Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files freezing if opened a long time and hard to shutdown?


  • This topic is locked This topic is locked
46 replies to this topic

#1 adamsapple

adamsapple

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 19 September 2012 - 07:43 AM

Hi Gringo,

I have been having problems with the files freezing or slow to close when opened for extended periods of time. Have recently upgraded my Ram from 1gb to 5gb if that has any impact. The Germ software was causing problems with my computer so we have omitted that file. I am copy pasting bothe DDS and the DDS Attach file as there is no attachment section on this post.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by George Malz at 8:10:51 on 2012-09-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2558.1116 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
uRun: [cdloader] "c:\users\george malz\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\george malz\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [<NO NAME>]
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/TrueInstall.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{333FDF29-BDF6-4E3D-883C-298B87260CEB} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14597
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BB4E3CAC-7AC8-4E33-A71B-36C2493120C1&apn_ptnrs=&apn_sauid=660BEE69-56DA-42A5-A9D3-AC28CBC22A5F&apn_dtid=&&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60323
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\george malz\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\george malz\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 399432]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-12 676936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-21 22856]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-4-7 24880]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-3 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-31 25704]
S4 avgarcln;SMNDIS5;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 avgtdi;Nmraapache;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 mks_scan;S24eventmonitor;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 mksupdateint;Genmcmn;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S4 symantecantibotdriver;Epgspooler;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-09-18 07:48:55 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5f73ccc0-f7a8-478f-b146-d4769f991d20}\offreg.dll
2012-09-18 07:48:12 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5f73ccc0-f7a8-478f-b146-d4769f991d20}\mpengine.dll
2012-09-13 19:55:30 -------- d-----w- c:\program files\Microsoft
2012-09-12 06:26:03 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 06:26:03 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:26:02 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:26:02 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:26:02 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:26:01 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-20 12:22:20 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-08-20 12:20:58 -------- d-----w- c:\program files\common files\XCPCSync.OEM
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 8:11:07.72 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/10/2010 4:31:13 PM
System Uptime: 17/09/2012 8:45:46 PM (12 hours ago)
.
Motherboard: EVGA | | nForce 750i SLI
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 86.563 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP300: 28/08/2012 3:04:24 AM - Windows Update
RP301: 04/09/2012 3:05:29 AM - Windows Update
RP302: 07/09/2012 4:24:19 AM - Windows Update
RP303: 11/09/2012 4:42:06 AM - Windows Update
RP304: 12/09/2012 3:00:14 AM - Windows Update
RP305: 18/09/2012 3:47:37 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3ivX MPEG-4 5.0.1 Video CODEC
7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.4)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bing Bar
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Brother MFL-Pro Suite MFC-465CN
CamStudio OSS Desktop Recorder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
DivX Author 1.5
DivX Version Checker
EASEUS Data Recovery Wizard Professional 5.5.1
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Image Resizer Powertoy Clone for Windows
iTunes
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
K-Lite Codec Pack 6.1.0 (Basic)
LG Burning Tools
LG CyberLink PowerDVD 7.0
LG Power Tools
magicJack
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PDF Settings
PixiePack Codec Pack
Quick Media Converter
QuickTime
RapidShare Manager 2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RemoteComms External Disk Access
Revo Uninstaller 1.93
RTEQ v4.10
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
SolveigMM AVI Trimmer
SweetIM for Messenger 3.6
SweetPacks Toolbar for Internet Explorer 4.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager for SweetPacks 1.0
VCRedistSetup
VLC media player 1.1.7
WinPatrol
WiseConvert Toolbar
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
18/09/2012 8:10:18 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
18/09/2012 7:23:33 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
17/09/2012 8:46:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
17/09/2012 8:46:06 PM, Error: Service Control Manager [7023] - The Vcsw service terminated with the following error: The specified module could not be found.
17/09/2012 8:46:06 PM, Error: Service Control Manager [7023] - The Pdlnemap service terminated with the following error: The specified module could not be found.
17/09/2012 6:44:10 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 PM

Posted 19 September 2012 - 12:40 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 19 September 2012 - 04:04 PM

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 16:48:15
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : George Malz - GEORGEMALZ-PC
# Boot Mode : Normal
# Running from : C:\Users\George Malz\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\searchplugins\Askcom.xml
File Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\searchplugins\Conduit.xml
File Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\WiseConvert
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\George Malz\AppData\Local\APN
Folder Deleted : C:\Users\George Malz\AppData\Local\Conduit
Folder Deleted : C:\Users\George Malz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\George Malz\AppData\Local\SanctionedMedia
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\George Malz\AppData\LocalLow\WiseConvert
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\Conduit
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\ConduitCommon
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\CT2801948
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\SweetPacksToolbarData
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B3AA161-257E-4DD4-B1BC-FA02E31B24E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12BA7A3D-A756-431B-B82A-FE754B9FD40C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\WiseConvert
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com

-\\ Mozilla Firefox v5.0 (en-US)

Profile name : default
File : C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\prefs.js

C:\Users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\user.js ... Deleted !

Deleted : user_pref("CT2801948..clientLogIsEnabled", true);
Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2801948.CTID", "CT2801948");
Deleted : user_pref("CT2801948.CurrentServerDate", "18-1-2012");
Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Tue Apr 17 2012 08:09:24 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Tue Apr 17 2012 08:09:22 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2801948.FirstServerDate", "22-2-2011");
Deleted : user_pref("CT2801948.FirstTime", true);
Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Deleted : user_pref("CT2801948.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2801948.Initialize", true);
Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2801948.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2801948.InstalledDate", "Mon Feb 21 2011 16:06:11 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2801948.InvalidateCache", false);
Deleted : user_pref("CT2801948.IsAlertDBUpdated", true);
Deleted : user_pref("CT2801948.IsGrouping", false);
Deleted : user_pref("CT2801948.IsMulticommunity", false);
Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Tue Apr 17 2012 08:09:23 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2801948.LastLogin_3.2.5.2", "Fri Jun 17 2011 14:32:33 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2801948.LastLogin_3.5.0.12", "Wed Aug 24 2011 13:47:59 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2801948.LastLogin_3.6.0.10", "Tue Dec 20 2011 17:50:01 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT2801948.LastLogin_3.7.0.6", "Mon Jan 16 2012 09:44:19 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2801948.LastLogin_3.9.0.3", "Thu Mar 22 2012 11:54:31 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2801948.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2801948.Locale", "en-us");
Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Deleted : user_pref("CT2801948.RadioLastCheckTime", "Tue Apr 17 2012 08:09:23 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Deleted : user_pref("CT2801948.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2801948.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2801948.SearchEngineBeforeUnload", "Yahoo-FileServe");
Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Thu Mar 22 2012 11:54:30 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2801948.SearchProtectorEnabled", false);
Deleted : user_pref("CT2801948.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Wed Sep 19 2012 16:47:27 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Tue Apr 17 2012 08:09:22 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2801948.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 18:28:06 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2801948.UserID", "UN33668691067707235");
Deleted : user_pref("CT2801948.ValidationData_Search", 2);
Deleted : user_pref("CT2801948.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2801948.WeatherNetwork", "");
Deleted : user_pref("CT2801948.WeatherPollDate", "Tue Apr 17 2012 08:09:23 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2801948.WeatherUnit", "C");
Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Deleted : user_pref("CT2801948.components.1000234", true);
Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Tue Apr 17 2012 08:09:24 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.initDone", true);
Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2801948.isFirstRadioInstallation", false);
Deleted : user_pref("CT2801948.myStuffEnabled", true);
Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129[...]
Deleted : user_pref("CT2801948.revertSettingsEnabled", false);
Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.testingCtid", "");
Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Tue Apr 17 2012 08:09:24 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Thu Apr 05 2012 10:56:50 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2801948.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/CA", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CA", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_en");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\George Malz\\AppData\\Roaming\\Mozi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2801948");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "nch_en");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 17 2011 10:32:26 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 17 2011 10:32:26 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "c5c0694d-fa5c-4664-b732-e5b056a92c54");
Deleted : user_pref("CommunityToolbar.globalUserId", "d64d8889-c873-465e-8d8b-4422df7f8026");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 19 2012 16:47:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Sep 19 2012 16:47:35 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 19 2012 16:47:27 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "0826c963-5d11-46d5-9e1d-9e396f46c7e8");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14597");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://fileservehome.com/?prt=fileservetb02ff[...]
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.enabledAddons", "{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0,{CAFEEFAC-0016-000[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "19");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{8800D83B-40E0-4EA8-BE87-FB54CE3DA765}");

Profile name : default
File : C:\Users\AlexanderNatalia\AppData\Roaming\Mozilla\Firefox\Profiles\mwpdeb5x.default\prefs.js

C:\Users\AlexanderNatalia\AppData\Roaming\Mozilla\Firefox\Profiles\mwpdeb5x.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\George Malz\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://www.ask.com/?l=dis&o=14597cr",
Deleted [l.20] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/?ui=2&shva=1#inbox", "hxxp://ca.yahoo.com/", "hxxp://sealedhomesurfaces.com/", "hxxp://hotmail.com/", "hxxps://secure.my1voice.com/default.aspx" ]
Deleted [l.52] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.55] : keyword = "ask.com",
Deleted [l.58] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=cb757bcb-1544-40e5-acf1-aa2430086f72&apn_ptnrs=FV&apn_sauid=367DB712-73C5-4BCA-86BD-A286736EE653&apn_dtid=YYYYYYYYCA&q={searchTerms}",
Deleted [l.59] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Deleted [l.1345] : homepage = "hxxp://www.ask.com/?l=dis&o=14597cr",
Deleted [l.1872] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/?ui=2&shva=1#inbox", "hxxp://ca.yahoo.com/", "hxxp://sealedhomesurfaces.com/", "hxxp://hotmail.com/", "hxxps://secure.my1voice.com/default.aspx" ]

*************************

AdwCleaner[S2].txt - [36545 octets] - [19/09/2012 16:48:15]

########## EOF - C:\AdwCleaner[S2].txt - [36606 octets] ##########


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 5.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
George Malz AppData Roaming mjusbsp\in00000\mjsetup.exe
George Malz AppData Roaming mjusbsp\magicJack.exe
George Malz Desktop SecurityCheck.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : George Malz [Admin rights]
Mode : Remove -- Date : 09/19/2012 16:58:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\George Malz\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
[PROXY FF] kc2cgw2x.default\ 127.0.0.1:60323 -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350032 0AS SCSI Disk Device +++++
--- User ---
[MBR] d8fb555e4246c7ec187458c298d818c1
[BSP] 1184ffe47f050c1fb148cf45d5d7b84b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#4 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 20 September 2012 - 09:23 PM

Sorry to bother you, just wondering if I can contiune using my computer normally and reverse the defogger or is there still repairs to do?

#5 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 21 September 2012 - 12:29 PM

Hi Gringo,

Just wanted to tell you that I was on the internet when suddenly my computer went to a blue screen and rebooted on its own. Sorry to keep adding to the post but ussually I here from you within the day ... hope all is well.

