Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits


  • This topic is locked This topic is locked
22 replies to this topic

#1 Zinny-chan

Zinny-chan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 18 August 2012 - 02:35 PM

Paste your log into this section.
I got some virus in my computer yesterday; It's troijan and some rootkits.
After that my windows defender won't work; I can't put it into action-> it keeps saying it isn't active and when I try to active it-> error-code comes.Same thing happens with the firewall.
I tried to get the viruses cleaned from the computer by AVG and then with Malware; both finds those and puts them in caranteen, but can't delete them. Overall 8 threats was yesterday and now is 6 threats; 2 troijans and 4 rootkits.
I tried to fix windows defender and firewall with window's fix it- exes, but those didn't fix the problem and some site said that computer must be clean from troijans and etc. after those can be fixed.
AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits.
I wish to have Troijan+rootkits deleted and windowsdefender+firewall to work right again.
Here is the DDS.txt.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Jenni at 21:41:48 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.3326.2131 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fi/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\jenni\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{ABF79081-AE71-489D-A91B-5243AC65A30D} : DhcpNameServer = 192.168.0.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jenni\appdata\roaming\mozilla\firefox\profiles\bmdj0l7d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B15c1b9aa-b0ab-4902-8f20-40835b32cded%7D&mid=6a7deb92337347d18c646de783b9f1fb-024d3321f35be31a9a194dcf3d8958af99c4efd8&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-10%2016%3A32%3A02&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 172032]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-17 655944]
R2 NAUpdate;Nero-päivitys;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-6-18 4807536]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-17 22344]
R3 RTL8167;Realtek 8167 NT -ohjain;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-6-18 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== Created Last 30 ================
.
2012-08-18 14:51:44 -------- d-----w- c:\users\jenni\appdata\local\{92A5F3C5-04EB-474F-9EE8-826A387E8DCD}
2012-08-18 14:51:33 -------- d-----w- c:\users\jenni\appdata\local\{5BE31162-FDDF-4060-B1CE-D8AFC14225CD}
2012-08-17 16:39:47 -------- d-----w- c:\users\jenni\appdata\roaming\Malwarebytes
2012-08-17 16:39:42 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 16:39:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 16:39:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-17 16:00:48 -------- d-----w- c:\users\jenni\appdata\local\Diagnostics
2012-08-17 15:07:35 -------- d-----w- c:\programdata\clp
2012-08-17 12:13:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-17 10:36:02 -------- d-----w- c:\users\jenni\appdata\local\{8D1896B1-6E9B-4BE4-A620-6AA75D0C2E8F}
2012-08-17 10:35:51 -------- d-----w- c:\users\jenni\appdata\local\{C6A53A22-9561-48D5-B2ED-F0FA6EF6B93B}
2012-08-14 19:27:16 -------- d-----w- c:\users\jenni\appdata\local\{A3D93E0A-DEB2-49D4-85CE-8B41500CF4B5}
2012-08-14 03:58:41 -------- d-----w- c:\users\jenni\appdata\local\{ABDA97E3-AE14-49B8-8E81-0F7DE4C58575}
2012-08-12 09:48:11 -------- d-----w- c:\users\jenni\appdata\local\{CBB5B281-5939-4EF2-8856-DCE625434485}
2012-08-12 09:47:49 -------- d-----w- c:\users\jenni\appdata\local\{B6C78388-264B-44A5-95CE-08585563F47F}
2012-08-09 16:20:42 -------- d-----w- c:\users\jenni\appdata\local\{9F6C211F-D22B-427C-8B91-DF7396007B69}
2012-08-09 16:20:24 -------- d-----w- c:\users\jenni\appdata\local\{26C0B33F-A44A-4521-B1D8-55060B4C8536}
2012-08-08 11:43:11 -------- d-----w- c:\users\jenni\appdata\local\{0A4E79AC-D807-408E-B1EC-C90D5E060DD1}
2012-08-08 11:42:49 -------- d-----w- c:\users\jenni\appdata\local\{C8497552-C0D6-46A5-B76B-FCA9C7551BE4}
2012-08-07 13:26:56 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2bc902d4-c44f-4dc6-87f7-b792aae0261e}\mpengine.dll
2012-08-07 13:24:08 -------- d-----w- c:\users\jenni\appdata\local\{68E9D5EF-A328-45B8-9FB1-CCD36891CB30}
2012-08-07 13:23:55 -------- d-----w- c:\users\jenni\appdata\local\{D84469C8-4E5E-4586-A0CD-E4FC8676FE12}
2012-08-06 09:26:55 -------- d-----w- c:\users\jenni\appdata\local\{A70665F8-243E-4FD9-9CCF-E606F2F9CB83}
2012-08-06 09:26:42 -------- d-----w- c:\users\jenni\appdata\local\{68BCCF51-1826-4EFB-8681-23872E097A1F}
2012-08-06 09:12:24 -------- d-----w- c:\users\jenni\appdata\local\{6A97803C-F657-48ED-B9D4-CDD7D6A4FF66}
2012-07-30 21:52:13 103904 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-30 11:02:29 -------- d-----w- c:\users\jenni\appdata\local\{DA2DE0F4-3B91-45CE-A40C-4C904904A9D2}
2012-07-29 12:52:22 -------- d-----w- c:\users\jenni\appdata\local\{3D39601F-F25E-432B-B564-92AB7114F068}
2012-07-29 12:52:12 -------- d-----w- c:\users\jenni\appdata\local\{8FDFE545-343A-4724-9133-D0F99CC86DAA}
2012-07-28 14:18:19 -------- d-----w- c:\users\jenni\appdata\local\{2D9E0DD9-0688-483E-AC25-E27894D6856C}
2012-07-28 14:18:08 -------- d-----w- c:\users\jenni\appdata\local\{C64F8019-9962-4CA8-AF18-D520FD0F7223}
2012-07-27 13:09:40 -------- d-----w- c:\users\jenni\appdata\local\{29BEDD3A-B02D-47F9-8C14-82AE2174E468}
2012-07-27 13:09:26 -------- d-----w- c:\users\jenni\appdata\local\{A21672AA-EED4-4343-9401-DD744D76830C}
2012-07-26 11:15:13 -------- d-----w- c:\users\jenni\appdata\local\{81915C4D-641C-4080-961B-E26EEFD2D422}
2012-07-26 11:14:59 -------- d-----w- c:\users\jenni\appdata\local\{C0279D76-491B-457C-8FBF-1B13C70764BB}
2012-07-25 12:30:55 -------- d-----w- c:\users\jenni\appdata\local\{825FFD60-0781-41F1-83F9-B6EE3F221AF1}
2012-07-25 12:30:32 -------- d-----w- c:\users\jenni\appdata\local\{06125C52-90E3-476A-9575-D50786288F1C}
2012-07-24 07:58:42 -------- d-----w- c:\users\jenni\appdata\local\{90771211-BF1A-4B95-9CBC-B05A37141B65}
2012-07-24 07:58:28 -------- d-----w- c:\users\jenni\appdata\local\{806DBF01-DA4A-4F4E-8F07-BA77B28CD40E}
2012-07-23 19:54:36 -------- d-----w- c:\users\jenni\appdata\local\{FAF2CC85-7A76-4B37-85C9-2B957B9ABB03}
2012-07-23 19:54:14 -------- d-----w- c:\users\jenni\appdata\local\{96553C17-6735-46F2-9533-53CBFEAF0A2F}
2012-07-23 07:54:02 -------- d-----w- c:\users\jenni\appdata\local\{376C90B0-FDCC-4E0C-8026-DA4F902BD8FE}
2012-07-23 07:53:48 -------- d-----w- c:\users\jenni\appdata\local\{3592F2A1-025A-46D8-88C4-91BB82B74CFE}
2012-07-21 13:36:41 -------- d-----w- c:\users\jenni\appdata\local\{4B4E4408-68D8-4093-A497-EEAC3A89D805}
2012-07-21 13:36:28 -------- d-----w- c:\users\jenni\appdata\local\{9C0AEABD-7F4B-404E-AB6F-A0D673AA6FF7}
2012-07-20 10:02:11 -------- d-----w- c:\users\jenni\appdata\local\{4CC3D6AC-B5FA-4D87-A567-00D30869ACE4}
2012-07-20 10:01:49 -------- d-----w- c:\users\jenni\appdata\local\{1E4EC361-00B2-49CA-9821-C1301259E094}
.
==================== Find3M ====================
.
2012-08-17 12:17:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 12:17:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-27 05:53:07 981504 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 04:10:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 17:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 09:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:42:31,07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 21 August 2012 - 12:33 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 23 August 2012 - 11:30 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 24 August 2012 - 06:30 AM

Hello, sorry I have been really busy with my work and hasn't been able to yet check your first reply on this post. I'm really sorry for it and really grateful of your quick reply/help.
I'll start right away working on and checking on those things you posted and post here again, when I have done those.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 24 August 2012 - 07:31 AM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 25 August 2012 - 07:15 AM

Hi!
I removed AVG and malware from my comp and then did the security check and then I did the combofix.
Right now on my computer works window's firewall, but when I try to put on to work windows defender: "Tried illegal function to registerkey, which is marked to be removed."
Mostly computer seems to work, but I noticed for example this: When I tried to open skype or msn:

C:\Program Files\Skype\Phone\Skype.exe
"C:\Program Files\Skype\Phone\Skype.exe
Tried illegal function to registerkey, which is marked to be removed."


Explorer-exe
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Tried illegal function to registerkey, which is marked to be removed."

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 25 August 2012 - 01:01 PM

ComboFix 12-08-25.04 - Jenni 25.08.2012 13:52:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.3326.2570 [GMT 3:00]
Sijainti: c:\users\Jenni\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\L\00000004.@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\U\00000004.@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\U\00000008.@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\U\000000cb.@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\U\80000000.@
c:\windows\Installer\{3e591a78-d55a-9650-c1c0-e62a33d6c251}\U\80000032.@
.
Saastunut kopio tiedostosta c:\windows\system32\services.exe löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\32788r22fwjfw\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-25 to 2012-08-25 )))))))))))))))))
.
.
2012-08-25 10:55 . 2012-08-25 10:57 -------- d-----w- c:\users\Jenni\AppData\Local\temp
2012-08-25 10:55 . 2012-08-25 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\users\Jenni\AppData\Roaming\Malwarebytes
2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 16:00 . 2012-08-25 09:55 -------- d-----w- c:\users\Jenni\AppData\Local\Diagnostics
2012-08-17 15:07 . 2012-08-17 15:37 -------- d-----w- c:\programdata\clp
2012-08-17 12:13 . 2012-08-17 12:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-07 13:26 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BC902D4-C44F-4DC6-87F7-B792AAE0261E}\mpengine.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 12:17 . 2012-04-21 11:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 12:17 . 2011-07-04 14:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 17:59 . 2012-06-06 17:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-14 09:16 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-14 09:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-14 09:16 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 17:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:08 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-22 17:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12 . 2012-06-22 17:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-14 09:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-14 09:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-14 09:16 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-14 09:16 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-14 09:16 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 09:25 . 2011-03-18 15:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 10:04 . 2011-03-23 15:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R2 NAUpdate;Nero-päivitys;c:\program files\Nero\Update\NASvc.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S3 RTL8167;Realtek 8167 NT -ohjain;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\bmdj0l7d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B15c1b9aa-b0ab-4902-8f20-40835b32cded%7D&mid=6a7deb92337347d18c646de783b9f1fb-024d3321f35be31a9a194dcf3d8958af99c4efd8&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-10%2016%3A32%3A02&sap=ku&q=
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-08-25 13:58:42 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-08-25 10:58
.
Ennen ajoa: 916 179 607 552 tavua vapaana
Ajon jälkeen: 915 656 282 112 tavua vapaana
.
- - End Of File - - 8FEB52F8FFD464D5B022E5A14B4CF789
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 25 August 2012 - 01:04 PM

