52:36.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:52:36.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83df7ad8]
12:52:36.712 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x83d0f898]
12:52:36.728 5 acpi.sys[8047332a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x83ceb4f0]
12:52:38.334 AVAST engine scan C:\Windows
12:52:47.038 AVAST engine scan C:\Windows\system32
12:58:21.734 AVAST engine scan C:\Windows\system32\drivers
12:58:46.179 AVAST engine scan C:\Users\Mytien
13:08:32.388 AVAST engine scan C:\ProgramData
13:11:31.324 Scan finished successfully
13:11:39.810 Disk 0 MBR has been saved successfully to "C:\Users\Mytien\Desktop\MBR.dat"
13:11:39.826 The log file has been saved successfully to "C:\Users\Mytien\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 04:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 August 2012 - 08:37 PM

It seems the virus wasn't removed since MSE still detected it after I had ran combofix again.


Here is the update log:

ComboFix 12-08-18.03 - Mytien 08/19/2012 15:11:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1021.479 [GMT -7:00]
Running from: c:\users\Mytien\Desktop\ComboFix.exe
Command switches used :: c:\users\Mytien\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 22:20 . 2012-08-19 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 19:49 . 2012-08-19 19:49 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{274BF995-7E75-4669-89E3-FC79397E2629}\MpKslb56cf75e.sys
2012-08-19 19:49 . 2012-08-19 19:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{274BF995-7E75-4669-89E3-FC79397E2629}\offreg.dll
2012-08-19 19:49 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{274BF995-7E75-4669-89E3-FC79397E2629}\mpengine.dll
2012-08-19 17:14 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75EC0F58-5FF6-456C-A895-8B12E1FC8D8C}\gapaengine.dll
2012-08-19 10:01 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-17 23:43 . 2012-08-17 23:43 -------- d-----w- C:\FRST
2012-08-15 01:16 . 2012-08-15 01:16 -------- d-----w- c:\program files\Enigma Software Group
2012-08-15 01:13 . 2012-08-15 02:49 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-15 01:12 . 2012-08-15 01:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-14 23:35 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 23:35 . 2012-08-14 23:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-08 22:49 . 2012-08-08 22:49 382464 ----a-w- c:\windows\system32\qmgr.dll
2012-08-08 21:17 . 2012-08-08 21:24 -------- d-----w- c:\programdata\RegCure
2012-08-08 19:56 . 2012-08-08 19:56 -------- d-----w- c:\users\Mytien\AppData\Roaming\Malwarebytes
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 22:20 . 2012-08-06 22:20 -------- d-----w- c:\program files\Xilisoft
2012-08-06 21:31 . 2012-08-06 21:31 -------- d-----w- c:\users\Mytien\AppData\Roaming\ImTOO
2012-08-06 21:01 . 2012-08-06 22:21 -------- d-----w- c:\users\Mytien\AppData\Roaming\Xilisoft
2012-07-21 10:06 . 2012-07-21 10:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:07 . 2012-06-25 03:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:07 . 2011-08-27 19:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-30 22:02 . 2012-06-30 22:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 22:02 . 2011-10-22 20:11 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 08:44 . 2011-07-26 04:17 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-04 07:04 . 2012-05-04 07:04 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
2011-09-07 13:00 . 2011-08-14 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-08 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\System32\qmgr.dll
[7] 2011-07-26 . F1148566FA5173A4FD48AF8E8BC09401 . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll
[7] 2011-07-26 . DA551697E34D2B9943C8B1C8EAFFE89A . 750080 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[7] 2008-01-19 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[7] 2006-11-02 . 733FB484A06B9D6A44DD9CA1D3BE937B . 749568 . . [7.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-25 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-7-24 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
2006-11-16 23:04 2348584 ----a-w- c:\program files\BigFix\bigfix.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB56CF75E
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 21:07]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-15 02:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-15 02:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000Core.job
- c:\users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 03:34]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333188505-3977121984-4017778250-1000UA.job
- c:\users\Mytien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 03:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mytien\AppData\Roaming\Mozilla\Firefox\Profiles\se8amekw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-19 15:21
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-19 15:23:49
ComboFix-quarantined-files.txt 2012-08-19 22:23
.
Pre-Run: 215,258,599,424 bytes free
Post-Run: 214,622,654,464 bytes free
.
- - End Of File - - 7900DE5138318FF625B6C17687EED81D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 09:13 PM

did MSE give you a location as this would be very important


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 August 2012 - 09:35 PM

Items:
file:C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd75ba6b4bdf32.0000


The virus is detected by MSE at least once per day, and the only action it is doing to the virus is disinfecting it.
Thanks for helping me, Gringo. I really appreciate it!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 10:07 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 19 August 2012 - 10:13 PM

Microsoft Antimalware
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox 6.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero 7 Ultra Edition
neroxml
NETGEAR WNA3100 wireless USB 2.0 adapter
Nexon Game Manager
Pando Media Booster
Penguins!
PhotoFiltre
Polar Bowler
Polar Golfer
Power2Go 5.0
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Soft Data Fax Modem with SmartCP
Spare Backup
Tradewinds
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Villagers - A New Home

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 19 August 2012 - 10:37 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Tin01

Tin01
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 20 August 2012 - 11:21 AM

Hello, Gringo.

I believe I may have removed the virus now. It was detected by MSE while I was actually using the computer and gave me the option to remove it, in which I did. Just in case you want the logs, I will post them below.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.01

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Mytien :: MYTIEN-PC [administrator]

8/19/2012 8:59:41 PM
mbam-log-2012-08-19 (20-59-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188618
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:49 PM, on 8/19/2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mytien\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mytien\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5625E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6828 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 PM

Posted 20 August 2012 - 11:31 AM

Greetings


It most likely removed one of our backups


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users