Thanks again, George

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 PM

Posted 22 September 2012 - 09:25 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 23 September 2012 - 09:33 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 10:19:36
-----------------------------
10:19:36.406 OS Version: Windows 6.1.7601 Service Pack 1
10:19:36.406 Number of processors: 4 586 0xF0B
10:19:36.406 ComputerName: GEORGEMALZ-PC UserName: George Malz
10:19:38.684 Initialize success
10:21:41.377 AVAST engine defs: 12092300
10:24:45.956 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
10:24:45.956 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
10:24:45.972 Disk 0 MBR read successfully
10:24:45.972 Disk 0 MBR scan
10:24:45.972 Disk 0 Windows 7 default MBR code
10:24:45.988 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:24:45.988 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:24:46.003 Disk 0 scanning sectors +976771072
10:24:46.081 Disk 0 scanning C:\Windows\system32\drivers
10:24:55.363 Service scanning
10:25:12.476 Modules scanning
10:25:16.922 Disk 0 trace - called modules:
10:25:16.938 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
10:25:17.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864bd3a8]
10:25:17.437 3 CLASSPNP.SYS[8a86d59e] -> nt!IofCallDriver -> [0x85462f08]
10:25:17.437 5 ACPI.sys[8a0c03d4] -> nt!IofCallDriver -> \Device\0000005f[0x85462920]
10:25:18.467 AVAST engine scan C:\Windows
10:25:20.432 AVAST engine scan C:\Windows\system32
10:27:51.440 AVAST engine scan C:\Windows\system32\drivers
10:28:04.529 AVAST engine scan C:\Users\George Malz
10:30:50.919 Disk 0 MBR has been saved successfully to "C:\Users\George Malz\Desktop\MBR.dat"
10:30:50.935 The log file has been saved successfully to "C:\Users\George Malz\Desktop\aswMBR.txt"