Greetings Zinny-chan

  • Please do not attach logs or use code boxes, just copy and paste the text.
    [list]
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 26 August 2012 - 02:21 AM

TDSSKiller-log:

09:41:58.0285 2412 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:41:58.0300 2412 ============================================================
09:41:58.0300 2412 Current date / time: 2012/08/26 09:41:58.0300
09:41:58.0300 2412 SystemInfo:
09:41:58.0300 2412
09:41:58.0300 2412 OS Version: 6.1.7601 ServicePack: 1.0
09:41:58.0300 2412 Product type: Workstation
09:41:58.0300 2412 ComputerName: JENNI-PC
09:41:58.0300 2412 UserName: Jenni
09:41:58.0300 2412 Windows directory: C:\Windows
09:41:58.0300 2412 System windows directory: C:\Windows
09:41:58.0300 2412 Processor architecture: Intel x86
09:41:58.0300 2412 Number of processors: 2
09:41:58.0300 2412 Page size: 0x1000
09:41:58.0300 2412 Boot type: Normal boot
09:41:58.0300 2412 ============================================================
09:41:59.0111 2412 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:41:59.0127 2412 ============================================================
09:41:59.0127 2412 \Device\Harddisk0\DR0:
09:41:59.0127 2412 MBR partitions:
09:41:59.0127 2412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:41:59.0127 2412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
09:41:59.0127 2412 ============================================================
09:41:59.0158 2412 C: <-> \Device\Harddisk0\DR0\Partition2
09:41:59.0158 2412 ============================================================
09:41:59.0158 2412 Initialize success
09:41:59.0158 2412 ============================================================
09:42:09.0922 3780 ============================================================
09:42:09.0922 3780 Scan started
09:42:09.0922 3780 Mode: Manual;
09:42:09.0922 3780 ============================================================
09:42:10.0328 3780 ================ Scan system memory ========================
09:42:10.0343 3780 System memory - ok
09:42:10.0343 3780 ================ Scan services =============================
09:42:10.0484 3780 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:42:10.0499 3780 1394ohci - ok
09:42:10.0515 3780 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:42:10.0515 3780 ACPI - ok
09:42:10.0546 3780 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:42:10.0546 3780 AcpiPmi - ok
09:42:10.0562 3780 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:42:10.0577 3780 adp94xx - ok
09:42:10.0593 3780 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:42:10.0593 3780 adpahci - ok
09:42:10.0609 3780 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:42:10.0609 3780 adpu320 - ok
09:42:10.0624 3780 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:42:10.0624 3780 AeLookupSvc - ok
09:42:10.0655 3780 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:42:10.0655 3780 AFD - ok
09:42:10.0671 3780 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:42:10.0671 3780 agp440 - ok
09:42:10.0687 3780 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:42:10.0687 3780 aic78xx - ok
09:42:10.0702 3780 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:42:10.0702 3780 ALG - ok
09:42:10.0718 3780 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:42:10.0718 3780 aliide - ok
09:42:10.0749 3780 [ 72B4122645F1C7166265560B67EA98F9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:42:10.0749 3780 AMD External Events Utility - ok
09:42:10.0765 3780 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:42:10.0765 3780 amdagp - ok
09:42:10.0780 3780 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:42:10.0780 3780 amdide - ok
09:42:10.0796 3780 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:42:10.0796 3780 AmdK8 - ok
09:42:10.0811 3780 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:42:10.0811 3780 AmdPPM - ok
09:42:10.0827 3780 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:42:10.0827 3780 amdsata - ok
09:42:10.0843 3780 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:42:10.0843 3780 amdsbs - ok
09:42:10.0858 3780 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:42:10.0858 3780 amdxata - ok
09:42:10.0874 3780 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:42:10.0874 3780 AppID - ok
09:42:10.0889 3780 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:42:10.0889 3780 AppIDSvc - ok
09:42:10.0905 3780 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:42:10.0905 3780 Appinfo - ok
09:42:10.0921 3780 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:42:10.0936 3780 AppMgmt - ok
09:42:10.0952 3780 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
09:42:10.0952 3780 arc - ok
09:42:10.0967 3780 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:42:10.0967 3780 arcsas - ok
09:42:11.0014 3780 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:42:11.0045 3780 AsyncMac - ok
09:42:11.0077 3780 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:42:11.0077 3780 atapi - ok
09:42:11.0155 3780 [ 13C1C7EA14691EE53D8A27AACC028E54 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:42:11.0217 3780 atikmdag - ok
09:42:11.0233 3780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:42:11.0233 3780 AudioEndpointBuilder - ok
09:42:11.0248 3780 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:42:11.0248 3780 Audiosrv - ok
09:42:11.0264 3780 AVFSFilter - ok
09:42:11.0279 3780 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:42:11.0279 3780 AxInstSV - ok
09:42:11.0311 3780 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
09:42:11.0311 3780 b06bdrv - ok
09:42:11.0342 3780 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:42:11.0342 3780 b57nd60x - ok
09:42:11.0357 3780 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:42:11.0357 3780 BDESVC - ok
09:42:11.0373 3780 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:42:11.0373 3780 Beep - ok
09:42:11.0404 3780 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:42:11.0404 3780 BFE - ok
09:42:11.0420 3780 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:42:11.0420 3780 blbdrive - ok
09:42:11.0435 3780 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:42:11.0435 3780 bowser - ok
09:42:11.0451 3780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:42:11.0451 3780 BrFiltLo - ok
09:42:11.0467 3780 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:42:11.0467 3780 BrFiltUp - ok
09:42:11.0482 3780 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:42:11.0482 3780 BridgeMP - ok
09:42:11.0513 3780 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:42:11.0513 3780 Browser - ok
09:42:11.0545 3780 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:42:11.0545 3780 Brserid - ok
09:42:11.0576 3780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:42:11.0576 3780 BrSerWdm - ok
09:42:11.0591 3780 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:42:11.0591 3780 BrUsbMdm - ok
09:42:11.0591 3780 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:42:11.0607 3780 BrUsbSer - ok
09:42:11.0607 3780 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:42:11.0607 3780 BTHMODEM - ok
09:42:11.0638 3780 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:42:11.0638 3780 bthserv - ok
09:42:11.0716 3780 catchme - ok
09:42:11.0747 3780 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:42:11.0763 3780 cdfs - ok
09:42:11.0794 3780 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:42:11.0794 3780 cdrom - ok
09:42:11.0810 3780 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:42:11.0810 3780 CertPropSvc - ok
09:42:11.0825 3780 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
09:42:11.0825 3780 circlass - ok
09:42:11.0841 3780 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:42:11.0841 3780 CLFS - ok
09:42:11.0888 3780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:42:11.0888 3780 clr_optimization_v2.0.50727_32 - ok
09:42:11.0935 3780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:42:11.0935 3780 clr_optimization_v4.0.30319_32 - ok
09:42:11.0966 3780 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:42:11.0966 3780 CmBatt - ok
09:42:11.0966 3780 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:42:11.0966 3780 cmdide - ok
09:42:11.0997 3780 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:42:12.0013 3780 CNG - ok
09:42:12.0028 3780 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:42:12.0028 3780 Compbatt - ok
09:42:12.0028 3780 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:42:12.0028 3780 CompositeBus - ok
09:42:12.0044 3780 COMSysApp - ok
09:42:12.0044 3780 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:42:12.0044 3780 crcdisk - ok
09:42:12.0091 3780 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:42:12.0091 3780 CryptSvc - ok
09:42:12.0122 3780 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:42:12.0122 3780 CSC - ok
09:42:12.0137 3780 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:42:12.0153 3780 CscService - ok
09:42:12.0184 3780 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
09:42:12.0184 3780 CTDevice_Srv - ok
09:42:12.0200 3780 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
09:42:12.0200 3780 CTUPnPSv - ok
09:42:12.0231 3780 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:42:12.0247 3780 DcomLaunch - ok
09:42:12.0262 3780 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:42:12.0262 3780 defragsvc - ok
09:42:12.0278 3780 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:42:12.0293 3780 DfsC - ok
09:42:12.0309 3780 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:42:12.0309 3780 Dhcp - ok
09:42:12.0325 3780 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:42:12.0325 3780 discache - ok
09:42:12.0356 3780 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
09:42:12.0356 3780 Disk - ok
09:42:12.0371 3780 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:42:12.0371 3780 dmvsc - ok
09:42:12.0403 3780 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:42:12.0403 3780 Dnscache - ok
09:42:12.0418 3780 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:42:12.0418 3780 dot3svc - ok
09:42:12.0449 3780 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:42:12.0449 3780 Dot4 - ok
09:42:12.0481 3780 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:42:12.0481 3780 Dot4Print - ok
09:42:12.0496 3780 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:42:12.0512 3780 dot4usb - ok
09:42:12.0512 3780 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:42:12.0512 3780 DPS - ok
09:42:12.0543 3780 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:42:12.0543 3780 drmkaud - ok
09:42:12.0574 3780 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:42:12.0574 3780 DXGKrnl - ok
09:42:12.0590 3780 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:42:12.0590 3780 EapHost - ok
09:42:12.0652 3780 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
09:42:12.0668 3780 ebdrv - ok
09:42:12.0699 3780 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:42:12.0699 3780 EFS - ok
09:42:12.0730 3780 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:42:12.0746 3780 ehRecvr - ok
09:42:12.0761 3780 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:42:12.0761 3780 ehSched - ok
09:42:12.0777 3780 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:42:12.0777 3780 elxstor - ok
09:42:12.0793 3780 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:42:12.0793 3780 ErrDev - ok
09:42:12.0824 3780 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:42:12.0824 3780 EventSystem - ok
09:42:12.0839 3780 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:42:12.0839 3780 exfat - ok
09:42:12.0855 3780 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:42:12.0855 3780 fastfat - ok
09:42:12.0886 3780 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:42:12.0886 3780 Fax - ok
09:42:12.0886 3780 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
09:42:12.0886 3780 fdc - ok
09:42:12.0902 3780 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:42:12.0902 3780 fdPHost - ok
09:42:12.0902 3780 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:42:12.0917 3780 FDResPub - ok
09:42:12.0917 3780 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:42:12.0917 3780 FileInfo - ok
09:42:12.0933 3780 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:42:12.0933 3780 Filetrace - ok
09:42:12.0933 3780 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:42:12.0933 3780 flpydisk - ok
09:42:12.0949 3780 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:42:12.0949 3780 FltMgr - ok
09:42:12.0980 3780 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:42:12.0980 3780 FontCache - ok
09:42:13.0027 3780 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:42:13.0027 3780 FontCache3.0.0.0 - ok
09:42:13.0027 3780 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:42:13.0027 3780 FsDepends - ok
09:42:13.0042 3780 FSES - ok
09:42:13.0058 3780 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:42:13.0058 3780 Fs_Rec - ok
09:42:13.0073 3780 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:42:13.0073 3780 fvevol - ok
09:42:13.0089 3780 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:42:13.0089 3780 gagp30kx - ok
09:42:13.0120 3780 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:42:13.0136 3780 gpsvc - ok
09:42:13.0136 3780 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:42:13.0136 3780 hcw85cir - ok
09:42:13.0151 3780 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:42:13.0167 3780 HdAudAddService - ok
09:42:13.0183 3780 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:42:13.0183 3780 HDAudBus - ok
09:42:13.0183 3780 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:42:13.0183 3780 HidBatt - ok
09:42:13.0198 3780 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:42:13.0198 3780 HidBth - ok
09:42:13.0214 3780 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:42:13.0214 3780 HidIr - ok
09:42:13.0229 3780 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:42:13.0229 3780 hidserv - ok
09:42:13.0245 3780 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:42:13.0245 3780 HidUsb - ok
09:42:13.0261 3780 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:42:13.0261 3780 hkmsvc - ok
09:42:13.0276 3780 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:42:13.0276 3780 HomeGroupListener - ok
09:42:13.0307 3780 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:42:13.0307 3780 HomeGroupProvider - ok
09:42:13.0370 3780 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:42:13.0385 3780 hpqcxs08 - ok
09:42:13.0401 3780 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:42:13.0401 3780 hpqddsvc - ok
09:42:13.0417 3780 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:42:13.0417 3780 HpSAMD - ok
09:42:13.0448 3780 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:42:13.0448 3780 HPSLPSVC - ok
09:42:13.0463 3780 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:42:13.0479 3780 HTTP - ok
09:42:13.0495 3780 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:42:13.0495 3780 hwpolicy - ok
09:42:13.0510 3780 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:42:13.0510 3780 i8042prt - ok
09:42:13.0541 3780 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:42:13.0557 3780 iaStorV - ok
09:42:13.0619 3780 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:42:13.0635 3780 idsvc - ok
09:42:13.0635 3780 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:42:13.0635 3780 iirsp - ok
09:42:13.0682 3780 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:42:13.0682 3780 IKEEXT - ok
09:42:13.0697 3780 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:42:13.0697 3780 intelide - ok
09:42:13.0729 3780 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:42:13.0729 3780 intelppm - ok
09:42:13.0744 3780 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:42:13.0744 3780 IPBusEnum - ok
09:42:13.0744 3780 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:42:13.0744 3780 IpFilterDriver - ok
09:42:13.0791 3780 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:42:13.0807 3780 iphlpsvc - ok
09:42:13.0822 3780 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:42:13.0822 3780 IPMIDRV - ok
09:42:13.0838 3780 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:42:13.0838 3780 IPNAT - ok
09:42:13.0853 3780 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:42:13.0853 3780 IRENUM - ok
09:42:13.0869 3780 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:42:13.0869 3780 isapnp - ok
09:42:13.0885 3780 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:42:13.0885 3780 iScsiPrt - ok
09:42:13.0916 3780 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:42:13.0916 3780 kbdclass - ok
09:42:13.0916 3780 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:42:13.0916 3780 kbdhid - ok
09:42:13.0931 3780 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:42:13.0931 3780 KeyIso - ok
09:42:13.0963 3780 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:42:13.0963 3780 KSecDD - ok
09:42:13.0963 3780 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:42:13.0978 3780 KSecPkg - ok
09:42:13.0994 3780 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:42:14.0009 3780 KtmRm - ok
09:42:14.0041 3780 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:42:14.0056 3780 LanmanServer - ok
09:42:14.0072 3780 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:42:14.0072 3780 LanmanWorkstation - ok
09:42:14.0087 3780 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:42:14.0087 3780 lltdio - ok
09:42:14.0119 3780 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:42:14.0119 3780 lltdsvc - ok
09:42:14.0134 3780 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:42:14.0134 3780 lmhosts - ok
09:42:14.0150 3780 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:42:14.0165 3780 LSI_FC - ok
09:42:14.0165 3780 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:42:14.0165 3780 LSI_SAS - ok
09:42:14.0181 3780 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:42:14.0181 3780 LSI_SAS2 - ok
09:42:14.0197 3780 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:42:14.0197 3780 LSI_SCSI - ok
09:42:14.0197 3780 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:42:14.0197 3780 luafv - ok
09:42:14.0228 3780 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:42:14.0228 3780 Mcx2Svc - ok
09:42:14.0243 3780 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
09:42:14.0243 3780 megasas - ok
09:42:14.0259 3780 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:42:14.0259 3780 MegaSR - ok
09:42:14.0306 3780 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:42:14.0306 3780 Microsoft Office Groove Audit Service - ok
09:42:14.0337 3780 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:42:14.0337 3780 MMCSS - ok
09:42:14.0353 3780 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:42:14.0353 3780 Modem - ok
09:42:14.0368 3780 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:42:14.0368 3780 monitor - ok
09:42:14.0368 3780 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:42:14.0368 3780 mouclass - ok
09:42:14.0399 3780 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:42:14.0399 3780 mouhid - ok
09:42:14.0415 3780 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:42:14.0415 3780 mountmgr - ok
09:42:14.0477 3780 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:42:14.0477 3780 MozillaMaintenance - ok
09:42:14.0509 3780 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:42:14.0509 3780 mpio - ok
09:42:14.0524 3780 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:42:14.0524 3780 mpsdrv - ok
09:42:14.0555 3780 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:42:14.0555 3780 MpsSvc - ok
09:42:14.0571 3780 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:42:14.0571 3780 MRxDAV - ok
09:42:14.0602 3780 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:42:14.0602 3780 mrxsmb - ok
09:42:14.0633 3780 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:42:14.0633 3780 mrxsmb10 - ok
09:42:14.0649 3780 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:42:14.0649 3780 mrxsmb20 - ok
09:42:14.0665 3780 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:42:14.0665 3780 msahci - ok
09:42:14.0680 3780 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:42:14.0680 3780 msdsm - ok
09:42:14.0696 3780 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:42:14.0696 3780 MSDTC - ok
09:42:14.0711 3780 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:42:14.0711 3780 Msfs - ok
09:42:14.0727 3780 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:42:14.0727 3780 mshidkmdf - ok
09:42:14.0727 3780 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:42:14.0743 3780 msisadrv - ok
09:42:14.0758 3780 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:42:14.0758 3780 MSiSCSI - ok
09:42:14.0774 3780 msiserver - ok
09:42:14.0789 3780 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:42:14.0789 3780 MSKSSRV - ok
09:42:14.0789 3780 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:42:14.0805 3780 MSPCLOCK - ok
09:42:14.0805 3780 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:42:14.0805 3780 MSPQM - ok
09:42:14.0821 3780 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:42:14.0821 3780 MsRPC - ok
09:42:14.0836 3780 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:42:14.0836 3780 mssmbios - ok
09:42:14.0852 3780 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:42:14.0852 3780 MSTEE - ok
09:42:14.0852 3780 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:42:14.0867 3780 MTConfig - ok
09:42:14.0883 3780 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:42:14.0883 3780 MTsensor - ok
09:42:14.0899 3780 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:42:14.0899 3780 Mup - ok
09:42:14.0914 3780 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:42:14.0914 3780 napagent - ok
09:42:14.0945 3780 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:42:14.0945 3780 NativeWifiP - ok
09:42:14.0992 3780 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
09:42:14.0992 3780 NAUpdate - ok
09:42:15.0023 3780 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:42:15.0039 3780 NDIS - ok
09:42:15.0055 3780 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:15.0055 3780 NdisCap - ok
09:42:15.0070 3780 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:15.0070 3780 NdisTapi - ok
09:42:15.0086 3780 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:15.0086 3780 Ndisuio - ok
09:42:15.0086 3780 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:15.0101 3780 NdisWan - ok