09:36:51.0073 0476 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:36:51.0353 0476 ============================================================
09:36:51.0353 0476 Current date / time: 2012/09/23 09:36:51.0353
09:36:51.0353 0476 SystemInfo:
09:36:51.0353 0476
09:36:51.0353 0476 OS Version: 6.1.7601 ServicePack: 1.0
09:36:51.0353 0476 Product type: Workstation
09:36:51.0353 0476 ComputerName: GEORGEMALZ-PC
09:36:51.0353 0476 UserName: George Malz
09:36:51.0353 0476 Windows directory: C:\Windows
09:36:51.0353 0476 System windows directory: C:\Windows
09:36:51.0353 0476 Processor architecture: Intel x86
09:36:51.0353 0476 Number of processors: 4
09:36:51.0353 0476 Page size: 0x1000
09:36:51.0353 0476 Boot type: Normal boot
09:36:51.0353 0476 ============================================================
09:36:52.0274 0476 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:36:52.0305 0476 Drive \Device\Harddisk1\DR1 - Size: 0xE8A5B0000 (58.16 Gb), SectorSize: 0x200, Cylinders: 0x1DA8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:36:52.0305 0476 ============================================================
09:36:52.0305 0476 \Device\Harddisk0\DR0:
09:36:52.0305 0476 MBR partitions:
09:36:52.0305 0476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:36:52.0305 0476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
09:36:52.0305 0476 \Device\Harddisk1\DR1:
09:36:52.0305 0476 MBR partitions:
09:36:52.0305 0476 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x7450E00
09:36:52.0305 0476 ============================================================
09:36:52.0336 0476 C: <-> \Device\Harddisk0\DR0\Partition2
09:36:52.0336 0476 ============================================================
09:36:52.0336 0476 Initialize success
09:36:52.0336 0476 ============================================================
09:36:55.0706 7828 ============================================================
09:36:55.0706 7828 Scan started
09:36:55.0706 7828 Mode: Manual;
09:36:55.0706 7828 ============================================================
09:36:56.0782 7828 ================ Scan system memory ========================
09:36:56.0782 7828 System memory - ok
09:36:56.0782 7828 ================ Scan services =============================
09:36:56.0907 7828 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:36:56.0907 7828 1394ohci - ok
09:36:56.0923 7828 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:36:56.0923 7828 ACPI - ok
09:36:56.0954 7828 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:36:56.0954 7828 AcpiPmi - ok
09:36:56.0969 7828 acrsch2svc - ok
09:36:57.0110 7828 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
09:36:57.0110 7828 Adobe Version Cue CS3 - ok
09:36:57.0172 7828 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:36:57.0172 7828 AdobeARMservice - ok
09:36:57.0188 7828 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:36:57.0188 7828 adp94xx - ok
09:36:57.0203 7828 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:36:57.0203 7828 adpahci - ok
09:36:57.0219 7828 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:36:57.0219 7828 adpu320 - ok
09:36:57.0250 7828 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:36:57.0250 7828 AeLookupSvc - ok
09:36:57.0297 7828 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:36:57.0297 7828 AFD - ok
09:36:57.0313 7828 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:36:57.0313 7828 agp440 - ok
09:36:57.0328 7828 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:36:57.0328 7828 aic78xx - ok
09:36:57.0344 7828 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:36:57.0344 7828 ALG - ok
09:36:57.0359 7828 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:36:57.0359 7828 aliide - ok
09:36:57.0359 7828 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:36:57.0359 7828 amdagp - ok
09:36:57.0375 7828 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:36:57.0375 7828 amdide - ok
09:36:57.0391 7828 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:36:57.0391 7828 AmdK8 - ok
09:36:57.0422 7828 AMDPCI - ok
09:36:57.0437 7828 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:36:57.0437 7828 AmdPPM - ok
09:36:57.0453 7828 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:36:57.0453 7828 amdsata - ok
09:36:57.0469 7828 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:36:57.0469 7828 amdsbs - ok
09:36:57.0484 7828 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:36:57.0484 7828 amdxata - ok
09:36:57.0500 7828 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:36:57.0500 7828 AppID - ok
09:36:57.0531 7828 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:36:57.0531 7828 AppIDSvc - ok
09:36:57.0562 7828 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:36:57.0562 7828 Appinfo - ok
09:36:57.0625 7828 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:36:57.0625 7828 Apple Mobile Device - ok
09:36:57.0656 7828 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:36:57.0656 7828 AppMgmt - ok
09:36:57.0687 7828 AppnApi - ok
09:36:57.0687 7828 appnnode - ok
09:36:57.0687 7828 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:36:57.0703 7828 arc - ok
09:36:57.0703 7828 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:36:57.0703 7828 arcsas - ok
09:36:57.0734 7828 ARPolicy - ok
09:36:57.0734 7828 ARSVC - ok
09:36:57.0765 7828 As6frin - ok
09:36:57.0781 7828 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:36:57.0781 7828 AsyncMac - ok
09:36:57.0781 7828 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:36:57.0781 7828 atapi - ok
09:36:57.0781 7828 ati2mpaa - ok
09:36:57.0812 7828 atirage3 - ok
09:36:57.0843 7828 ATIVXSTW - ok
09:36:57.0874 7828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:36:57.0874 7828 AudioEndpointBuilder - ok
09:36:57.0905 7828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:36:57.0905 7828 Audiosrv - ok
09:36:57.0921 7828 avgarcln - ok
09:36:57.0921 7828 avgtdi - ok
09:36:57.0937 7828 avsvcmonitor - ok
09:36:57.0968 7828 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:36:57.0983 7828 AxInstSV - ok
09:36:57.0983 7828 axsnmsvc - ok
09:36:57.0999 7828 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:36:58.0015 7828 b06bdrv - ok
09:36:58.0030 7828 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:36:58.0030 7828 b57nd60x - ok
09:36:58.0124 7828 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
09:36:58.0124 7828 BBSvc - ok
09:36:58.0155 7828 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
09:36:58.0155 7828 BBUpdate - ok
09:36:58.0171 7828 BCMModem - ok
09:36:58.0171 7828 BcmSqlStartupSvc - ok
09:36:58.0202 7828 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:36:58.0202 7828 BDESVC - ok
09:36:58.0202 7828 bdselfpr - ok
09:36:58.0233 7828 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:36:58.0233 7828 Beep - ok
09:36:58.0295 7828 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:36:58.0295 7828 BFE - ok
09:36:58.0295 7828 bh611 - ok
09:36:58.0327 7828 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:36:58.0327 7828 BITS - ok
09:36:58.0342 7828 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:36:58.0342 7828 blbdrive - ok
09:36:58.0405 7828 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:36:58.0405 7828 Bonjour Service - ok
09:36:58.0436 7828 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:36:58.0436 7828 bowser - ok
09:36:58.0436 7828 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:36:58.0436 7828 BrFiltLo - ok
09:36:58.0467 7828 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:36:58.0467 7828 BrFiltUp - ok
09:36:58.0514 7828 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:36:58.0514 7828 BridgeMP - ok
09:36:58.0561 7828 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:36:58.0561 7828 Browser - ok
09:36:58.0607 7828 [ 08C7E41FF10F56E83B4F10B5E8B1E8B6 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
09:36:58.0607 7828 BrSerIb - ok
09:36:58.0623 7828 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:36:58.0639 7828 Brserid - ok
09:36:58.0639 7828 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:36:58.0639 7828 BrSerWdm - ok
09:36:58.0670 7828 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:36:58.0670 7828 BrUsbMdm - ok
09:36:58.0670 7828 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:36:58.0670 7828 BrUsbSer - ok
09:36:58.0685 7828 [ 2132A117160F2A96A13C044AE9BCED91 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
09:36:58.0685 7828 BrUsbSIb - ok
09:36:58.0685 7828 bthidmgr - ok
09:36:58.0701 7828 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:36:58.0701 7828 BTHMODEM - ok
09:36:58.0717 7828 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:36:58.0717 7828 bthserv - ok
09:36:58.0732 7828 bwsvc - ok
09:36:58.0732 7828 CADlink - ok
09:36:58.0748 7828 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:36:58.0748 7828 cdfs - ok
09:36:58.0779 7828 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:36:58.0779 7828 cdrom - ok
09:36:58.0810 7828 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:36:58.0826 7828 CertPropSvc - ok
09:36:58.0826 7828 changer - ok
09:36:58.0841 7828 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:36:58.0841 7828 circlass - ok
09:36:58.0857 7828 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:36:58.0857 7828 CLFS - ok
09:36:58.0904 7828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:36:58.0904 7828 clr_optimization_v2.0.50727_32 - ok
09:36:58.0951 7828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:36:58.0951 7828 clr_optimization_v4.0.30319_32 - ok
09:36:58.0966 7828 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:36:58.0966 7828 CmBatt - ok
09:36:58.0982 7828 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:36:58.0982 7828 cmdide - ok
09:36:59.0029 7828 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:36:59.0029 7828 CNG - ok
09:36:59.0044 7828 CoachAud - ok
09:36:59.0060 7828 CoachUsb - ok
09:36:59.0075 7828 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:36:59.0075 7828 Compbatt - ok
09:36:59.0122 7828 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:36:59.0122 7828 CompositeBus - ok
09:36:59.0122 7828 COMSysApp - ok
09:36:59.0138 7828 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:36:59.0138 7828 crcdisk - ok
09:36:59.0169 7828 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:36:59.0169 7828 CryptSvc - ok
09:36:59.0216 7828 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:36:59.0216 7828 CSC - ok
09:36:59.0231 7828 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:36:59.0231 7828 CscService - ok
09:36:59.0231 7828 CVPNDRVA - ok
09:36:59.0263 7828 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:36:59.0263 7828 DcomLaunch - ok
09:36:59.0294 7828 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:36:59.0294 7828 defragsvc - ok
09:36:59.0309 7828 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:36:59.0309 7828 DfsC - ok
09:36:59.0341 7828 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:36:59.0341 7828 Dhcp - ok
09:36:59.0356 7828 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:36:59.0356 7828 discache - ok
09:36:59.0372 7828 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:36:59.0372 7828 Disk - ok
09:36:59.0387 7828 dlcc_device - ok
09:36:59.0387 7828 DM9102 - ok
09:36:59.0419 7828 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:36:59.0419 7828 Dnscache - ok
09:36:59.0450 7828 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:36:59.0465 7828 dot3svc - ok
09:36:59.0465 7828 downloadmanagerlite - ok
09:36:59.0497 7828 dphost - ok
09:36:59.0528 7828 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:36:59.0528 7828 DPS - ok
09:36:59.0543 7828 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:36:59.0559 7828 drmkaud - ok
09:36:59.0606 7828 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:36:59.0606 7828 DXGKrnl - ok
09:36:59.0621 7828 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:36:59.0621 7828 EapHost - ok
09:36:59.0684 7828 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:36:59.0699 7828 ebdrv - ok
09:36:59.0715 7828 eelsservice - ok
09:36:59.0746 7828 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:36:59.0746 7828 EFS - ok
09:36:59.0793 7828 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:36:59.0793 7828 ehRecvr - ok
09:36:59.0809 7828 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:36:59.0809 7828 ehSched - ok
09:36:59.0824 7828 EL2000 - ok
09:36:59.0824 7828 eloggersvc6 - ok
09:36:59.0855 7828 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:36:59.0855 7828 elxstor - ok
09:36:59.0855 7828 epoxusdm - ok
09:36:59.0871 7828 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:36:59.0887 7828 ErrDev - ok
09:36:59.0887 7828 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:36:59.0887 7828 EventSystem - ok
09:36:59.0918 7828 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:36:59.0918 7828 exfat - ok