09:42:15.0101 3780 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:42:15.0101 3780 NDProxy - ok
09:42:15.0148 3780 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:42:15.0164 3780 Net Driver HPZ12 - ok
09:42:15.0179 3780 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:42:15.0179 3780 NetBIOS - ok
09:42:15.0195 3780 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:42:15.0211 3780 NetBT - ok
09:42:15.0211 3780 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:42:15.0226 3780 Netlogon - ok
09:42:15.0257 3780 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:42:15.0257 3780 Netman - ok
09:42:15.0257 3780 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:42:15.0273 3780 netprofm - ok
09:42:15.0289 3780 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:42:15.0289 3780 NetTcpPortSharing - ok
09:42:15.0304 3780 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:42:15.0304 3780 nfrd960 - ok
09:42:15.0320 3780 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:42:15.0320 3780 NlaSvc - ok
09:42:15.0335 3780 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:42:15.0335 3780 Npfs - ok
09:42:15.0351 3780 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:42:15.0351 3780 nsi - ok
09:42:15.0367 3780 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:42:15.0367 3780 nsiproxy - ok
09:42:15.0398 3780 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:42:15.0413 3780 Ntfs - ok
09:42:15.0429 3780 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:42:15.0429 3780 Null - ok
09:42:15.0445 3780 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:42:15.0445 3780 nvraid - ok
09:42:15.0476 3780 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:42:15.0476 3780 nvstor - ok
09:42:15.0491 3780 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:42:15.0491 3780 nv_agp - ok
09:42:15.0538 3780 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:42:15.0538 3780 odserv - ok
09:42:15.0569 3780 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:42:15.0569 3780 ohci1394 - ok
09:42:15.0601 3780 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:42:15.0601 3780 ose - ok
09:42:15.0632 3780 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:42:15.0632 3780 p2pimsvc - ok
09:42:15.0647 3780 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:42:15.0663 3780 p2psvc - ok
09:42:15.0679 3780 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:42:15.0679 3780 Parport - ok
09:42:15.0710 3780 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:42:15.0710 3780 partmgr - ok
09:42:15.0725 3780 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:42:15.0725 3780 Parvdm - ok
09:42:15.0757 3780 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:42:15.0757 3780 PcaSvc - ok
09:42:15.0772 3780 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:42:15.0772 3780 pci - ok
09:42:15.0788 3780 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:42:15.0788 3780 pciide - ok
09:42:15.0803 3780 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:42:15.0803 3780 pcmcia - ok
09:42:15.0819 3780 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:42:15.0819 3780 pcw - ok
09:42:15.0850 3780 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:42:15.0866 3780 PEAUTH - ok
09:42:15.0913 3780 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:42:15.0928 3780 PeerDistSvc - ok
09:42:15.0959 3780 [ 4A108CC9CC0E0605E68CCE7021479879 ] PenClass C:\Windows\system32\Drivers\PenClass.sys
09:42:15.0959 3780 PenClass - ok
09:42:16.0006 3780 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:42:16.0022 3780 pla - ok
09:42:16.0069 3780 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:42:16.0084 3780 PlugPlay - ok
09:42:16.0100 3780 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:42:16.0100 3780 Pml Driver HPZ12 - ok
09:42:16.0115 3780 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:42:16.0115 3780 PNRPAutoReg - ok
09:42:16.0131 3780 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:42:16.0131 3780 PNRPsvc - ok
09:42:16.0147 3780 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:42:16.0162 3780 PolicyAgent - ok
09:42:16.0178 3780 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:42:16.0193 3780 Power - ok
09:42:16.0209 3780 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:42:16.0209 3780 PptpMiniport - ok
09:42:16.0209 3780 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
09:42:16.0225 3780 Processor - ok
09:42:16.0240 3780 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:42:16.0256 3780 ProfSvc - ok
09:42:16.0256 3780 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:42:16.0256 3780 ProtectedStorage - ok
09:42:16.0287 3780 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:42:16.0287 3780 Psched - ok
09:42:16.0318 3780 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:42:16.0318 3780 ql2300 - ok
09:42:16.0334 3780 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:42:16.0334 3780 ql40xx - ok
09:42:16.0349 3780 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:42:16.0365 3780 QWAVE - ok
09:42:16.0365 3780 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:42:16.0365 3780 QWAVEdrv - ok
09:42:16.0381 3780 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:42:16.0381 3780 RasAcd - ok
09:42:16.0396 3780 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:42:16.0396 3780 RasAgileVpn - ok
09:42:16.0412 3780 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:42:16.0427 3780 RasAuto - ok
09:42:16.0427 3780 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:42:16.0427 3780 Rasl2tp - ok
09:42:16.0443 3780 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:42:16.0443 3780 RasMan - ok
09:42:16.0459 3780 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:42:16.0459 3780 RasPppoe - ok
09:42:16.0474 3780 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:42:16.0474 3780 RasSstp - ok
09:42:16.0474 3780 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:42:16.0474 3780 rdbss - ok
09:42:16.0490 3780 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:42:16.0490 3780 rdpbus - ok
09:42:16.0505 3780 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:42:16.0505 3780 RDPCDD - ok
09:42:16.0521 3780 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:42:16.0521 3780 RDPDR - ok
09:42:16.0552 3780 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:42:16.0552 3780 RDPENCDD - ok
09:42:16.0568 3780 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:42:16.0568 3780 RDPREFMP - ok
09:42:16.0599 3780 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:42:16.0599 3780 RdpVideoMiniport - ok
09:42:16.0615 3780 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:42:16.0615 3780 RDPWD - ok
09:42:16.0646 3780 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:42:16.0646 3780 rdyboost - ok
09:42:16.0661 3780 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:42:16.0661 3780 RemoteAccess - ok
09:42:16.0677 3780 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:42:16.0677 3780 RemoteRegistry - ok
09:42:16.0693 3780 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:42:16.0693 3780 RpcEptMapper - ok
09:42:16.0708 3780 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:42:16.0708 3780 RpcLocator - ok
09:42:16.0724 3780 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:42:16.0724 3780 RpcSs - ok
09:42:16.0739 3780 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:42:16.0739 3780 rspndr - ok
09:42:16.0771 3780 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:42:16.0771 3780 RTL8167 - ok
09:42:16.0802 3780 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:42:16.0802 3780 s3cap - ok
09:42:16.0817 3780 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:42:16.0817 3780 SamSs - ok
09:42:16.0849 3780 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:42:16.0849 3780 sbp2port - ok
09:42:16.0864 3780 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:42:16.0864 3780 SCardSvr - ok
09:42:16.0864 3780 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:42:16.0864 3780 scfilter - ok
09:42:16.0895 3780 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:42:16.0895 3780 Schedule - ok
09:42:16.0911 3780 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:42:16.0911 3780 SCPolicySvc - ok
09:42:16.0911 3780 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:42:16.0911 3780 SDRSVC - ok
09:42:16.0927 3780 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:42:16.0927 3780 secdrv - ok
09:42:16.0942 3780 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:42:16.0942 3780 seclogon - ok
09:42:16.0942 3780 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:42:16.0942 3780 SENS - ok
09:42:16.0958 3780 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:42:16.0958 3780 SensrSvc - ok
09:42:16.0958 3780 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:42:16.0958 3780 Serenum - ok
09:42:16.0973 3780 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:42:16.0973 3780 Serial - ok
09:42:16.0989 3780 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:42:16.0989 3780 sermouse - ok
09:42:17.0020 3780 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:42:17.0020 3780 SessionEnv - ok
09:42:17.0020 3780 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:42:17.0020 3780 sffdisk - ok
09:42:17.0020 3780 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:42:17.0020 3780 sffp_mmc - ok
09:42:17.0036 3780 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:42:17.0036 3780 sffp_sd - ok
09:42:17.0036 3780 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:42:17.0036 3780 sfloppy - ok
09:42:17.0083 3780 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:42:17.0098 3780 SharedAccess - ok
09:42:17.0114 3780 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:42:17.0129 3780 ShellHWDetection - ok
09:42:17.0129 3780 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:42:17.0129 3780 sisagp - ok
09:42:17.0145 3780 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:42:17.0145 3780 SiSRaid2 - ok
09:42:17.0176 3780 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:42:17.0176 3780 SiSRaid4 - ok
09:42:17.0223 3780 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:42:17.0223 3780 SkypeUpdate - ok
09:42:17.0239 3780 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:42:17.0239 3780 Smb - ok
09:42:17.0254 3780 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:42:17.0254 3780 SNMPTRAP - ok
09:42:17.0270 3780 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:42:17.0270 3780 spldr - ok
09:42:17.0301 3780 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:42:17.0301 3780 Spooler - ok
09:42:17.0348 3780 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:42:17.0363 3780 sppsvc - ok
09:42:17.0379 3780 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:42:17.0379 3780 sppuinotify - ok
09:42:17.0410 3780 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:42:17.0410 3780 srv - ok
09:42:17.0426 3780 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:42:17.0426 3780 srv2 - ok
09:42:17.0441 3780 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:42:17.0441 3780 srvnet - ok
09:42:17.0457 3780 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:42:17.0457 3780 SSDPSRV - ok
09:42:17.0473 3780 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:42:17.0473 3780 SstpSvc - ok
09:42:17.0488 3780 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:42:17.0488 3780 stexstor - ok
09:42:17.0519 3780 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:42:17.0519 3780 StiSvc - ok
09:42:17.0535 3780 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:42:17.0551 3780 storflt - ok
09:42:17.0582 3780 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:42:17.0582 3780 storvsc - ok
09:42:17.0597 3780 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:42:17.0597 3780 swenum - ok
09:42:17.0613 3780 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:42:17.0629 3780 swprv - ok
09:42:17.0644 3780 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
09:42:17.0644 3780 Synth3dVsc - ok
09:42:17.0660 3780 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:42:17.0675 3780 SysMain - ok
09:42:17.0691 3780 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:42:17.0691 3780 TabletInputService - ok
09:42:17.0863 3780 [ 304CE920C3145BB8EA06AA25E903368A ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
09:42:17.0894 3780 TabletServiceWacom - ok
09:42:17.0925 3780 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:42:17.0925 3780 TapiSrv - ok
09:42:17.0941 3780 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:42:17.0941 3780 TBS - ok
09:42:17.0972 3780 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:42:17.0987 3780 Tcpip - ok
09:42:18.0003 3780 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:42:18.0003 3780 TCPIP6 - ok
09:42:18.0019 3780 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:42:18.0019 3780 tcpipreg - ok
09:42:18.0034 3780 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:42:18.0034 3780 TDPIPE - ok
09:42:18.0065 3780 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:42:18.0065 3780 TDTCP - ok
09:42:18.0081 3780 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:42:18.0081 3780 tdx - ok
09:42:18.0081 3780 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:42:18.0097 3780 TermDD - ok
09:42:18.0097 3780 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
09:42:18.0097 3780 terminpt - ok
09:42:18.0112 3780 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:42:18.0112 3780 TermService - ok
09:42:18.0128 3780 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:42:18.0143 3780 Themes - ok
09:42:18.0143 3780 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:42:18.0143 3780 THREADORDER - ok
09:42:18.0175 3780 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:42:18.0175 3780 TrkWks - ok
09:42:18.0221 3780 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:42:18.0237 3780 TrustedInstaller - ok
09:42:18.0253 3780 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:42:18.0253 3780 tssecsrv - ok
09:42:18.0268 3780 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:42:18.0268 3780 TsUsbFlt - ok
09:42:18.0268 3780 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:42:18.0284 3780 TsUsbGD - ok
09:42:18.0284 3780 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
09:42:18.0284 3780 tsusbhub - ok
09:42:18.0299 3780 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:42:18.0299 3780 tunnel - ok
09:42:18.0331 3780 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:42:18.0331 3780 uagp35 - ok
09:42:18.0346 3780 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:42:18.0346 3780 udfs - ok
09:42:18.0362 3780 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:42:18.0362 3780 UI0Detect - ok
09:42:18.0362 3780 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:42:18.0362 3780 uliagpkx - ok
09:42:18.0393 3780 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:42:18.0393 3780 umbus - ok
09:42:18.0393 3780 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
09:42:18.0393 3780 UmPass - ok
09:42:18.0424 3780 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:42:18.0424 3780 UmRdpService - ok
09:42:18.0455 3780 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:42:18.0455 3780 upnphost - ok
09:42:18.0471 3780 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:42:18.0471 3780 usbccgp - ok
09:42:18.0487 3780 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:42:18.0487 3780 usbcir - ok
09:42:18.0518 3780 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:42:18.0518 3780 usbehci - ok
09:42:18.0533 3780 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:42:18.0549 3780 usbhub - ok
09:42:18.0565 3780 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:42:18.0565 3780 usbohci - ok
09:42:18.0580 3780 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:42:18.0580 3780 usbprint - ok
09:42:18.0596 3780 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:42:18.0596 3780 usbscan - ok
09:42:18.0627 3780 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:42:18.0627 3780 USBSTOR - ok
09:42:18.0658 3780 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:42:18.0658 3780 usbuhci - ok
09:42:18.0658 3780 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:42:18.0674 3780 UxSms - ok
09:42:18.0674 3780 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:42:18.0674 3780 VaultSvc - ok
09:42:18.0689 3780 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:42:18.0689 3780 vdrvroot - ok
09:42:18.0721 3780 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:42:18.0721 3780 vds - ok
09:42:18.0736 3780 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:42:18.0736 3780 vga - ok
09:42:18.0736 3780 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:42:18.0736 3780 VgaSave - ok
09:42:18.0752 3780 VGPU - ok
09:42:18.0767 3780 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:42:18.0767 3780 vhdmp - ok
09:42:18.0783 3780 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:42:18.0783 3780 viaagp - ok
09:42:18.0783 3780 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:42:18.0783 3780 ViaC7 - ok
09:42:18.0799 3780 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:42:18.0799 3780 viaide - ok
09:42:18.0814 3780 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:42:18.0814 3780 vmbus - ok
09:42:18.0830 3780 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:42:18.0830 3780 VMBusHID - ok
09:42:18.0830 3780 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:42:18.0830 3780 volmgr - ok
09:42:18.0845 3780 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:42:18.0845 3780 volmgrx - ok
09:42:18.0861 3780 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:42:18.0861 3780 volsnap - ok
09:42:18.0877 3780 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:42:18.0877 3780 vsmraid - ok
09:42:18.0908 3780 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:42:18.0923 3780 VSS - ok
09:42:18.0923 3780 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:42:18.0923 3780 vwifibus - ok
09:42:18.0939 3780 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:42:18.0955 3780 W32Time - ok
09:42:18.0970 3780 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
09:42:18.0970 3780 wacmoumonitor - ok
09:42:19.0017 3780 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
09:42:19.0017 3780 wacommousefilter - ok
09:42:19.0017 3780 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:42:19.0017 3780 WacomPen - ok
09:42:19.0048 3780 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
09:42:19.0048 3780 wacomvhid - ok
09:42:19.0064 3780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:42:19.0064 3780 WANARP - ok
09:42:19.0064 3780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:42:19.0064 3780 Wanarpv6 - ok
09:42:19.0095 3780 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:42:19.0111 3780 wbengine - ok
09:42:19.0111 3780 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:42:19.0111 3780 WbioSrvc - ok
09:42:19.0126 3780 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:42:19.0126 3780 wcncsvc - ok
09:42:19.0142 3780 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:42:19.0142 3780 WcsPlugInService - ok
09:42:19.0157 3780 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
09:42:19.0157 3780 Wd - ok
09:42:19.0173 3780 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:42:19.0173 3780 Wdf01000 - ok
09:42:19.0189 3780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:42:19.0189 3780 WdiServiceHost - ok
09:42:19.0189 3780 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:42:19.0189 3780 WdiSystemHost - ok
09:42:19.0204 3780 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:42:19.0204 3780 WebClient - ok
09:42:19.0220 3780 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:42:19.0220 3780 Wecsvc - ok
09:42:19.0235 3780 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:42:19.0235 3780 wercplsupport - ok
09:42:19.0251 3780 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:42:19.0251 3780 WerSvc - ok
09:42:19.0267 3780 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:42:19.0267 3780 WfpLwf - ok
09:42:19.0282 3780 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:42:19.0282 3780 WIMMount - ok
09:42:19.0329 3780 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:42:19.0329 3780 WinDefend - ok
09:42:19.0345 3780 WinHttpAutoProxySvc - ok
09:42:19.0391 3780 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:42:19.0391 3780 Winmgmt - ok
09:42:19.0438 3780 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:42:19.0454 3780 WinRM - ok
09:42:19.0485 3780 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:42:19.0485 3780 WinUsb - ok
09:42:19.0501 3780 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:42:19.0516 3780 Wlansvc - ok
09:42:19.0594 3780 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:42:19.0610 3780 wlidsvc - ok
09:42:19.0625 3780 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:42:19.0625 3780 WmiAcpi - ok
09:42:19.0657 3780 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:42:19.0657 3780 wmiApSrv - ok
09:42:19.0688 3780 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:42:19.0688 3780 WMPNetworkSvc - ok
09:42:19.0703 3780 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:42:19.0703 3780 WPCSvc - ok
09:42:19.0719 3780 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:42:19.0735 3780 WPDBusEnum - ok
09:42:19.0750 3780 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:42:19.0750 3780 ws2ifsl - ok
09:42:19.0781 3780 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:42:19.0781 3780 wscsvc - ok
09:42:19.0781 3780 WSearch - ok
09:42:19.0828 3780 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:42:19.0844 3780 wuauserv - ok
09:42:19.0859 3780 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:42:19.0859 3780 WudfPf - ok
09:42:19.0875 3780 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:42:19.0875 3780 WUDFRd - ok
09:42:19.0891 3780 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:42:19.0891 3780 wudfsvc - ok
09:42:19.0906 3780 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:42:19.0922 3780 WwanSvc - ok
09:42:19.0922 3780 ================ Scan global ===============================
09:42:19.0953 3780 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:42:19.0969 3780 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:42:19.0969 3780 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:42:20.0000 3780 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:42:20.0015 3780 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:42:20.0031 3780 [Global] - ok
09:42:20.0031 3780 ================ Scan MBR ==================================
09:42:20.0031 3780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:42:20.0327 3780 \Device\Harddisk0\DR0 - ok
09:42:20.0327 3780 ================ Scan VBR ==================================
09:42:20.0327 3780 [ 75D523FC7BE23A6F97EE925BA671F079 ] \Device\Harddisk0\DR0\Partition1
09:42:20.0327 3780 \Device\Harddisk0\DR0\Partition1 - ok
09:42:20.0343 3780 [ 95FAE4C443207004B3BAA8EE2FAC35AE ] \Device\Harddisk0\DR0\Partition2
09:42:20.0343 3780 \Device\Harddisk0\DR0\Partition2 - ok
09:42:20.0343 3780 ============================================================
09:42:20.0343 3780 Scan finished
09:42:20.0343 3780 ============================================================
09:42:20.0359 3916 Detected object count: 0
09:42:20.0359 3916 Actual detected object count: 0
09:42:44.0149 3364 ============================================================
09:42:44.0149 3364 Scan started
09:42:44.0149 3364 Mode: Manual;
09:42:44.0149 3364 ============================================================
09:42:44.0305 3364 ================ Scan system memory ========================
09:42:44.0305 3364 System memory - ok
09:42:44.0305 3364 ================ Scan services =============================
09:42:44.0445 3364 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:42:44.0445 3364 1394ohci - ok
09:42:44.0476 3364 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:42:44.0476 3364 ACPI - ok
09:42:44.0492 3364 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:42:44.0492 3364 AcpiPmi - ok
09:42:44.0507 3364 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:42:44.0507 3364 adp94xx - ok
09:42:44.0523 3364 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:42:44.0523 3364 adpahci - ok
09:42:44.0539 3364 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:42:44.0539 3364 adpu320 - ok
09:42:44.0554 3364 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:42:44.0554 3364 AeLookupSvc - ok
09:42:44.0570 3364 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:42:44.0570 3364 AFD - ok
09:42:44.0585 3364 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:42:44.0585 3364 agp440 - ok
09:42:44.0601 3364 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:42:44.0601 3364 aic78xx - ok
09:42:44.0601 3364 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:42:44.0601 3364 ALG - ok
09:42:44.0617 3364 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:42:44.0617 3364 aliide - ok
09:42:44.0632 3364 [ 72B4122645F1C7166265560B67EA98F9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:42:44.0632 3364 AMD External Events Utility - ok
09:42:44.0632 3364 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:42:44.0632 3364 amdagp - ok
09:42:44.0648 3364 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:42:44.0648 3364 amdide - ok
09:42:44.0663 3364 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:42:44.0663 3364 AmdK8 - ok
09:42:44.0663 3364 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:42:44.0663 3364 AmdPPM - ok
09:42:44.0695 3364 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:42:44.0695 3364 amdsata - ok
09:42:44.0710 3364 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:42:44.0710 3364 amdsbs - ok
09:42:44.0710 3364 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:42:44.0710 3364 amdxata - ok
09:42:44.0726 3364 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:42:44.0726 3364 AppID - ok
09:42:44.0741 3364 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:42:44.0741 3364 AppIDSvc - ok
09:42:44.0741 3364 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:42:44.0741 3364 Appinfo - ok
09:42:44.0773 3364 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:42:44.0773 3364 AppMgmt - ok
09:42:44.0773 3364 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
09:42:44.0773 3364 arc - ok
09:42:44.0788 3364 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:42:44.0788 3364 arcsas - ok
09:42:44.0804 3364 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:42:44.0804 3364 AsyncMac - ok
09:42:44.0804 3364 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:42:44.0804 3364 atapi - ok
09:42:44.0929 3364 [ 13C1C7EA14691EE53D8A27AACC028E54 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:42:44.0944 3364 atikmdag - ok
09:42:44.0960 3364 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:42:44.0975 3364 AudioEndpointBuilder - ok
09:42:44.0975 3364 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:42:44.0975 3364 Audiosrv - ok
09:42:44.0975 3364 AVFSFilter - ok
09:42:45.0007 3364 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:42:45.0007 3364 AxInstSV - ok
09:42:45.0022 3364 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
09:42:45.0022 3364 b06bdrv - ok
09:42:45.0038 3364 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:42:45.0038 3364 b57nd60x - ok
09:42:45.0038 3364 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:42:45.0038 3364 BDESVC - ok
09:42:45.0053 3364 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:42:45.0053 3364 Beep - ok
09:42:45.0069 3364 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:42:45.0069 3364 BFE - ok
09:42:45.0085 3364 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:42:45.0085 3364 blbdrive - ok
09:42:45.0100 3364 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:42:45.0100 3364 bowser - ok
09:42:45.0116 3364 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:42:45.0116 3364 BrFiltLo - ok
09:42:45.0131 3364 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:42:45.0131 3364 BrFiltUp - ok
09:42:45.0147 3364 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:42:45.0147 3364 BridgeMP - ok
09:42:45.0163 3364 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:42:45.0178 3364 Browser - ok
09:42:45.0178 3364 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:42:45.0178 3364 Brserid - ok
09:42:45.0194 3364 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:42:45.0194 3364 BrSerWdm - ok
09:42:45.0209 3364 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:42:45.0209 3364 BrUsbMdm - ok
09:42:45.0209 3364 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:42:45.0209 3364 BrUsbSer - ok
09:42:45.0225 3364 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:42:45.0225 3364 BTHMODEM - ok
09:42:45.0241 3364 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:42:45.0241 3364 bthserv - ok
09:42:45.0334 3364 catchme - ok
09:42:45.0350 3364 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:42:45.0350 3364 cdfs - ok
09:42:45.0381 3364 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:42:45.0381 3364 cdrom - ok
09:42:45.0381 3364 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:42:45.0381 3364 CertPropSvc - ok
09:42:45.0397 3364 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
09:42:45.0397 3364 circlass - ok
09:42:45.0412 3364 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:42:45.0412 3364 CLFS - ok
09:42:45.0459 3364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:42:45.0459 3364 clr_optimization_v2.0.50727_32 - ok
09:42:45.0490 3364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:42:45.0490 3364 clr_optimization_v4.0.30319_32 - ok
09:42:45.0521 3364 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:42:45.0521 3364 CmBatt - ok
09:42:45.0521 3364 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:42:45.0521 3364 cmdide - ok
09:42:45.0553 3364 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:42:45.0568 3364 CNG - ok
09:42:45.0568 3364 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:42:45.0568 3364 Compbatt - ok
09:42:45.0584 3364 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:42:45.0584 3364 CompositeBus - ok
09:42:45.0584 3364 COMSysApp - ok
09:42:45.0599 3364 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:42:45.0599 3364 crcdisk - ok
09:42:45.0631 3364 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:42:45.0631 3364 CryptSvc - ok
09:42:45.0646 3364 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:42:45.0646 3364 CSC - ok
09:42:45.0662 3364 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:42:45.0662 3364 CscService - ok
09:42:45.0724 3364 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
09:42:45.0724 3364 CTDevice_Srv - ok
09:42:45.0755 3364 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
09:42:45.0755 3364 CTUPnPSv - ok
09:42:45.0802 3364 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:42:45.0818 3364 DcomLaunch - ok
09:42:45.0833 3364 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:42:45.0833 3364 defragsvc - ok
09:42:45.0849 3364 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:42:45.0849 3364 DfsC - ok
09:42:45.0865 3364 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:42:45.0865 3364 Dhcp - ok
09:42:45.0880 3364 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:42:45.0880 3364 discache - ok
09:42:45.0880 3364 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
09:42:45.0880 3364 Disk - ok
09:42:45.0911 3364 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:42:45.0911 3364 dmvsc - ok
09:42:45.0927 3364 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:42:45.0927 3364 Dnscache - ok
09:42:45.0943 3364 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:42:45.0943 3364 dot3svc - ok
09:42:45.0974 3364 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:42:45.0974 3364 Dot4 - ok
09:42:45.0989 3364 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:42:45.0989 3364 Dot4Print - ok
09:42:46.0021 3364 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:42:46.0021 3364 dot4usb - ok
09:42:46.0036 3364 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:42:46.0036 3364 DPS - ok
09:42:46.0052 3364 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:42:46.0052 3364 drmkaud - ok
09:42:46.0083 3364 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:42:46.0083 3364 DXGKrnl - ok
09:42:46.0099 3364 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:42:46.0099 3364 EapHost - ok
09:42:46.0161 3364 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
09:42:46.0177 3364 ebdrv - ok
09:42:46.0192 3364 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:42:46.0208 3364 EFS - ok
09:42:46.0239 3364 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:42:46.0239 3364 ehRecvr - ok
09:42:46.0239 3364 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:42:46.0239 3364 ehSched - ok
09:42:46.0255 3364 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:42:46.0255 3364 elxstor - ok
09:42:46.0270 3364 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:42:46.0270 3364 ErrDev - ok
09:42:46.0286 3364 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:42:46.0301 3364 EventSystem - ok
09:42:46.0301 3364 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:42:46.0301 3364 exfat - ok
09:42:46.0317 3364 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:42:46.0317 3364 fastfat - ok
09:42:46.0333 3364 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:42:46.0333 3364 Fax - ok
09:42:46.0348 3364 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
09:42:46.0348 3364 fdc - ok
09:42:46.0348 3364 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:42:46.0348 3364 fdPHost - ok
09:42:46.0364 3364 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:42:46.0364 3364 FDResPub - ok
09:42:46.0364 3364 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:42:46.0364 3364 FileInfo - ok
09:42:46.0379 3364 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:42:46.0379 3364 Filetrace - ok
09:42:46.0379 3364 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:42:46.0379 3364 flpydisk - ok
09:42:46.0395 3364 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:42:46.0395 3364 FltMgr - ok
09:42:46.0426 3364 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:42:46.0426 3364 FontCache - ok
09:42:46.0473 3364 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:42:46.0473 3364 FontCache3.0.0.0 - ok
09:42:46.0473 3364 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:42:46.0473 3364 FsDepends - ok
09:42:46.0489 3364 FSES - ok
09:42:46.0520 3364 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:42:46.0520 3364 Fs_Rec - ok
09:42:46.0535 3364 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:42:46.0535 3364 fvevol - ok
09:42:46.0551 3364 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:42:46.0551 3364 gagp30kx - ok
09:42:46.0582 3364 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:42:46.0582 3364 gpsvc - ok
09:42:46.0598 3364 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:42:46.0598 3364 hcw85cir - ok
09:42:46.0613 3364 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:42:46.0613 3364 HdAudAddService - ok
09:42:46.0613 3364 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:42:46.0613 3364 HDAudBus - ok
09:42:46.0629 3364 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:42:46.0629 3364 HidBatt - ok
09:42:46.0629 3364 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:42:46.0629 3364 HidBth - ok
09:42:46.0645 3364 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:42:46.0645 3364 HidIr - ok
09:42:46.0660 3364 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:42:46.0676 3364 hidserv - ok
09:42:46.0676 3364 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:42:46.0676 3364 HidUsb - ok
09:42:46.0707 3364 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:42:46.0723 3364 hkmsvc - ok
09:42:46.0738 3364 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:42:46.0738 3364 HomeGroupListener - ok
09:42:46.0769 3364 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:42:46.0769 3364 HomeGroupProvider - ok
09:42:46.0832 3364 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:42:46.0832 3364 hpqcxs08 - ok
09:42:46.0847 3364 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:42:46.0847 3364 hpqddsvc - ok
09:42:46.0863 3364 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:42:46.0863 3364 HpSAMD - ok
09:42:46.0879 3364 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:42:46.0879 3364 HPSLPSVC - ok
09:42:46.0894 3364 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:42:46.0910 3364 HTTP - ok
09:42:46.0910 3364 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:42:46.0910 3364 hwpolicy - ok
09:42:46.0925 3364 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:42:46.0925 3364 i8042prt - ok
09:42:46.0957 3364 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:42:46.0957 3364 iaStorV - ok
09:42:47.0003 3364 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:42:47.0003 3364 idsvc - ok
09:42:47.0035 3364 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:42:47.0035 3364 iirsp - ok
09:42:47.0050 3364 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:42:47.0050 3364 IKEEXT - ok
09:42:47.0066 3364 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:42:47.0066 3364 intelide - ok
09:42:47.0081 3364 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:42:47.0081 3364 intelppm - ok
09:42:47.0097 3364 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:42:47.0097 3364 IPBusEnum - ok
09:42:47.0097 3364 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:42:47.0097 3364 IpFilterDriver - ok
09:42:47.0113 3364 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:42:47.0128 3364 iphlpsvc - ok
09:42:47.0128 3364 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:42:47.0128 3364 IPMIDRV - ok
09:42:47.0144 3364 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:42:47.0144 3364 IPNAT - ok
09:42:47.0159 3364 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:42:47.0159 3364 IRENUM - ok
09:42:47.0159 3364 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:42:47.0159 3364 isapnp - ok
09:42:47.0191 3364 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:42:47.0191 3364 iScsiPrt - ok
09:42:47.0191 3364 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:42:47.0191 3364 kbdclass - ok
09:42:47.0206 3364 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:42:47.0206 3364 kbdhid - ok
09:42:47.0206 3364 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:42:47.0206 3364 KeyIso - ok
09:42:47.0237 3364 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:42:47.0237 3364 KSecDD - ok
09:42:47.0237 3364 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:42:47.0237 3364 KSecPkg - ok
09:42:47.0269 3364 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:42:47.0269 3364 KtmRm - ok
09:42:47.0300 3364 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:42:47.0300 3364 LanmanServer - ok
09:42:47.0315 3364 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:42:47.0315 3364 LanmanWorkstation - ok
09:42:47.0315 3364 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:42:47.0331 3364 lltdio - ok
09:42:47.0347 3364 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:42:47.0347 3364 lltdsvc - ok
09:42:47.0347 3364 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:42:47.0347 3364 lmhosts - ok
09:42:47.0362 3364 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:42:47.0362 3364 LSI_FC - ok
09:42:47.0378 3364 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:42:47.0378 3364 LSI_SAS - ok
09:42:47.0393 3364 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:42:47.0393 3364 LSI_SAS2 - ok
09:42:47.0393 3364 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:42:47.0409 3364 LSI_SCSI - ok
09:42:47.0409 3364 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:42:47.0409 3364 luafv - ok
09:42:47.0440 3364 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:42:47.0440 3364 Mcx2Svc - ok
09:42:47.0456 3364 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
09:42:47.0456 3364 megasas - ok
09:42:47.0487 3364 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:42:47.0487 3364 MegaSR - ok
09:42:47.0549 3364 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:42:47.0549 3364 Microsoft Office Groove Audit Service - ok
09:42:47.0565 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:42:47.0565 3364 MMCSS - ok
09:42:47.0581 3364 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:42:47.0596 3364 Modem - ok
09:42:47.0612 3364 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:42:47.0612 3364 monitor - ok
09:42:47.0612 3364 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:42:47.0612 3364 mouclass - ok
09:42:47.0627 3364 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:42:47.0627 3364 mouhid - ok
09:42:47.0643 3364 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:42:47.0643 3364 mountmgr - ok
09:42:47.0674 3364 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:42:47.0674 3364 MozillaMaintenance - ok
09:42:47.0690 3364 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:42:47.0690 3364 mpio - ok
09:42:47.0705 3364 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:42:47.0721 3364 mpsdrv - ok
09:42:47.0752 3364 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:42:47.0752 3364 MpsSvc - ok
09:42:47.0768 3364 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:42:47.0768 3364 MRxDAV - ok
09:42:47.0799 3364 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:42:47.0799 3364 mrxsmb - ok
09:42:47.0830 3364 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:42:47.0830 3364 mrxsmb10 - ok
09:42:47.0846 3364 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:42:47.0846 3364 mrxsmb20 - ok
09:42:47.0861 3364 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:42:47.0861 3364 msahci - ok
09:42:47.0877 3364 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:42:47.0877 3364 msdsm - ok
09:42:47.0893 3364 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:42:47.0893 3364 MSDTC - ok
09:42:47.0893 3364 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:42:47.0908 3364 Msfs - ok
09:42:47.0908 3364 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:42:47.0908 3364 mshidkmdf - ok
09:42:47.0924 3364 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:42:47.0924 3364 msisadrv - ok
09:42:47.0939 3364 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:42:47.0939 3364 MSiSCSI - ok
09:42:47.0955 3364 msiserver - ok
09:42:47.0971 3364 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:42:47.0971 3364 MSKSSRV - ok
09:42:47.0971 3364 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:42:47.0971 3364 MSPCLOCK - ok
09:42:47.0986 3364 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:42:47.0986 3364 MSPQM - ok
09:42:48.0002 3364 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:42:48.0002 3364 MsRPC - ok
09:42:48.0017 3364 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:42:48.0017 3364 mssmbios - ok
09:42:48.0017 3364 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:42:48.0017 3364 MSTEE - ok
09:42:48.0033 3364 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:42:48.0033 3364 MTConfig - ok
09:42:48.0064 3364 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:42:48.0064 3364 MTsensor - ok
09:42:48.0064 3364 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:42:48.0080 3364 Mup - ok
09:42:48.0111 3364 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:42:48.0111 3364 napagent - ok
09:42:48.0127 3364 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:42:48.0127 3364 NativeWifiP - ok
09:42:48.0158 3364 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
09:42:48.0158 3364 NAUpdate - ok
09:42:48.0205 3364 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:42:48.0205 3364 NDIS - ok
09:42:48.0220 3364 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:48.0220 3364 NdisCap - ok
09:42:48.0220 3364 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:48.0220 3364 NdisTapi - ok
09:42:48.0236 3364 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:48.0236 3364 Ndisuio - ok
09:42:48.0236 3364 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:48.0251 3364 NdisWan - ok
09:42:48.0251 3364 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:42:48.0251 3364 NDProxy - ok
09:42:48.0267 3364 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:42:48.0267 3364 Net Driver HPZ12 - ok
09:42:48.0267 3364 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:42:48.0267 3364 NetBIOS - ok
09:42:48.0283 3364 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:42:48.0283 3364 NetBT - ok
09:42:48.0298 3364 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:42:48.0298 3364 Netlogon - ok
09:42:48.0314 3364 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:42:48.0329 3364 Netman - ok
09:42:48.0329 3364 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:42:48.0329 3364 netprofm - ok
09:42:48.0345 3364 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:42:48.0345 3364 NetTcpPortSharing - ok