09:36:59.0933 7828 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:36:59.0933 7828 fastfat - ok
09:36:59.0980 7828 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:36:59.0980 7828 Fax - ok
09:36:59.0996 7828 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:36:59.0996 7828 fdc - ok
09:37:00.0011 7828 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:37:00.0011 7828 fdPHost - ok
09:37:00.0027 7828 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:37:00.0027 7828 FDResPub - ok
09:37:00.0027 7828 FileDisk - ok
09:37:00.0043 7828 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:37:00.0043 7828 FileInfo - ok
09:37:00.0058 7828 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:37:00.0058 7828 Filetrace - ok
09:37:00.0058 7828 FINEPIX_PCC - ok
09:37:00.0105 7828 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:37:00.0105 7828 FLEXnet Licensing Service - ok
09:37:00.0121 7828 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:00.0121 7828 flpydisk - ok
09:37:00.0136 7828 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:37:00.0136 7828 FltMgr - ok
09:37:00.0183 7828 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:37:00.0199 7828 FontCache - ok
09:37:00.0230 7828 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:37:00.0230 7828 FontCache3.0.0.0 - ok
09:37:00.0245 7828 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:37:00.0245 7828 FsDepends - ok
09:37:00.0277 7828 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:37:00.0277 7828 Fs_Rec - ok
09:37:00.0292 7828 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:37:00.0292 7828 fvevol - ok
09:37:00.0308 7828 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:37:00.0308 7828 gagp30kx - ok
09:37:00.0386 7828 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:37:00.0386 7828 GEARAspiWDM - ok
09:37:00.0417 7828 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:37:00.0433 7828 gpsvc - ok
09:37:00.0479 7828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:00.0479 7828 gupdate - ok
09:37:00.0479 7828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:00.0479 7828 gupdatem - ok
09:37:00.0526 7828 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:37:00.0526 7828 gusvc - ok
09:37:00.0526 7828 GVCplDrv - ok
09:37:00.0526 7828 ha10kx2k - ok
09:37:00.0542 7828 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:37:00.0542 7828 hcw85cir - ok
09:37:00.0589 7828 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:37:00.0589 7828 HdAudAddService - ok
09:37:00.0620 7828 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:37:00.0620 7828 HDAudBus - ok
09:37:00.0651 7828 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:37:00.0651 7828 HidBatt - ok
09:37:00.0667 7828 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:37:00.0667 7828 HidBth - ok
09:37:00.0667 7828 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:37:00.0667 7828 HidIr - ok
09:37:00.0682 7828 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:37:00.0682 7828 hidserv - ok
09:37:00.0713 7828 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:37:00.0713 7828 HidUsb - ok
09:37:00.0745 7828 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:37:00.0745 7828 hkmsvc - ok
09:37:00.0745 7828 hnmsvc - ok
09:37:00.0776 7828 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:37:00.0776 7828 HomeGroupListener - ok
09:37:00.0823 7828 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:37:00.0823 7828 HomeGroupProvider - ok
09:37:00.0854 7828 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:37:00.0854 7828 HpSAMD - ok
09:37:00.0869 7828 HPSLPSVC - ok
09:37:00.0869 7828 hpzius12 - ok
09:37:00.0916 7828 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:37:00.0916 7828 HTTP - ok
09:37:00.0932 7828 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:37:00.0932 7828 hwpolicy - ok
09:37:00.0947 7828 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:37:00.0947 7828 i8042prt - ok
09:37:00.0963 7828 iaimfp2 - ok
09:37:00.0994 7828 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:37:00.0994 7828 iaStorV - ok
09:37:01.0025 7828 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:37:01.0041 7828 idsvc - ok
09:37:01.0041 7828 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:37:01.0041 7828 iirsp - ok
09:37:01.0072 7828 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:37:01.0072 7828 IKEEXT - ok
09:37:01.0088 7828 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:37:01.0088 7828 intelide - ok
09:37:01.0103 7828 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:37:01.0103 7828 intelppm - ok
09:37:01.0119 7828 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:37:01.0119 7828 IPBusEnum - ok
09:37:01.0119 7828 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:37:01.0119 7828 IpFilterDriver - ok
09:37:01.0150 7828 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:37:01.0150 7828 iphlpsvc - ok
09:37:01.0166 7828 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:37:01.0166 7828 IPMIDRV - ok
09:37:01.0181 7828 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:37:01.0181 7828 IPNAT - ok
09:37:01.0228 7828 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:37:01.0244 7828 iPod Service - ok
09:37:01.0244 7828 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:37:01.0244 7828 IRENUM - ok
09:37:01.0259 7828 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:37:01.0259 7828 isapnp - ok
09:37:01.0275 7828 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:37:01.0275 7828 iScsiPrt - ok
09:37:01.0275 7828 ispwdsvc - ok
09:37:01.0291 7828 jobserver_report - ok
09:37:01.0306 7828 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:37:01.0306 7828 kbdclass - ok
09:37:01.0322 7828 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:37:01.0322 7828 kbdhid - ok
09:37:01.0322 7828 kbfiltr - ok
09:37:01.0337 7828 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:37:01.0337 7828 KeyIso - ok
09:37:01.0337 7828 KMWDFilter - ok
09:37:01.0337 7828 KR3NPXP - ok
09:37:01.0353 7828 kraidsvc - ok
09:37:01.0384 7828 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:37:01.0384 7828 KSecDD - ok
09:37:01.0400 7828 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:37:01.0415 7828 KSecPkg - ok
09:37:01.0415 7828 kservice - ok
09:37:01.0431 7828 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:37:01.0431 7828 KtmRm - ok
09:37:01.0462 7828 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:37:01.0462 7828 LanmanServer - ok
09:37:01.0462 7828 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:37:01.0478 7828 LanmanWorkstation - ok
09:37:01.0493 7828 LC7981 - ok
09:37:01.0509 7828 LEX_AS_NIC_SERVICE_YNOS - ok
09:37:01.0509 7828 lhidflt2 - ok
09:37:01.0509 7828 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:37:01.0509 7828 lltdio - ok
09:37:01.0525 7828 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:37:01.0540 7828 lltdsvc - ok
09:37:01.0556 7828 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:37:01.0556 7828 lmhosts - ok
09:37:01.0556 7828 LMouFilt - ok
09:37:01.0587 7828 LoopBeMidi1 - ok
09:37:01.0603 7828 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:37:01.0603 7828 LSI_FC - ok
09:37:01.0618 7828 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:37:01.0618 7828 LSI_SAS - ok
09:37:01.0634 7828 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:37:01.0634 7828 LSI_SAS2 - ok
09:37:01.0649 7828 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:37:01.0649 7828 LSI_SCSI - ok
09:37:01.0649 7828 ltxred - ok
09:37:01.0665 7828 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:37:01.0665 7828 luafv - ok
09:37:01.0681 7828 lxbs_device - ok
09:37:01.0681 7828 mapserver6.3 - ok
09:37:01.0727 7828 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:37:01.0727 7828 MBAMProtector - ok
09:37:01.0774 7828 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:37:01.0790 7828 MBAMScheduler - ok
09:37:01.0805 7828 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:37:01.0805 7828 MBAMService - ok
09:37:01.0821 7828 mcvsrte - ok
09:37:01.0852 7828 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:37:01.0852 7828 Mcx2Svc - ok
09:37:01.0852 7828 mdmxsdk - ok
09:37:01.0868 7828 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:37:01.0868 7828 megasas - ok
09:37:01.0883 7828 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:37:01.0883 7828 MegaSR - ok
09:37:01.0899 7828 mgabgexe - ok
09:37:01.0946 7828 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:37:01.0946 7828 Microsoft Office Groove Audit Service - ok
09:37:01.0961 7828 mindrepair - ok
09:37:01.0977 7828 mksupdateint - ok
09:37:01.0977 7828 mks_scan - ok
09:37:01.0977 7828 mldserv - ok
09:37:01.0993 7828 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:37:02.0008 7828 MMCSS - ok
09:37:02.0008 7828 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:37:02.0008 7828 Modem - ok
09:37:02.0039 7828 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:37:02.0039 7828 monitor - ok
09:37:02.0071 7828 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:37:02.0071 7828 mouclass - ok
09:37:02.0086 7828 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:37:02.0086 7828 mouhid - ok
09:37:02.0117 7828 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:37:02.0117 7828 mountmgr - ok
09:37:02.0133 7828 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:37:02.0133 7828 mpio - ok
09:37:02.0149 7828 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:37:02.0149 7828 mpsdrv - ok
09:37:02.0211 7828 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:37:02.0211 7828 MpsSvc - ok
09:37:02.0227 7828 mraid35x - ok
09:37:02.0258 7828 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:37:02.0258 7828 MRxDAV - ok
09:37:02.0289 7828 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:37:02.0289 7828 mrxsmb - ok
09:37:02.0320 7828 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:37:02.0336 7828 mrxsmb10 - ok
09:37:02.0336 7828 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:37:02.0336 7828 mrxsmb20 - ok
09:37:02.0351 7828 MS1000 - ok
09:37:02.0351 7828 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:37:02.0351 7828 msahci - ok
09:37:02.0383 7828 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:37:02.0383 7828 msdsm - ok
09:37:02.0398 7828 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:37:02.0398 7828 MSDTC - ok
09:37:02.0429 7828 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:37:02.0429 7828 Msfs - ok
09:37:02.0429 7828 msftpsvc - ok
09:37:02.0445 7828 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:37:02.0445 7828 mshidkmdf - ok
09:37:02.0461 7828 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:37:02.0461 7828 msisadrv - ok
09:37:02.0492 7828 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:37:02.0492 7828 MSiSCSI - ok
09:37:02.0492 7828 msiserver - ok
09:37:02.0507 7828 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:37:02.0507 7828 MSKSSRV - ok
09:37:02.0523 7828 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:37:02.0523 7828 MSPCLOCK - ok
09:37:02.0539 7828 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:37:02.0539 7828 MSPQM - ok
09:37:02.0554 7828 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:37:02.0554 7828 MsRPC - ok
09:37:02.0570 7828 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:37:02.0570 7828 mssmbios - ok
09:37:02.0570 7828 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:37:02.0570 7828 MSTEE - ok
09:37:02.0585 7828 MTC0001_ESB - ok
09:37:02.0601 7828 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:37:02.0601 7828 MTConfig - ok
09:37:02.0617 7828 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:37:02.0617 7828 Mup - ok
09:37:02.0617 7828 mwssched - ok
09:37:02.0632 7828 mwstick - ok
09:37:02.0648 7828 mxserver - ok
09:37:02.0695 7828 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:37:02.0695 7828 napagent - ok
09:37:02.0726 7828 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:37:02.0726 7828 NativeWifiP - ok
09:37:02.0773 7828 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:37:02.0773 7828 NDIS - ok
09:37:02.0788 7828 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:37:02.0788 7828 NdisCap - ok
09:37:02.0804 7828 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:37:02.0804 7828 NdisTapi - ok
09:37:02.0835 7828 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:37:02.0835 7828 Ndisuio - ok
09:37:02.0866 7828 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:37:02.0866 7828 NdisWan - ok
09:37:02.0882 7828 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:37:02.0882 7828 NDProxy - ok
09:37:02.0882 7828 neokdss - ok
09:37:02.0897 7828 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:37:02.0897 7828 NetBIOS - ok
09:37:02.0929 7828 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:37:02.0929 7828 NetBT - ok
09:37:02.0944 7828 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:37:02.0944 7828 Netlogon - ok