09:42:48.0361 3364 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:42:48.0361 3364 nfrd960 - ok
09:42:48.0376 3364 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:42:48.0376 3364 NlaSvc - ok
09:42:48.0392 3364 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:42:48.0392 3364 Npfs - ok
09:42:48.0392 3364 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:42:48.0407 3364 nsi - ok
09:42:48.0407 3364 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:42:48.0407 3364 nsiproxy - ok
09:42:48.0454 3364 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:42:48.0454 3364 Ntfs - ok
09:42:48.0454 3364 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:42:48.0454 3364 Null - ok
09:42:48.0470 3364 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:42:48.0470 3364 nvraid - ok
09:42:48.0501 3364 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:42:48.0501 3364 nvstor - ok
09:42:48.0501 3364 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:42:48.0501 3364 nv_agp - ok
09:42:48.0548 3364 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:42:48.0548 3364 odserv - ok
09:42:48.0563 3364 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:42:48.0563 3364 ohci1394 - ok
09:42:48.0595 3364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:42:48.0595 3364 ose - ok
09:42:48.0610 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:42:48.0610 3364 p2pimsvc - ok
09:42:48.0626 3364 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:42:48.0626 3364 p2psvc - ok
09:42:48.0641 3364 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:42:48.0641 3364 Parport - ok
09:42:48.0673 3364 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:42:48.0673 3364 partmgr - ok
09:42:48.0688 3364 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:42:48.0688 3364 Parvdm - ok
09:42:48.0688 3364 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:42:48.0688 3364 PcaSvc - ok
09:42:48.0704 3364 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:42:48.0704 3364 pci - ok
09:42:48.0719 3364 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:42:48.0719 3364 pciide - ok
09:42:48.0735 3364 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:42:48.0735 3364 pcmcia - ok
09:42:48.0751 3364 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:42:48.0751 3364 pcw - ok
09:42:48.0766 3364 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:42:48.0782 3364 PEAUTH - ok
09:42:48.0813 3364 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:42:48.0813 3364 PeerDistSvc - ok
09:42:48.0829 3364 [ 4A108CC9CC0E0605E68CCE7021479879 ] PenClass C:\Windows\system32\Drivers\PenClass.sys
09:42:48.0829 3364 PenClass - ok
09:42:48.0875 3364 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:42:48.0891 3364 pla - ok
09:42:48.0907 3364 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:42:48.0922 3364 PlugPlay - ok
09:42:48.0922 3364 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:42:48.0922 3364 Pml Driver HPZ12 - ok
09:42:48.0938 3364 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:42:48.0938 3364 PNRPAutoReg - ok
09:42:48.0938 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:42:48.0938 3364 PNRPsvc - ok
09:42:48.0969 3364 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:42:48.0969 3364 PolicyAgent - ok
09:42:49.0000 3364 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:42:49.0000 3364 Power - ok
09:42:49.0016 3364 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:42:49.0016 3364 PptpMiniport - ok
09:42:49.0031 3364 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
09:42:49.0031 3364 Processor - ok
09:42:49.0063 3364 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:42:49.0063 3364 ProfSvc - ok
09:42:49.0078 3364 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:42:49.0078 3364 ProtectedStorage - ok
09:42:49.0094 3364 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:42:49.0094 3364 Psched - ok
09:42:49.0125 3364 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:42:49.0141 3364 ql2300 - ok
09:42:49.0156 3364 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:42:49.0156 3364 ql40xx - ok
09:42:49.0172 3364 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:42:49.0172 3364 QWAVE - ok
09:42:49.0172 3364 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:42:49.0172 3364 QWAVEdrv - ok
09:42:49.0187 3364 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:42:49.0187 3364 RasAcd - ok
09:42:49.0219 3364 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:42:49.0219 3364 RasAgileVpn - ok
09:42:49.0219 3364 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:42:49.0219 3364 RasAuto - ok
09:42:49.0234 3364 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:42:49.0234 3364 Rasl2tp - ok
09:42:49.0250 3364 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:42:49.0250 3364 RasMan - ok
09:42:49.0265 3364 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:42:49.0265 3364 RasPppoe - ok
09:42:49.0265 3364 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:42:49.0265 3364 RasSstp - ok
09:42:49.0281 3364 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:42:49.0281 3364 rdbss - ok
09:42:49.0297 3364 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:42:49.0297 3364 rdpbus - ok
09:42:49.0297 3364 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:42:49.0312 3364 RDPCDD - ok
09:42:49.0328 3364 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:42:49.0328 3364 RDPDR - ok
09:42:49.0343 3364 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:42:49.0343 3364 RDPENCDD - ok
09:42:49.0343 3364 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:42:49.0343 3364 RDPREFMP - ok
09:42:49.0359 3364 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:42:49.0359 3364 RdpVideoMiniport - ok
09:42:49.0390 3364 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:42:49.0390 3364 RDPWD - ok
09:42:49.0421 3364 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:42:49.0421 3364 rdyboost - ok
09:42:49.0437 3364 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:42:49.0453 3364 RemoteAccess - ok
09:42:49.0453 3364 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:42:49.0468 3364 RemoteRegistry - ok
09:42:49.0468 3364 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:42:49.0468 3364 RpcEptMapper - ok
09:42:49.0468 3364 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:42:49.0484 3364 RpcLocator - ok
09:42:49.0499 3364 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:42:49.0499 3364 RpcSs - ok
09:42:49.0515 3364 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:42:49.0515 3364 rspndr - ok
09:42:49.0546 3364 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:42:49.0546 3364 RTL8167 - ok
09:42:49.0577 3364 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:42:49.0577 3364 s3cap - ok
09:42:49.0593 3364 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:42:49.0593 3364 SamSs - ok
09:42:49.0609 3364 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:42:49.0609 3364 sbp2port - ok
09:42:49.0640 3364 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:42:49.0640 3364 SCardSvr - ok
09:42:49.0655 3364 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:42:49.0655 3364 scfilter - ok
09:42:49.0671 3364 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:42:49.0687 3364 Schedule - ok
09:42:49.0687 3364 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:42:49.0687 3364 SCPolicySvc - ok
09:42:49.0702 3364 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:42:49.0718 3364 SDRSVC - ok
09:42:49.0718 3364 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:42:49.0718 3364 secdrv - ok
09:42:49.0733 3364 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:42:49.0733 3364 seclogon - ok
09:42:49.0749 3364 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:42:49.0749 3364 SENS - ok
09:42:49.0765 3364 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:42:49.0765 3364 SensrSvc - ok
09:42:49.0780 3364 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:42:49.0780 3364 Serenum - ok
09:42:49.0780 3364 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:42:49.0780 3364 Serial - ok
09:42:49.0796 3364 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:42:49.0796 3364 sermouse - ok
09:42:49.0811 3364 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:42:49.0811 3364 SessionEnv - ok
09:42:49.0827 3364 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:42:49.0827 3364 sffdisk - ok
09:42:49.0827 3364 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:42:49.0827 3364 sffp_mmc - ok
09:42:49.0843 3364 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:42:49.0843 3364 sffp_sd - ok
09:42:49.0843 3364 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:42:49.0843 3364 sfloppy - ok
09:42:49.0858 3364 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:42:49.0858 3364 SharedAccess - ok
09:42:49.0889 3364 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:42:49.0889 3364 ShellHWDetection - ok
09:42:49.0889 3364 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:42:49.0889 3364 sisagp - ok
09:42:49.0905 3364 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:42:49.0905 3364 SiSRaid2 - ok
09:42:49.0921 3364 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:42:49.0921 3364 SiSRaid4 - ok
09:42:49.0952 3364 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:42:49.0952 3364 SkypeUpdate - ok
09:42:49.0952 3364 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:42:49.0952 3364 Smb - ok
09:42:49.0983 3364 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:42:49.0983 3364 SNMPTRAP - ok
09:42:49.0999 3364 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:42:49.0999 3364 spldr - ok
09:42:50.0030 3364 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:42:50.0045 3364 Spooler - ok
09:42:50.0108 3364 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:42:50.0123 3364 sppsvc - ok
09:42:50.0139 3364 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:42:50.0139 3364 sppuinotify - ok
09:42:50.0170 3364 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:42:50.0170 3364 srv - ok
09:42:50.0201 3364 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:42:50.0201 3364 srv2 - ok
09:42:50.0217 3364 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:42:50.0233 3364 srvnet - ok
09:42:50.0264 3364 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:42:50.0264 3364 SSDPSRV - ok
09:42:50.0279 3364 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:42:50.0295 3364 SstpSvc - ok
09:42:50.0311 3364 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:42:50.0311 3364 stexstor - ok
09:42:50.0326 3364 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:42:50.0342 3364 StiSvc - ok
09:42:50.0357 3364 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:42:50.0357 3364 storflt - ok
09:42:50.0373 3364 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:42:50.0373 3364 storvsc - ok
09:42:50.0389 3364 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:42:50.0389 3364 swenum - ok
09:42:50.0404 3364 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:42:50.0404 3364 swprv - ok
09:42:50.0420 3364 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
09:42:50.0420 3364 Synth3dVsc - ok
09:42:50.0435 3364 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:42:50.0451 3364 SysMain - ok
09:42:50.0467 3364 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:42:50.0467 3364 TabletInputService - ok
09:42:50.0623 3364 [ 304CE920C3145BB8EA06AA25E903368A ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
09:42:50.0638 3364 TabletServiceWacom - ok
09:42:50.0654 3364 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:42:50.0654 3364 TapiSrv - ok
09:42:50.0669 3364 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:42:50.0669 3364 TBS - ok
09:42:50.0732 3364 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:42:50.0747 3364 Tcpip - ok
09:42:50.0763 3364 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:42:50.0763 3364 TCPIP6 - ok
09:42:50.0779 3364 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:42:50.0779 3364 tcpipreg - ok
09:42:50.0810 3364 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:42:50.0810 3364 TDPIPE - ok
09:42:50.0825 3364 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:42:50.0825 3364 TDTCP - ok
09:42:50.0841 3364 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:42:50.0841 3364 tdx - ok
09:42:50.0857 3364 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:42:50.0857 3364 TermDD - ok
09:42:50.0872 3364 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
09:42:50.0872 3364 terminpt - ok
09:42:50.0872 3364 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:42:50.0888 3364 TermService - ok
09:42:50.0903 3364 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:42:50.0903 3364 Themes - ok
09:42:50.0919 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:42:50.0919 3364 THREADORDER - ok
09:42:50.0935 3364 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:42:50.0935 3364 TrkWks - ok
09:42:50.0981 3364 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:42:50.0997 3364 TrustedInstaller - ok
09:42:51.0013 3364 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:42:51.0013 3364 tssecsrv - ok
09:42:51.0028 3364 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:42:51.0044 3364 TsUsbFlt - ok
09:42:51.0059 3364 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:42:51.0059 3364 TsUsbGD - ok
09:42:51.0059 3364 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
09:42:51.0059 3364 tsusbhub - ok
09:42:51.0075 3364 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:42:51.0075 3364 tunnel - ok
09:42:51.0091 3364 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:42:51.0091 3364 uagp35 - ok
09:42:51.0106 3364 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:42:51.0106 3364 udfs - ok
09:42:51.0122 3364 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:42:51.0122 3364 UI0Detect - ok
09:42:51.0137 3364 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:42:51.0137 3364 uliagpkx - ok
09:42:51.0137 3364 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:42:51.0137 3364 umbus - ok
09:42:51.0153 3364 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
09:42:51.0153 3364 UmPass - ok
09:42:51.0184 3364 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:42:51.0184 3364 UmRdpService - ok
09:42:51.0200 3364 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:42:51.0200 3364 upnphost - ok
09:42:51.0231 3364 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:42:51.0231 3364 usbccgp - ok
09:42:51.0247 3364 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:42:51.0247 3364 usbcir - ok
09:42:51.0262 3364 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:42:51.0262 3364 usbehci - ok
09:42:51.0278 3364 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:42:51.0278 3364 usbhub - ok
09:42:51.0309 3364 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:42:51.0309 3364 usbohci - ok
09:42:51.0309 3364 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:42:51.0309 3364 usbprint - ok
09:42:51.0340 3364 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:42:51.0340 3364 usbscan - ok
09:42:51.0371 3364 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:42:51.0371 3364 USBSTOR - ok
09:42:51.0403 3364 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:42:51.0403 3364 usbuhci - ok
09:42:51.0418 3364 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:42:51.0434 3364 UxSms - ok
09:42:51.0449 3364 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:42:51.0449 3364 VaultSvc - ok
09:42:51.0465 3364 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:42:51.0465 3364 vdrvroot - ok
09:42:51.0496 3364 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:42:51.0496 3364 vds - ok
09:42:51.0512 3364 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:42:51.0512 3364 vga - ok
09:42:51.0512 3364 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:42:51.0527 3364 VgaSave - ok
09:42:51.0527 3364 VGPU - ok
09:42:51.0543 3364 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:42:51.0543 3364 vhdmp - ok
09:42:51.0559 3364 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:42:51.0559 3364 viaagp - ok
09:42:51.0559 3364 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:42:51.0559 3364 ViaC7 - ok
09:42:51.0574 3364 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:42:51.0574 3364 viaide - ok
09:42:51.0590 3364 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:42:51.0590 3364 vmbus - ok
09:42:51.0605 3364 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:42:51.0605 3364 VMBusHID - ok
09:42:51.0605 3364 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:42:51.0605 3364 volmgr - ok
09:42:51.0637 3364 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:42:51.0637 3364 volmgrx - ok
09:42:51.0652 3364 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:42:51.0652 3364 volsnap - ok
09:42:51.0652 3364 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:42:51.0652 3364 vsmraid - ok
09:42:51.0683 3364 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:42:51.0699 3364 VSS - ok
09:42:51.0699 3364 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:42:51.0699 3364 vwifibus - ok
09:42:51.0730 3364 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:42:51.0746 3364 W32Time - ok
09:42:51.0777 3364 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
09:42:51.0777 3364 wacmoumonitor - ok
09:42:51.0808 3364 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
09:42:51.0808 3364 wacommousefilter - ok
09:42:51.0808 3364 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:42:51.0808 3364 WacomPen - ok
09:42:51.0839 3364 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
09:42:51.0839 3364 wacomvhid - ok
09:42:51.0839 3364 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:42:51.0839 3364 WANARP - ok
09:42:51.0855 3364 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:42:51.0855 3364 Wanarpv6 - ok
09:42:51.0886 3364 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:42:51.0886 3364 wbengine - ok
09:42:51.0902 3364 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:42:51.0902 3364 WbioSrvc - ok
09:42:51.0917 3364 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:42:51.0917 3364 wcncsvc - ok
09:42:51.0933 3364 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:42:51.0933 3364 WcsPlugInService - ok
09:42:51.0949 3364 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
09:42:51.0949 3364 Wd - ok
09:42:51.0964 3364 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:42:51.0964 3364 Wdf01000 - ok
09:42:51.0980 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:42:51.0980 3364 WdiServiceHost - ok
09:42:51.0980 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:42:51.0980 3364 WdiSystemHost - ok
09:42:51.0995 3364 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:42:51.0995 3364 WebClient - ok
09:42:52.0011 3364 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:42:52.0011 3364 Wecsvc - ok
09:42:52.0027 3364 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:42:52.0027 3364 wercplsupport - ok
09:42:52.0042 3364 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:42:52.0042 3364 WerSvc - ok
09:42:52.0042 3364 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:42:52.0042 3364 WfpLwf - ok
09:42:52.0042 3364 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:42:52.0042 3364 WIMMount - ok
09:42:52.0089 3364 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:42:52.0089 3364 WinDefend - ok
09:42:52.0105 3364 WinHttpAutoProxySvc - ok
09:42:52.0151 3364 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:42:52.0151 3364 Winmgmt - ok
09:42:52.0198 3364 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:42:52.0214 3364 WinRM - ok
09:42:52.0229 3364 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:42:52.0229 3364 WinUsb - ok
09:42:52.0261 3364 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:42:52.0261 3364 Wlansvc - ok
09:42:52.0354 3364 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:42:52.0370 3364 wlidsvc - ok
09:42:52.0370 3364 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:42:52.0370 3364 WmiAcpi - ok
09:42:52.0385 3364 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:42:52.0385 3364 wmiApSrv - ok
09:42:52.0417 3364 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:42:52.0432 3364 WMPNetworkSvc - ok
09:42:52.0432 3364 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:42:52.0432 3364 WPCSvc - ok
09:42:52.0448 3364 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:42:52.0448 3364 WPDBusEnum - ok
09:42:52.0463 3364 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:42:52.0463 3364 ws2ifsl - ok
09:42:52.0463 3364 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:42:52.0463 3364 wscsvc - ok
09:42:52.0479 3364 WSearch - ok
09:42:52.0541 3364 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:42:52.0573 3364 wuauserv - ok
09:42:52.0588 3364 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:42:52.0588 3364 WudfPf - ok
09:42:52.0588 3364 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:42:52.0588 3364 WUDFRd - ok
09:42:52.0604 3364 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:42:52.0604 3364 wudfsvc - ok
09:42:52.0619 3364 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:42:52.0635 3364 WwanSvc - ok
09:42:52.0635 3364 ================ Scan global ===============================
09:42:52.0651 3364 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:42:52.0666 3364 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:42:52.0682 3364 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:42:52.0697 3364 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:42:52.0713 3364 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:42:52.0713 3364 [Global] - ok
09:42:52.0729 3364 ================ Scan MBR ==================================
09:42:52.0729 3364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:42:53.0025 3364 \Device\Harddisk0\DR0 - ok
09:42:53.0025 3364 ================ Scan VBR ==================================
09:42:53.0025 3364 [ 75D523FC7BE23A6F97EE925BA671F079 ] \Device\Harddisk0\DR0\Partition1
09:42:53.0025 3364 \Device\Harddisk0\DR0\Partition1 - ok
09:42:53.0025 3364 [ 95FAE4C443207004B3BAA8EE2FAC35AE ] \Device\Harddisk0\DR0\Partition2
09:42:53.0025 3364 \Device\Harddisk0\DR0\Partition2 - ok
09:42:53.0025 3364 ============================================================
09:42:53.0025 3364 Scan finished
09:42:53.0025 3364 ============================================================
09:42:53.0041 4024 Detected object count: 0
09:42:53.0041 4024 Actual detected object count: 0


aswMBR-log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 09:45:10
-----------------------------
09:45:10.005 OS Version: Windows 6.1.7601 Service Pack 1
09:45:10.005 Number of processors: 2 586 0x603
09:45:10.005 ComputerName: JENNI-PC UserName: Jenni
09:45:18.538 Initialize success
09:48:01.848 AVAST engine defs: 12082501
09:49:37.601 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:49:37.601 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
09:49:37.617 Disk 0 MBR read successfully
09:49:37.632 Disk 0 MBR scan
09:49:37.648 Disk 0 Windows 7 default MBR code
09:49:37.648 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:49:37.664 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
09:49:37.679 Disk 0 scanning sectors +1953521664
09:49:37.726 Disk 0 scanning C:\Windows\system32\drivers
09:49:43.280 Service scanning
09:49:55.728 Modules scanning
09:49:58.427 Disk 0 trace - called modules:
09:49:58.443
09:49:59.738 AVAST engine scan C:\Windows
09:50:02.312 AVAST engine scan C:\Windows\system32
09:51:41.404 AVAST engine scan C:\Windows\system32\drivers
09:51:50.390 AVAST engine scan C:\Users\Jenni
10:01:42.629 AVAST engine scan C:\ProgramData
10:02:51.862 Scan finished successfully
10:09:28.400 Disk 0 MBR has been saved successfully to "C:\Users\Jenni\Desktop\MBR.dat"
10:09:28.400 The log file has been saved successfully to "C:\Users\Jenni\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 26 August 2012 - 04:00 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 26 August 2012 - 05:36 AM