09:37:02.0975 7828 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:37:02.0975 7828 Netman - ok
09:37:02.0991 7828 NetMsmqActivator - ok
09:37:03.0007 7828 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:37:03.0007 7828 netprofm - ok
09:37:03.0022 7828 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:37:03.0022 7828 NetTcpPortSharing - ok
09:37:03.0038 7828 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:37:03.0038 7828 nfrd960 - ok
09:37:03.0053 7828 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:37:03.0053 7828 NlaSvc - ok
09:37:03.0100 7828 [ 0E58F99692802C501454EAC3D2AC3394 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:37:03.0100 7828 nosGetPlusHelper - ok
09:37:03.0100 7828 npapimon - ok
09:37:03.0116 7828 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:37:03.0131 7828 Npfs - ok
09:37:03.0147 7828 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:37:03.0147 7828 nsi - ok
09:37:03.0163 7828 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:37:03.0163 7828 nsiproxy - ok
09:37:03.0194 7828 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:37:03.0225 7828 Ntfs - ok
09:37:03.0241 7828 ntsyslog - ok
09:37:03.0256 7828 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:37:03.0256 7828 Null - ok
09:37:03.0287 7828 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
09:37:03.0287 7828 NVENETFD - ok
09:37:03.0459 7828 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:37:03.0521 7828 nvlddmkm - ok
09:37:03.0537 7828 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:37:03.0537 7828 nvraid - ok
09:37:03.0568 7828 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:37:03.0568 7828 nvstor - ok
09:37:03.0584 7828 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:37:03.0584 7828 nv_agp - ok
09:37:03.0599 7828 nwlnkfwd - ok
09:37:03.0646 7828 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:37:03.0646 7828 odserv - ok
09:37:03.0677 7828 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:37:03.0677 7828 ohci1394 - ok
09:37:03.0693 7828 om518p - ok
09:37:03.0709 7828 oraclemtsrecoveryservice - ok
09:37:03.0724 7828 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:37:03.0724 7828 ose - ok
09:37:03.0771 7828 [ 257190D58444732B68919C573368B64D ] OXSDIDRV_x32 C:\Windows\system32\DRIVERS\OXSDIDRV_x32.sys
09:37:03.0771 7828 OXSDIDRV_x32 - ok
09:37:03.0818 7828 [ 8F534A8630F6BABA92E14531F96906CD ] OXUDIDRV C:\Windows\system32\Drivers\OXUDIDRV_X32.sys
09:37:03.0818 7828 OXUDIDRV - ok
09:37:03.0833 7828 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:37:03.0833 7828 p2pimsvc - ok
09:37:03.0849 7828 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:37:03.0849 7828 p2psvc - ok
09:37:03.0865 7828 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:37:03.0865 7828 Parport - ok
09:37:03.0896 7828 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:37:03.0911 7828 partmgr - ok
09:37:03.0911 7828 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:37:03.0911 7828 Parvdm - ok
09:37:03.0927 7828 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:37:03.0943 7828 PcaSvc - ok
09:37:03.0943 7828 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:37:03.0958 7828 pci - ok
09:37:03.0958 7828 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:37:03.0958 7828 pciide - ok
09:37:03.0974 7828 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:37:03.0974 7828 pcmcia - ok
09:37:03.0989 7828 pcouffin - ok
09:37:03.0989 7828 pcradminserver - ok
09:37:04.0005 7828 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:37:04.0005 7828 pcw - ok
09:37:04.0036 7828 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:37:04.0036 7828 PEAUTH - ok
09:37:04.0067 7828 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:37:04.0083 7828 PeerDistSvc - ok
09:37:04.0099 7828 pinger - ok
09:37:04.0161 7828 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:37:04.0161 7828 pla - ok
09:37:04.0208 7828 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:37:04.0208 7828 PlugPlay - ok
09:37:04.0223 7828 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:37:04.0223 7828 PNRPAutoReg - ok
09:37:04.0239 7828 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:37:04.0239 7828 PNRPsvc - ok
09:37:04.0255 7828 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:37:04.0270 7828 PolicyAgent - ok
09:37:04.0286 7828 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:37:04.0286 7828 Power - ok
09:37:04.0301 7828 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:37:04.0301 7828 PptpMiniport - ok
09:37:04.0317 7828 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:37:04.0317 7828 Processor - ok
09:37:04.0348 7828 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:37:04.0348 7828 ProfSvc - ok
09:37:04.0364 7828 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:37:04.0364 7828 ProtectedStorage - ok
09:37:04.0379 7828 proxyhostmirrordisplay - ok
09:37:04.0411 7828 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:37:04.0411 7828 Psched - ok
09:37:04.0426 7828 qhwscsvc - ok
09:37:04.0457 7828 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:37:04.0473 7828 ql2300 - ok
09:37:04.0489 7828 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:37:04.0489 7828 ql40xx - ok
09:37:04.0504 7828 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:37:04.0520 7828 QWAVE - ok
09:37:04.0520 7828 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:37:04.0520 7828 QWAVEdrv - ok
09:37:04.0535 7828 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:37:04.0535 7828 RasAcd - ok
09:37:04.0551 7828 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:37:04.0551 7828 RasAgileVpn - ok
09:37:04.0551 7828 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:37:04.0551 7828 RasAuto - ok
09:37:04.0567 7828 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:37:04.0567 7828 Rasl2tp - ok
09:37:04.0598 7828 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:37:04.0598 7828 RasMan - ok
09:37:04.0613 7828 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:37:04.0613 7828 RasPppoe - ok
09:37:04.0629 7828 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:37:04.0629 7828 RasSstp - ok
09:37:04.0629 7828 rca - ok
09:37:04.0645 7828 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:37:04.0645 7828 rdbss - ok
09:37:04.0645 7828 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:37:04.0645 7828 rdpbus - ok
09:37:04.0676 7828 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:37:04.0676 7828 RDPCDD - ok
09:37:04.0691 7828 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:37:04.0707 7828 RDPDR - ok
09:37:04.0723 7828 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:37:04.0723 7828 RDPENCDD - ok
09:37:04.0723 7828 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:37:04.0723 7828 RDPREFMP - ok
09:37:04.0738 7828 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:37:04.0754 7828 RDPWD - ok
09:37:04.0785 7828 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:37:04.0785 7828 rdyboost - ok
09:37:04.0816 7828 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:37:04.0816 7828 RemoteAccess - ok
09:37:04.0816 7828 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:37:04.0832 7828 RemoteRegistry - ok
09:37:04.0863 7828 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:37:04.0863 7828 RichVideo - ok
09:37:04.0894 7828 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:37:04.0894 7828 RimUsb - ok
09:37:04.0925 7828 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
09:37:04.0925 7828 RimVSerPort - ok
09:37:04.0941 7828 riomsc - ok
09:37:04.0957 7828 rismxdp - ok
09:37:04.0972 7828 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:37:04.0972 7828 ROOTMODEM - ok
09:37:04.0972 7828 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:37:04.0972 7828 RpcEptMapper - ok
09:37:04.0988 7828 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:37:04.0988 7828 RpcLocator - ok
09:37:05.0003 7828 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:37:05.0003 7828 RpcSs - ok
09:37:05.0019 7828 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:37:05.0019 7828 rspndr - ok
09:37:05.0035 7828 rupsmon - ok
09:37:05.0035 7828 s117mdfl - ok
09:37:05.0050 7828 s125bus - ok
09:37:05.0050 7828 s217unic - ok
09:37:05.0081 7828 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:37:05.0081 7828 s3cap - ok
09:37:05.0097 7828 s616mgmt - ok
09:37:05.0175 7828 SABKUTIL - ok
09:37:05.0175 7828 SaiNtHid - ok
09:37:05.0175 7828 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:37:05.0191 7828 SamSs - ok
09:37:05.0206 7828 sandboxu - ok
09:37:05.0237 7828 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:37:05.0237 7828 sbp2port - ok
09:37:05.0253 7828 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:37:05.0253 7828 SCardSvr - ok
09:37:05.0269 7828 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:37:05.0269 7828 scfilter - ok
09:37:05.0315 7828 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:37:05.0315 7828 Schedule - ok
09:37:05.0331 7828 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:37:05.0331 7828 SCPolicySvc - ok
09:37:05.0362 7828 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:37:05.0362 7828 SDRSVC - ok
09:37:05.0378 7828 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:37:05.0378 7828 secdrv - ok
09:37:05.0393 7828 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:37:05.0393 7828 seclogon - ok
09:37:05.0409 7828 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:37:05.0425 7828 SENS - ok
09:37:05.0440 7828 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:37:05.0440 7828 SensrSvc - ok
09:37:05.0456 7828 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:37:05.0456 7828 Serenum - ok
09:37:05.0456 7828 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:37:05.0456 7828 Serial - ok
09:37:05.0471 7828 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:37:05.0471 7828 sermouse - ok
09:37:05.0503 7828 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:37:05.0503 7828 SessionEnv - ok
09:37:05.0534 7828 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:37:05.0549 7828 sffdisk - ok
09:37:05.0549 7828 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:37:05.0549 7828 sffp_mmc - ok
09:37:05.0549 7828 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:37:05.0549 7828 sffp_sd - ok
09:37:05.0565 7828 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:37:05.0565 7828 sfloppy - ok
09:37:05.0596 7828 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:37:05.0596 7828 SharedAccess - ok
09:37:05.0612 7828 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:37:05.0612 7828 ShellHWDetection - ok
09:37:05.0643 7828 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:37:05.0643 7828 sisagp - ok
09:37:05.0659 7828 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:37:05.0659 7828 SiSRaid2 - ok
09:37:05.0659 7828 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:37:05.0659 7828 SiSRaid4 - ok
09:37:05.0705 7828 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:37:05.0705 7828 SkypeUpdate - ok
09:37:05.0721 7828 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:37:05.0721 7828 Smb - ok
09:37:05.0737 7828 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:37:05.0737 7828 SNMPTRAP - ok
09:37:05.0752 7828 sonywbms - ok
09:37:05.0752 7828 sparrow - ok
09:37:05.0768 7828 spbbcdrv - ok
09:37:05.0783 7828 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:37:05.0783 7828 spldr - ok
09:37:05.0783 7828 spmd - ok
09:37:05.0815 7828 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:37:05.0830 7828 Spooler - ok
09:37:05.0908 7828 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:37:05.0924 7828 sppsvc - ok
09:37:05.0955 7828 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:37:05.0955 7828 sppuinotify - ok
09:37:05.0971 7828 SQLAgent$MICROSOFTBCM - ok
09:37:06.0017 7828 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:37:06.0017 7828 srv - ok
09:37:06.0033 7828 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:37:06.0033 7828 srv2 - ok
09:37:06.0049 7828 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:37:06.0049 7828 srvnet - ok
09:37:06.0064 7828 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:37:06.0064 7828 SSDPSRV - ok
09:37:06.0080 7828 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:37:06.0080 7828 SstpSvc - ok
09:37:06.0095 7828 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:37:06.0095 7828 stexstor - ok
09:37:06.0095 7828 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:37:06.0095 7828 StillCam - ok
09:37:06.0127 7828 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:37:06.0142 7828 StiSvc - ok
09:37:06.0173 7828 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:37:06.0173 7828 storflt - ok
09:37:06.0189 7828 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
09:37:06.0189 7828 StorSvc - ok
09:37:06.0205 7828 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:37:06.0205 7828 storvsc - ok
09:37:06.0220 7828 susbser - ok