ComboFix 12-08-25.04 - Jenni 26.08.2012 13:24:40.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.3326.2491 [GMT 3:00]
Sijainti: c:\users\Jenni\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Jenni\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-26 to 2012-08-26 )))))))))))))))))
.
.
2012-08-26 10:27 . 2012-08-26 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\users\Jenni\AppData\Roaming\Malwarebytes
2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 16:00 . 2012-08-25 09:55 -------- d-----w- c:\users\Jenni\AppData\Local\Diagnostics
2012-08-17 15:07 . 2012-08-17 15:37 -------- d-----w- c:\programdata\clp
2012-08-17 12:13 . 2012-08-17 12:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-07 13:26 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BC902D4-C44F-4DC6-87F7-B792AAE0261E}\mpengine.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 12:17 . 2012-04-21 11:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 12:17 . 2011-07-04 14:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 17:59 . 2012-06-06 17:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-14 09:16 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-14 09:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-14 09:16 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 17:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:08 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-22 17:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12 . 2012-06-22 17:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-14 09:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-14 09:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-14 09:16 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-14 09:16 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-14 09:16 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 09:25 . 2011-03-18 15:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 10:04 . 2011-03-23 15:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero-päivitys;c:\program files\Nero\Update\NASvc.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S3 RTL8167;Realtek 8167 NT -ohjain;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - 08903059
*NewlyCreated* - ASWMBR
*Deregistered* - 08903059
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\bmdj0l7d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B15c1b9aa-b0ab-4902-8f20-40835b32cded%7D&mid=6a7deb92337347d18c646de783b9f1fb-024d3321f35be31a9a194dcf3d8958af99c4efd8&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-10%2016%3A32%3A02&sap=ku&q=
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2012-08-26 13:28:38
ComboFix-quarantined-files.txt 2012-08-26 10:28
ComboFix2.txt 2012-08-25 10:58
.
Ennen ajoa: 915 656 093 696 tavua vapaana
Ajon jälkeen: 915 498 078 208 tavua vapaana
.
- - End Of File - - D877A31B324529F82DC3F9DB4F405271


When I opened my computer; it seemed to work normally, but after this lates I thing I did to it: again every program I try to open: Tried illegal function to registerkey, which is marked to be removed.
Should I now restart the computer? The combofix didn't inform to do it, it just ran the scan and gave report/log.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 26 August 2012 - 06:04 AM

Greetings


yes it is in my instructions that if you get that error to restart the computer



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.2 - Suomi
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 26 August 2012 - 07:40 AM

Log from MBAM:

Malwarebytes Anti-Malware (Kokeiluversio) 1.62.0.1300
www.malwarebytes.org

Tietokantaversio: v2012.08.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Jenni :: JENNI-PC [järjestelmänvalvoja]

Suojaus: Poistettu käytöstä

26.8.2012 16:30:23
mbam-log-2012-08-26 (16-30-23).txt

Tarkistustyyppi: Pikatarkistus
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 193445
Kulunut aika: 2 minuutti(a), 17 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0
(Ei haitallisia kohteita)

(loppu)

Log/report from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:11, on 26.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Jenni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jenni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Näytä tai piilota HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP CUE DeviceDiscovery -palvelu (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 21029 bytes

After doing those things you now told to do; it seems like the computer is working normally now.

Edited by Zinny-chan, 26 August 2012 - 08:59 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 26 August 2012 - 03:32 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Zinny-chan

Zinny-chan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Finland
  • Local time:06:39 AM

Posted 28 August 2012 - 10:48 AM

Hi again.

Here is the Eset-report:

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FC trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users