09:37:06.0220 7828 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:37:06.0220 7828 swenum - ok
09:37:06.0251 7828 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:37:06.0251 7828 swprv - ok
09:37:06.0251 7828 symantecantibotdriver - ok
09:37:06.0298 7828 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:37:06.0314 7828 SysMain - ok
09:37:06.0345 7828 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:37:06.0345 7828 TabletInputService - ok
09:37:06.0376 7828 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:37:06.0376 7828 TapiSrv - ok
09:37:06.0407 7828 [ 5D8C820E2D885C25FFC6BBC5D4FE073C ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
09:37:06.0407 7828 tbhsd - ok
09:37:06.0423 7828 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:37:06.0423 7828 TBS - ok
09:37:06.0439 7828 TClass2k - ok
09:37:06.0485 7828 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:37:06.0485 7828 Tcpip - ok
09:37:06.0532 7828 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:37:06.0532 7828 TCPIP6 - ok
09:37:06.0548 7828 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:37:06.0548 7828 tcpipreg - ok
09:37:06.0579 7828 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:37:06.0579 7828 TDPIPE - ok
09:37:06.0610 7828 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:37:06.0610 7828 TDTCP - ok
09:37:06.0657 7828 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:37:06.0657 7828 tdx - ok
09:37:06.0657 7828 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:37:06.0673 7828 TermDD - ok
09:37:06.0688 7828 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:37:06.0688 7828 TermService - ok
09:37:06.0704 7828 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:37:06.0704 7828 Themes - ok
09:37:06.0704 7828 thinkpadmodemservice - ok
09:37:06.0719 7828 thpsrv - ok
09:37:06.0735 7828 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:37:06.0735 7828 THREADORDER - ok
09:37:06.0751 7828 tng-dts - ok
09:37:06.0751 7828 toddsrv - ok
09:37:06.0766 7828 transcode360 - ok
09:37:06.0782 7828 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:37:06.0782 7828 TrkWks - ok
09:37:06.0797 7828 trlokom_rmhsvc - ok
09:37:06.0829 7828 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:37:06.0829 7828 TrustedInstaller - ok
09:37:06.0844 7828 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:37:06.0844 7828 tssecsrv - ok
09:37:06.0860 7828 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:37:06.0860 7828 TsUsbFlt - ok
09:37:06.0875 7828 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:37:06.0875 7828 tunnel - ok
09:37:06.0875 7828 U2SP - ok
09:37:06.0907 7828 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:37:06.0907 7828 uagp35 - ok
09:37:06.0922 7828 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:37:06.0922 7828 udfs - ok
09:37:06.0938 7828 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:37:06.0938 7828 UI0Detect - ok
09:37:06.0953 7828 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:37:06.0953 7828 uliagpkx - ok
09:37:06.0969 7828 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:37:06.0969 7828 umbus - ok
09:37:06.0969 7828 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:37:06.0969 7828 UmPass - ok
09:37:07.0000 7828 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:37:07.0016 7828 UmRdpService - ok
09:37:07.0016 7828 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:37:07.0031 7828 upnphost - ok
09:37:07.0063 7828 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:37:07.0063 7828 USBAAPL - ok
09:37:07.0078 7828 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:37:07.0078 7828 usbaudio - ok
09:37:07.0125 7828 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:37:07.0125 7828 usbccgp - ok
09:37:07.0156 7828 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:37:07.0156 7828 usbcir - ok
09:37:07.0156 7828 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:37:07.0156 7828 usbehci - ok
09:37:07.0187 7828 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:37:07.0187 7828 usbhub - ok
09:37:07.0187 7828 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:37:07.0187 7828 usbohci - ok
09:37:07.0203 7828 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:37:07.0203 7828 usbprint - ok
09:37:07.0234 7828 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:37:07.0234 7828 usbscan - ok
09:37:07.0250 7828 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:37:07.0250 7828 USBSTOR - ok
09:37:07.0250 7828 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:37:07.0250 7828 usbuhci - ok
09:37:07.0265 7828 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:37:07.0265 7828 UxSms - ok
09:37:07.0265 7828 vaiomediaplatform-integratedserver-upnp - ok
09:37:07.0281 7828 VAIOMediaPlatform-MusicServer-HTTP - ok
09:37:07.0297 7828 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:37:07.0297 7828 VaultSvc - ok
09:37:07.0297 7828 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:37:07.0297 7828 vdrvroot - ok
09:37:07.0343 7828 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:37:07.0343 7828 vds - ok
09:37:07.0359 7828 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:37:07.0359 7828 vga - ok
09:37:07.0375 7828 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:37:07.0375 7828 VgaSave - ok
09:37:07.0390 7828 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:37:07.0406 7828 vhdmp - ok
09:37:07.0421 7828 Via4in1 - ok
09:37:07.0421 7828 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:37:07.0437 7828 viaagp - ok
09:37:07.0453 7828 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:37:07.0453 7828 ViaC7 - ok
09:37:07.0453 7828 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:37:07.0453 7828 viaide - ok
09:37:07.0468 7828 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:37:07.0468 7828 vmbus - ok
09:37:07.0484 7828 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:37:07.0484 7828 VMBusHID - ok
09:37:07.0499 7828 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:37:07.0499 7828 volmgr - ok
09:37:07.0515 7828 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:37:07.0515 7828 volmgrx - ok
09:37:07.0531 7828 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:37:07.0531 7828 volsnap - ok
09:37:07.0531 7828 vpn5000service - ok
09:37:07.0546 7828 vpnva - ok
09:37:07.0546 7828 VRFIL - ok
09:37:07.0562 7828 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:37:07.0562 7828 vsmraid - ok
09:37:07.0609 7828 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:37:07.0624 7828 VSS - ok
09:37:07.0640 7828 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:37:07.0640 7828 vwifibus - ok
09:37:07.0640 7828 vxsvc - ok
09:37:07.0640 7828 vzcdbsvc - ok
09:37:07.0655 7828 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:37:07.0655 7828 W32Time - ok
09:37:07.0671 7828 W700mdfl - ok
09:37:07.0687 7828 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:37:07.0687 7828 WacomPen - ok
09:37:07.0702 7828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:37:07.0702 7828 WANARP - ok
09:37:07.0718 7828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:37:07.0718 7828 Wanarpv6 - ok
09:37:07.0718 7828 wandrv - ok
09:37:07.0780 7828 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:37:07.0780 7828 WatAdminSvc - ok
09:37:07.0827 7828 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:37:07.0827 7828 wbengine - ok
09:37:07.0843 7828 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:37:07.0843 7828 WbioSrvc - ok
09:37:07.0874 7828 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:37:07.0874 7828 wcncsvc - ok
09:37:07.0889 7828 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:37:07.0889 7828 WcsPlugInService - ok
09:37:07.0905 7828 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:37:07.0905 7828 Wd - ok
09:37:07.0921 7828 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:37:07.0921 7828 Wdf01000 - ok
09:37:07.0936 7828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:37:07.0936 7828 WdiServiceHost - ok
09:37:07.0952 7828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:37:07.0952 7828 WdiSystemHost - ok
09:37:07.0967 7828 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:37:07.0967 7828 WebClient - ok
09:37:07.0983 7828 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:37:07.0983 7828 Wecsvc - ok
09:37:07.0999 7828 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:37:07.0999 7828 wercplsupport - ok
09:37:08.0014 7828 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:37:08.0030 7828 WerSvc - ok
09:37:08.0030 7828 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:37:08.0030 7828 WfpLwf - ok
09:37:08.0045 7828 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:37:08.0045 7828 WIMMount - ok
09:37:08.0092 7828 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:37:08.0092 7828 WinDefend - ok
09:37:08.0108 7828 WinFl32 - ok
09:37:08.0108 7828 WinHttpAutoProxySvc - ok
09:37:08.0139 7828 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:37:08.0139 7828 Winmgmt - ok
09:37:08.0155 7828 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:37:08.0170 7828 WinRM - ok
09:37:08.0201 7828 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:37:08.0201 7828 WinUsb - ok
09:37:08.0233 7828 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:37:08.0233 7828 Wlansvc - ok
09:37:08.0279 7828 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:37:08.0279 7828 WmiAcpi - ok
09:37:08.0295 7828 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:37:08.0295 7828 wmiApSrv - ok
09:37:08.0326 7828 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:37:08.0342 7828 WMPNetworkSvc - ok
09:37:08.0342 7828 WmVirHid - ok
09:37:08.0342 7828 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:37:08.0357 7828 WPCSvc - ok
09:37:08.0389 7828 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:37:08.0389 7828 WPDBusEnum - ok
09:37:08.0404 7828 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:37:08.0404 7828 ws2ifsl - ok
09:37:08.0435 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
09:37:08.0435 7828 WsAudio_DeviceS(1) - ok
09:37:08.0451 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
09:37:08.0451 7828 WsAudio_DeviceS(2) - ok
09:37:08.0482 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
09:37:08.0482 7828 WsAudio_DeviceS(3) - ok
09:37:08.0498 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
09:37:08.0498 7828 WsAudio_DeviceS(4) - ok
09:37:08.0498 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
09:37:08.0498 7828 WsAudio_DeviceS(5) - ok
09:37:08.0529 7828 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:37:08.0545 7828 wscsvc - ok
09:37:08.0545 7828 WSearch - ok
09:37:08.0545 7828 wtwservice - ok
09:37:08.0607 7828 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:37:08.0623 7828 wuauserv - ok
09:37:08.0638 7828 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:37:08.0638 7828 WudfPf - ok
09:37:08.0701 7828 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:37:08.0716 7828 WUDFRd - ok
09:37:08.0732 7828 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:37:08.0732 7828 wudfsvc - ok
09:37:08.0747 7828 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:37:08.0747 7828 WwanSvc - ok
09:37:08.0763 7828 Xyz777b - ok
09:37:08.0763 7828 ZDPSp50 - ok
09:37:08.0779 7828 _iomega_active_disk_service_ - ok
09:37:08.0779 7828 ================ Scan global ===============================
09:37:08.0794 7828 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:37:08.0825 7828 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:37:08.0825 7828 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:37:08.0841 7828 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:37:08.0857 7828 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:37:08.0857 7828 [Global] - ok
09:37:08.0857 7828 ================ Scan MBR ==================================
09:37:08.0872 7828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:37:09.0044 7828 \Device\Harddisk0\DR0 - ok
09:37:09.0059 7828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:37:11.0415 7828 \Device\Harddisk1\DR1 - ok
09:37:11.0415 7828 ================ Scan VBR ==================================
09:37:11.0431 7828 [ D8B6E720B2FA6BB796E01E58F775F07E ] \Device\Harddisk0\DR0\Partition1
09:37:11.0431 7828 \Device\Harddisk0\DR0\Partition1 - ok
09:37:11.0431 7828 [ E67A7DC82D0DCD752F61C7A7987DC4EB ] \Device\Harddisk0\DR0\Partition2
09:37:11.0446 7828 \Device\Harddisk0\DR0\Partition2 - ok
09:37:11.0446 7828 [ DAB23D81A3BBA37D44CE166429F72259 ] \Device\Harddisk1\DR1\Partition1
09:37:11.0446 7828 \Device\Harddisk1\DR1\Partition1 - ok
09:37:11.0446 7828 ============================================================
09:37:11.0446 7828 Scan finished
09:37:11.0446 7828 ============================================================
09:37:11.0462 2064 Detected object count: 0
09:37:11.0462 2064 Actual detected object count: 0
09:38:20.0151 1908 Deinitialize success

09:36:51.0073 0476 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:36:51.0353 0476 ============================================================
09:36:51.0353 0476 Current date / time: 2012/09/23 09:36:51.0353
09:36:51.0353 0476 SystemInfo:
09:36:51.0353 0476
09:36:51.0353 0476 OS Version: 6.1.7601 ServicePack: 1.0
09:36:51.0353 0476 Product type: Workstation
09:36:51.0353 0476 ComputerName: GEORGEMALZ-PC
09:36:51.0353 0476 UserName: George Malz
09:36:51.0353 0476 Windows directory: C:\Windows
09:36:51.0353 0476 System windows directory: C:\Windows
09:36:51.0353 0476 Processor architecture: Intel x86
09:36:51.0353 0476 Number of processors: 4
09:36:51.0353 0476 Page size: 0x1000
09:36:51.0353 0476 Boot type: Normal boot
09:36:51.0353 0476 ============================================================
09:36:52.0274 0476 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:36:52.0305 0476 Drive \Device\Harddisk1\DR1 - Size: 0xE8A5B0000 (58.16 Gb), SectorSize: 0x200, Cylinders: 0x1DA8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:36:52.0305 0476 ============================================================
09:36:52.0305 0476 \Device\Harddisk0\DR0:
09:36:52.0305 0476 MBR partitions:
09:36:52.0305 0476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:36:52.0305 0476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
09:36:52.0305 0476 \Device\Harddisk1\DR1:
09:36:52.0305 0476 MBR partitions:
09:36:52.0305 0476 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x7450E00
09:36:52.0305 0476 ============================================================
09:36:52.0336 0476 C: <-> \Device\Harddisk0\DR0\Partition2
09:36:52.0336 0476 ============================================================
09:36:52.0336 0476 Initialize success
09:36:52.0336 0476 ============================================================
09:36:55.0706 7828 ============================================================
09:36:55.0706 7828 Scan started
09:36:55.0706 7828 Mode: Manual;
09:36:55.0706 7828 ============================================================
09:36:56.0782 7828 ================ Scan system memory ========================
09:36:56.0782 7828 System memory - ok
09:36:56.0782 7828 ================ Scan services =============================
09:36:56.0907 7828 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:36:56.0907 7828 1394ohci - ok
09:36:56.0923 7828 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:36:56.0923 7828 ACPI - ok
09:36:56.0954 7828 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:36:56.0954 7828 AcpiPmi - ok
09:36:56.0969 7828 acrsch2svc - ok
09:36:57.0110 7828 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
09:36:57.0110 7828 Adobe Version Cue CS3 - ok
09:36:57.0172 7828 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:36:57.0172 7828 AdobeARMservice - ok
09:36:57.0188 7828 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:36:57.0188 7828 adp94xx - ok
09:36:57.0203 7828 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:36:57.0203 7828 adpahci - ok
09:36:57.0219 7828 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:36:57.0219 7828 adpu320 - ok
09:36:57.0250 7828 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:36:57.0250 7828 AeLookupSvc - ok
09:36:57.0297 7828 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:36:57.0297 7828 AFD - ok
09:36:57.0313 7828 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:36:57.0313 7828 agp440 - ok
09:36:57.0328 7828 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:36:57.0328 7828 aic78xx - ok
09:36:57.0344 7828 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:36:57.0344 7828 ALG - ok
09:36:57.0359 7828 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:36:57.0359 7828 aliide - ok
09:36:57.0359 7828 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:36:57.0359 7828 amdagp - ok
09:36:57.0375 7828 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:36:57.0375 7828 amdide - ok
09:36:57.0391 7828 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:36:57.0391 7828 AmdK8 - ok
09:36:57.0422 7828 AMDPCI - ok
09:36:57.0437 7828 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:36:57.0437 7828 AmdPPM - ok
09:36:57.0453 7828 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:36:57.0453 7828 amdsata - ok
09:36:57.0469 7828 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:36:57.0469 7828 amdsbs - ok
09:36:57.0484 7828 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:36:57.0484 7828 amdxata - ok
09:36:57.0500 7828 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:36:57.0500 7828 AppID - ok
09:36:57.0531 7828 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:36:57.0531 7828 AppIDSvc - ok
09:36:57.0562 7828 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:36:57.0562 7828 Appinfo - ok
09:36:57.0625 7828 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:36:57.0625 7828 Apple Mobile Device - ok
09:36:57.0656 7828 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:36:57.0656 7828 AppMgmt - ok
09:36:57.0687 7828 AppnApi - ok
09:36:57.0687 7828 appnnode - ok
09:36:57.0687 7828 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:36:57.0703 7828 arc - ok
09:36:57.0703 7828 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:36:57.0703 7828 arcsas - ok
09:36:57.0734 7828 ARPolicy - ok
09:36:57.0734 7828 ARSVC - ok
09:36:57.0765 7828 As6frin - ok
09:36:57.0781 7828 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:36:57.0781 7828 AsyncMac - ok
09:36:57.0781 7828 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:36:57.0781 7828 atapi - ok
09:36:57.0781 7828 ati2mpaa - ok
09:36:57.0812 7828 atirage3 - ok
09:36:57.0843 7828 ATIVXSTW - ok
09:36:57.0874 7828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:36:57.0874 7828 AudioEndpointBuilder - ok
09:36:57.0905 7828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:36:57.0905 7828 Audiosrv - ok
09:36:57.0921 7828 avgarcln - ok
09:36:57.0921 7828 avgtdi - ok
09:36:57.0937 7828 avsvcmonitor - ok
09:36:57.0968 7828 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:36:57.0983 7828 AxInstSV - ok
09:36:57.0983 7828 axsnmsvc - ok
09:36:57.0999 7828 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:36:58.0015 7828 b06bdrv - ok
09:36:58.0030 7828 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:36:58.0030 7828 b57nd60x - ok
09:36:58.0124 7828 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
09:36:58.0124 7828 BBSvc - ok
09:36:58.0155 7828 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
09:36:58.0155 7828 BBUpdate - ok
09:36:58.0171 7828 BCMModem - ok
09:36:58.0171 7828 BcmSqlStartupSvc - ok
09:36:58.0202 7828 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:36:58.0202 7828 BDESVC - ok
09:36:58.0202 7828 bdselfpr - ok
09:36:58.0233 7828 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:36:58.0233 7828 Beep - ok
09:36:58.0295 7828 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:36:58.0295 7828 BFE - ok
09:36:58.0295 7828 bh611 - ok
09:36:58.0327 7828 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:36:58.0327 7828 BITS - ok
09:36:58.0342 7828 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:36:58.0342 7828 blbdrive - ok
09:36:58.0405 7828 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:36:58.0405 7828 Bonjour Service - ok
09:36:58.0436 7828 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:36:58.0436 7828 bowser - ok
09:36:58.0436 7828 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:36:58.0436 7828 BrFiltLo - ok
09:36:58.0467 7828 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:36:58.0467 7828 BrFiltUp - ok
09:36:58.0514 7828 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:36:58.0514 7828 BridgeMP - ok
09:36:58.0561 7828 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:36:58.0561 7828 Browser - ok
09:36:58.0607 7828 [ 08C7E41FF10F56E83B4F10B5E8B1E8B6 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
09:36:58.0607 7828 BrSerIb - ok
09:36:58.0623 7828 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:36:58.0639 7828 Brserid - ok
09:36:58.0639 7828 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:36:58.0639 7828 BrSerWdm - ok
09:36:58.0670 7828 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:36:58.0670 7828 BrUsbMdm - ok
09:36:58.0670 7828 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:36:58.0670 7828 BrUsbSer - ok
09:36:58.0685 7828 [ 2132A117160F2A96A13C044AE9BCED91 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
09:36:58.0685 7828 BrUsbSIb - ok
09:36:58.0685 7828 bthidmgr - ok
09:36:58.0701 7828 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:36:58.0701 7828 BTHMODEM - ok
09:36:58.0717 7828 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:36:58.0717 7828 bthserv - ok
09:36:58.0732 7828 bwsvc - ok
09:36:58.0732 7828 CADlink - ok
09:36:58.0748 7828 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:36:58.0748 7828 cdfs - ok
09:36:58.0779 7828 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:36:58.0779 7828 cdrom - ok
09:36:58.0810 7828 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:36:58.0826 7828 CertPropSvc - ok
09:36:58.0826 7828 changer - ok
09:36:58.0841 7828 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:36:58.0841 7828 circlass - ok
09:36:58.0857 7828 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:36:58.0857 7828 CLFS - ok
09:36:58.0904 7828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:36:58.0904 7828 clr_optimization_v2.0.50727_32 - ok
09:36:58.0951 7828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:36:58.0951 7828 clr_optimization_v4.0.30319_32 - ok
09:36:58.0966 7828 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:36:58.0966 7828 CmBatt - ok
09:36:58.0982 7828 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:36:58.0982 7828 cmdide - ok
09:36:59.0029 7828 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:36:59.0029 7828 CNG - ok
09:36:59.0044 7828 CoachAud - ok
09:36:59.0060 7828 CoachUsb - ok
09:36:59.0075 7828 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:36:59.0075 7828 Compbatt - ok
09:36:59.0122 7828 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:36:59.0122 7828 CompositeBus - ok
09:36:59.0122 7828 COMSysApp - ok
09:36:59.0138 7828 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:36:59.0138 7828 crcdisk - ok
09:36:59.0169 7828 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:36:59.0169 7828 CryptSvc - ok
09:36:59.0216 7828 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:36:59.0216 7828 CSC - ok
09:36:59.0231 7828 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:36:59.0231 7828 CscService - ok
09:36:59.0231 7828 CVPNDRVA - ok
09:36:59.0263 7828 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:36:59.0263 7828 DcomLaunch - ok
09:36:59.0294 7828 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:36:59.0294 7828 defragsvc - ok
09:36:59.0309 7828 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:36:59.0309 7828 DfsC - ok
09:36:59.0341 7828 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:36:59.0341 7828 Dhcp - ok
09:36:59.0356 7828 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:36:59.0356 7828 discache - ok
09:36:59.0372 7828 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:36:59.0372 7828 Disk - ok
09:36:59.0387 7828 dlcc_device - ok
09:36:59.0387 7828 DM9102 - ok
09:36:59.0419 7828 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:36:59.0419 7828 Dnscache - ok
09:36:59.0450 7828 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:36:59.0465 7828 dot3svc - ok
09:36:59.0465 7828 downloadmanagerlite - ok
09:36:59.0497 7828 dphost - ok
09:36:59.0528 7828 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:36:59.0528 7828 DPS - ok
09:36:59.0543 7828 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:36:59.0559 7828 drmkaud - ok
09:36:59.0606 7828 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:36:59.0606 7828 DXGKrnl - ok
09:36:59.0621 7828 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:36:59.0621 7828 EapHost - ok
09:36:59.0684 7828 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:36:59.0699 7828 ebdrv - ok
09:36:59.0715 7828 eelsservice - ok
09:36:59.0746 7828 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:36:59.0746 7828 EFS - ok
09:36:59.0793 7828 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:36:59.0793 7828 ehRecvr - ok
09:36:59.0809 7828 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:36:59.0809 7828 ehSched - ok
09:36:59.0824 7828 EL2000 - ok
09:36:59.0824 7828 eloggersvc6 - ok
09:36:59.0855 7828 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:36:59.0855 7828 elxstor - ok
09:36:59.0855 7828 epoxusdm - ok
09:36:59.0871 7828 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:36:59.0887 7828 ErrDev - ok
09:36:59.0887 7828 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:36:59.0887 7828 EventSystem - ok
09:36:59.0918 7828 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:36:59.0918 7828 exfat - ok
09:36:59.0933 7828 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:36:59.0933 7828 fastfat - ok
09:36:59.0980 7828 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:36:59.0980 7828 Fax - ok
09:36:59.0996 7828 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:36:59.0996 7828 fdc - ok
09:37:00.0011 7828 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:37:00.0011 7828 fdPHost - ok
09:37:00.0027 7828 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:37:00.0027 7828 FDResPub - ok
09:37:00.0027 7828 FileDisk - ok
09:37:00.0043 7828 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:37:00.0043 7828 FileInfo - ok
09:37:00.0058 7828 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:37:00.0058 7828 Filetrace - ok
09:37:00.0058 7828 FINEPIX_PCC - ok
09:37:00.0105 7828 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:37:00.0105 7828 FLEXnet Licensing Service - ok
09:37:00.0121 7828 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:00.0121 7828 flpydisk - ok
09:37:00.0136 7828 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:37:00.0136 7828 FltMgr - ok
09:37:00.0183 7828 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:37:00.0199 7828 FontCache - ok
09:37:00.0230 7828 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:37:00.0230 7828 FontCache3.0.0.0 - ok
09:37:00.0245 7828 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:37:00.0245 7828 FsDepends - ok
09:37:00.0277 7828 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:37:00.0277 7828 Fs_Rec - ok
09:37:00.0292 7828 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:37:00.0292 7828 fvevol - ok
09:37:00.0308 7828 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:37:00.0308 7828 gagp30kx - ok
09:37:00.0386 7828 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:37:00.0386 7828 GEARAspiWDM - ok
09:37:00.0417 7828 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:37:00.0433 7828 gpsvc - ok
09:37:00.0479 7828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:00.0479 7828 gupdate - ok
09:37:00.0479 7828 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:00.0479 7828 gupdatem - ok
09:37:00.0526 7828 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:37:00.0526 7828 gusvc - ok
09:37:00.0526 7828 GVCplDrv - ok
09:37:00.0526 7828 ha10kx2k - ok
09:37:00.0542 7828 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:37:00.0542 7828 hcw85cir - ok
09:37:00.0589 7828 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:37:00.0589 7828 HdAudAddService - ok
09:37:00.0620 7828 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:37:00.0620 7828 HDAudBus - ok
09:37:00.0651 7828 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:37:00.0651 7828 HidBatt - ok
09:37:00.0667 7828 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:37:00.0667 7828 HidBth - ok
09:37:00.0667 7828 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:37:00.0667 7828 HidIr - ok
09:37:00.0682 7828 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:37:00.0682 7828 hidserv - ok
09:37:00.0713 7828 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:37:00.0713 7828 HidUsb - ok
09:37:00.0745 7828 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:37:00.0745 7828 hkmsvc - ok
09:37:00.0745 7828 hnmsvc - ok
09:37:00.0776 7828 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:37:00.0776 7828 HomeGroupListener - ok
09:37:00.0823 7828 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:37:00.0823 7828 HomeGroupProvider - ok
09:37:00.0854 7828 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:37:00.0854 7828 HpSAMD - ok
09:37:00.0869 7828 HPSLPSVC - ok
09:37:00.0869 7828 hpzius12 - ok
09:37:00.0916 7828 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:37:00.0916 7828 HTTP - ok
09:37:00.0932 7828 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:37:00.0932 7828 hwpolicy - ok
09:37:00.0947 7828 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:37:00.0947 7828 i8042prt - ok
09:37:00.0963 7828 iaimfp2 - ok
09:37:00.0994 7828 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:37:00.0994 7828 iaStorV - ok
09:37:01.0025 7828 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:37:01.0041 7828 idsvc - ok
09:37:01.0041 7828 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:37:01.0041 7828 iirsp - ok
09:37:01.0072 7828 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:37:01.0072 7828 IKEEXT - ok
09:37:01.0088 7828 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:37:01.0088 7828 intelide - ok
09:37:01.0103 7828 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:37:01.0103 7828 intelppm - ok
09:37:01.0119 7828 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:37:01.0119 7828 IPBusEnum - ok
09:37:01.0119 7828 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:37:01.0119 7828 IpFilterDriver - ok
09:37:01.0150 7828 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:37:01.0150 7828 iphlpsvc - ok
09:37:01.0166 7828 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:37:01.0166 7828 IPMIDRV - ok
09:37:01.0181 7828 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:37:01.0181 7828 IPNAT - ok
09:37:01.0228 7828 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:37:01.0244 7828 iPod Service - ok
09:37:01.0244 7828 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:37:01.0244 7828 IRENUM - ok
09:37:01.0259 7828 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:37:01.0259 7828 isapnp - ok
09:37:01.0275 7828 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:37:01.0275 7828 iScsiPrt - ok
09:37:01.0275 7828 ispwdsvc - ok
09:37:01.0291 7828 jobserver_report - ok
09:37:01.0306 7828 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:37:01.0306 7828 kbdclass - ok
09:37:01.0322 7828 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:37:01.0322 7828 kbdhid - ok
09:37:01.0322 7828 kbfiltr - ok
09:37:01.0337 7828 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:37:01.0337 7828 KeyIso - ok
09:37:01.0337 7828 KMWDFilter - ok
09:37:01.0337 7828 KR3NPXP - ok
09:37:01.0353 7828 kraidsvc - ok
09:37:01.0384 7828 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:37:01.0384 7828 KSecDD - ok
09:37:01.0400 7828 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:37:01.0415 7828 KSecPkg - ok
09:37:01.0415 7828 kservice - ok
09:37:01.0431 7828 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:37:01.0431 7828 KtmRm - ok
09:37:01.0462 7828 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:37:01.0462 7828 LanmanServer - ok
09:37:01.0462 7828 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:37:01.0478 7828 LanmanWorkstation - ok
09:37:01.0493 7828 LC7981 - ok
09:37:01.0509 7828 LEX_AS_NIC_SERVICE_YNOS - ok
09:37:01.0509 7828 lhidflt2 - ok
09:37:01.0509 7828 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:37:01.0509 7828 lltdio - ok
09:37:01.0525 7828 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:37:01.0540 7828 lltdsvc - ok
09:37:01.0556 7828 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:37:01.0556 7828 lmhosts - ok
09:37:01.0556 7828 LMouFilt - ok
09:37:01.0587 7828 LoopBeMidi1 - ok
09:37:01.0603 7828 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:37:01.0603 7828 LSI_FC - ok
09:37:01.0618 7828 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:37:01.0618 7828 LSI_SAS - ok
09:37:01.0634 7828 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:37:01.0634 7828 LSI_SAS2 - ok
09:37:01.0649 7828 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:37:01.0649 7828 LSI_SCSI - ok
09:37:01.0649 7828 ltxred - ok
09:37:01.0665 7828 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:37:01.0665 7828 luafv - ok
09:37:01.0681 7828 lxbs_device - ok
09:37:01.0681 7828 mapserver6.3 - ok
09:37:01.0727 7828 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:37:01.0727 7828 MBAMProtector - ok
09:37:01.0774 7828 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:37:01.0790 7828 MBAMScheduler - ok
09:37:01.0805 7828 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:37:01.0805 7828 MBAMService - ok
09:37:01.0821 7828 mcvsrte - ok
09:37:01.0852 7828 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:37:01.0852 7828 Mcx2Svc - ok
09:37:01.0852 7828 mdmxsdk - ok
09:37:01.0868 7828 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:37:01.0868 7828 megasas - ok
09:37:01.0883 7828 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:37:01.0883 7828 MegaSR - ok
09:37:01.0899 7828 mgabgexe - ok
09:37:01.0946 7828 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:37:01.0946 7828 Microsoft Office Groove Audit Service - ok
09:37:01.0961 7828 mindrepair - ok
09:37:01.0977 7828 mksupdateint - ok
09:37:01.0977 7828 mks_scan - ok
09:37:01.0977 7828 mldserv - ok
09:37:01.0993 7828 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:37:02.0008 7828 MMCSS - ok
09:37:02.0008 7828 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:37:02.0008 7828 Modem - ok
09:37:02.0039 7828 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:37:02.0039 7828 monitor - ok
09:37:02.0071 7828 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:37:02.0071 7828 mouclass - ok
09:37:02.0086 7828 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:37:02.0086 7828 mouhid - ok
09:37:02.0117 7828 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:37:02.0117 7828 mountmgr - ok
09:37:02.0133 7828 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:37:02.0133 7828 mpio - ok
09:37:02.0149 7828 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:37:02.0149 7828 mpsdrv - ok
09:37:02.0211 7828 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:37:02.0211 7828 MpsSvc - ok
09:37:02.0227 7828 mraid35x - ok
09:37:02.0258 7828 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:37:02.0258 7828 MRxDAV - ok
09:37:02.0289 7828 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:37:02.0289 7828 mrxsmb - ok
09:37:02.0320 7828 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:37:02.0336 7828 mrxsmb10 - ok
09:37:02.0336 7828 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:37:02.0336 7828 mrxsmb20 - ok
09:37:02.0351 7828 MS1000 - ok
09:37:02.0351 7828 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:37:02.0351 7828 msahci - ok
09:37:02.0383 7828 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:37:02.0383 7828 msdsm - ok
09:37:02.0398 7828 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:37:02.0398 7828 MSDTC - ok
09:37:02.0429 7828 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:37:02.0429 7828 Msfs - ok
09:37:02.0429 7828 msftpsvc - ok
09:37:02.0445 7828 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:37:02.0445 7828 mshidkmdf - ok
09:37:02.0461 7828 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:37:02.0461 7828 msisadrv - ok
09:37:02.0492 7828 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:37:02.0492 7828 MSiSCSI - ok
09:37:02.0492 7828 msiserver - ok
09:37:02.0507 7828 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:37:02.0507 7828 MSKSSRV - ok
09:37:02.0523 7828 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:37:02.0523 7828 MSPCLOCK - ok
09:37:02.0539 7828 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:37:02.0539 7828 MSPQM - ok
09:37:02.0554 7828 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:37:02.0554 7828 MsRPC - ok
09:37:02.0570 7828 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:37:02.0570 7828 mssmbios - ok
09:37:02.0570 7828 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:37:02.0570 7828 MSTEE - ok
09:37:02.0585 7828 MTC0001_ESB - ok
09:37:02.0601 7828 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:37:02.0601 7828 MTConfig - ok
09:37:02.0617 7828 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:37:02.0617 7828 Mup - ok
09:37:02.0617 7828 mwssched - ok
09:37:02.0632 7828 mwstick - ok
09:37:02.0648 7828 mxserver - ok
09:37:02.0695 7828 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:37:02.0695 7828 napagent - ok
09:37:02.0726 7828 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:37:02.0726 7828 NativeWifiP - ok
09:37:02.0773 7828 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:37:02.0773 7828 NDIS - ok
09:37:02.0788 7828 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:37:02.0788 7828 NdisCap - ok
09:37:02.0804 7828 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:37:02.0804 7828 NdisTapi - ok
09:37:02.0835 7828 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:37:02.0835 7828 Ndisuio - ok
09:37:02.0866 7828 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:37:02.0866 7828 NdisWan - ok
09:37:02.0882 7828 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:37:02.0882 7828 NDProxy - ok
09:37:02.0882 7828 neokdss - ok
09:37:02.0897 7828 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:37:02.0897 7828 NetBIOS - ok
09:37:02.0929 7828 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:37:02.0929 7828 NetBT - ok
09:37:02.0944 7828 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:37:02.0944 7828 Netlogon - ok
09:37:02.0975 7828 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:37:02.0975 7828 Netman - ok
09:37:02.0991 7828 NetMsmqActivator - ok
09:37:03.0007 7828 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:37:03.0007 7828 netprofm - ok
09:37:03.0022 7828 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:37:03.0022 7828 NetTcpPortSharing - ok
09:37:03.0038 7828 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:37:03.0038 7828 nfrd960 - ok
09:37:03.0053 7828 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:37:03.0053 7828 NlaSvc - ok
09:37:03.0100 7828 [ 0E58F99692802C501454EAC3D2AC3394 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:37:03.0100 7828 nosGetPlusHelper - ok
09:37:03.0100 7828 npapimon - ok
09:37:03.0116 7828 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:37:03.0131 7828 Npfs - ok
09:37:03.0147 7828 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:37:03.0147 7828 nsi - ok
09:37:03.0163 7828 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:37:03.0163 7828 nsiproxy - ok
09:37:03.0194 7828 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:37:03.0225 7828 Ntfs - ok
09:37:03.0241 7828 ntsyslog - ok
09:37:03.0256 7828 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:37:03.0256 7828 Null - ok
09:37:03.0287 7828 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
09:37:03.0287 7828 NVENETFD - ok
09:37:03.0459 7828 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:37:03.0521 7828 nvlddmkm - ok
09:37:03.0537 7828 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:37:03.0537 7828 nvraid - ok
09:37:03.0568 7828 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:37:03.0568 7828 nvstor - ok
09:37:03.0584 7828 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:37:03.0584 7828 nv_agp - ok
09:37:03.0599 7828 nwlnkfwd - ok
09:37:03.0646 7828 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:37:03.0646 7828 odserv - ok
09:37:03.0677 7828 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:37:03.0677 7828 ohci1394 - ok
09:37:03.0693 7828 om518p - ok
09:37:03.0709 7828 oraclemtsrecoveryservice - ok
09:37:03.0724 7828 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:37:03.0724 7828 ose - ok
09:37:03.0771 7828 [ 257190D58444732B68919C573368B64D ] OXSDIDRV_x32 C:\Windows\system32\DRIVERS\OXSDIDRV_x32.sys
09:37:03.0771 7828 OXSDIDRV_x32 - ok
09:37:03.0818 7828 [ 8F534A8630F6BABA92E14531F96906CD ] OXUDIDRV C:\Windows\system32\Drivers\OXUDIDRV_X32.sys
09:37:03.0818 7828 OXUDIDRV - ok
09:37:03.0833 7828 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:37:03.0833 7828 p2pimsvc - ok
09:37:03.0849 7828 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:37:03.0849 7828 p2psvc - ok
09:37:03.0865 7828 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:37:03.0865 7828 Parport - ok
09:37:03.0896 7828 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:37:03.0911 7828 partmgr - ok
09:37:03.0911 7828 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:37:03.0911 7828 Parvdm - ok
09:37:03.0927 7828 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:37:03.0943 7828 PcaSvc - ok
09:37:03.0943 7828 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:37:03.0958 7828 pci - ok
09:37:03.0958 7828 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:37:03.0958 7828 pciide - ok
09:37:03.0974 7828 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:37:03.0974 7828 pcmcia - ok
09:37:03.0989 7828 pcouffin - ok
09:37:03.0989 7828 pcradminserver - ok
09:37:04.0005 7828 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:37:04.0005 7828 pcw - ok
09:37:04.0036 7828 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:37:04.0036 7828 PEAUTH - ok
09:37:04.0067 7828 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:37:04.0083 7828 PeerDistSvc - ok
09:37:04.0099 7828 pinger - ok
09:37:04.0161 7828 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:37:04.0161 7828 pla - ok
09:37:04.0208 7828 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:37:04.0208 7828 PlugPlay - ok
09:37:04.0223 7828 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:37:04.0223 7828 PNRPAutoReg - ok
09:37:04.0239 7828 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:37:04.0239 7828 PNRPsvc - ok
09:37:04.0255 7828 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:37:04.0270 7828 PolicyAgent - ok
09:37:04.0286 7828 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:37:04.0286 7828 Power - ok
09:37:04.0301 7828 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:37:04.0301 7828 PptpMiniport - ok
09:37:04.0317 7828 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:37:04.0317 7828 Processor - ok
09:37:04.0348 7828 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:37:04.0348 7828 ProfSvc - ok
09:37:04.0364 7828 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:37:04.0364 7828 ProtectedStorage - ok
09:37:04.0379 7828 proxyhostmirrordisplay - ok
09:37:04.0411 7828 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:37:04.0411 7828 Psched - ok
09:37:04.0426 7828 qhwscsvc - ok
09:37:04.0457 7828 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:37:04.0473 7828 ql2300 - ok
09:37:04.0489 7828 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:37:04.0489 7828 ql40xx - ok
09:37:04.0504 7828 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:37:04.0520 7828 QWAVE - ok
09:37:04.0520 7828 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:37:04.0520 7828 QWAVEdrv - ok
09:37:04.0535 7828 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:37:04.0535 7828 RasAcd - ok
09:37:04.0551 7828 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:37:04.0551 7828 RasAgileVpn - ok
09:37:04.0551 7828 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:37:04.0551 7828 RasAuto - ok
09:37:04.0567 7828 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:37:04.0567 7828 Rasl2tp - ok
09:37:04.0598 7828 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:37:04.0598 7828 RasMan - ok
09:37:04.0613 7828 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:37:04.0613 7828 RasPppoe - ok
09:37:04.0629 7828 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:37:04.0629 7828 RasSstp - ok
09:37:04.0629 7828 rca - ok
09:37:04.0645 7828 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:37:04.0645 7828 rdbss - ok
09:37:04.0645 7828 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:37:04.0645 7828 rdpbus - ok
09:37:04.0676 7828 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:37:04.0676 7828 RDPCDD - ok
09:37:04.0691 7828 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:37:04.0707 7828 RDPDR - ok
09:37:04.0723 7828 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:37:04.0723 7828 RDPENCDD - ok
09:37:04.0723 7828 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:37:04.0723 7828 RDPREFMP - ok
09:37:04.0738 7828 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:37:04.0754 7828 RDPWD - ok
09:37:04.0785 7828 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:37:04.0785 7828 rdyboost - ok
09:37:04.0816 7828 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:37:04.0816 7828 RemoteAccess - ok
09:37:04.0816 7828 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:37:04.0832 7828 RemoteRegistry - ok
09:37:04.0863 7828 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:37:04.0863 7828 RichVideo - ok
09:37:04.0894 7828 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:37:04.0894 7828 RimUsb - ok
09:37:04.0925 7828 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
09:37:04.0925 7828 RimVSerPort - ok
09:37:04.0941 7828 riomsc - ok
09:37:04.0957 7828 rismxdp - ok
09:37:04.0972 7828 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:37:04.0972 7828 ROOTMODEM - ok
09:37:04.0972 7828 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:37:04.0972 7828 RpcEptMapper - ok
09:37:04.0988 7828 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:37:04.0988 7828 RpcLocator - ok
09:37:05.0003 7828 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:37:05.0003 7828 RpcSs - ok
09:37:05.0019 7828 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:37:05.0019 7828 rspndr - ok
09:37:05.0035 7828 rupsmon - ok
09:37:05.0035 7828 s117mdfl - ok
09:37:05.0050 7828 s125bus - ok
09:37:05.0050 7828 s217unic - ok
09:37:05.0081 7828 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:37:05.0081 7828 s3cap - ok
09:37:05.0097 7828 s616mgmt - ok
09:37:05.0175 7828 SABKUTIL - ok
09:37:05.0175 7828 SaiNtHid - ok
09:37:05.0175 7828 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:37:05.0191 7828 SamSs - ok
09:37:05.0206 7828 sandboxu - ok
09:37:05.0237 7828 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:37:05.0237 7828 sbp2port - ok
09:37:05.0253 7828 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:37:05.0253 7828 SCardSvr - ok
09:37:05.0269 7828 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:37:05.0269 7828 scfilter - ok
09:37:05.0315 7828 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:37:05.0315 7828 Schedule - ok
09:37:05.0331 7828 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:37:05.0331 7828 SCPolicySvc - ok
09:37:05.0362 7828 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:37:05.0362 7828 SDRSVC - ok
09:37:05.0378 7828 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:37:05.0378 7828 secdrv - ok
09:37:05.0393 7828 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:37:05.0393 7828 seclogon - ok
09:37:05.0409 7828 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:37:05.0425 7828 SENS - ok
09:37:05.0440 7828 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:37:05.0440 7828 SensrSvc - ok
09:37:05.0456 7828 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:37:05.0456 7828 Serenum - ok
09:37:05.0456 7828 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:37:05.0456 7828 Serial - ok
09:37:05.0471 7828 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:37:05.0471 7828 sermouse - ok
09:37:05.0503 7828 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:37:05.0503 7828 SessionEnv - ok
09:37:05.0534 7828 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:37:05.0549 7828 sffdisk - ok
09:37:05.0549 7828 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:37:05.0549 7828 sffp_mmc - ok
09:37:05.0549 7828 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:37:05.0549 7828 sffp_sd - ok
09:37:05.0565 7828 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:37:05.0565 7828 sfloppy - ok
09:37:05.0596 7828 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:37:05.0596 7828 SharedAccess - ok
09:37:05.0612 7828 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:37:05.0612 7828 ShellHWDetection - ok
09:37:05.0643 7828 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:37:05.0643 7828 sisagp - ok
09:37:05.0659 7828 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:37:05.0659 7828 SiSRaid2 - ok
09:37:05.0659 7828 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:37:05.0659 7828 SiSRaid4 - ok
09:37:05.0705 7828 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:37:05.0705 7828 SkypeUpdate - ok
09:37:05.0721 7828 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:37:05.0721 7828 Smb - ok
09:37:05.0737 7828 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:37:05.0737 7828 SNMPTRAP - ok
09:37:05.0752 7828 sonywbms - ok
09:37:05.0752 7828 sparrow - ok
09:37:05.0768 7828 spbbcdrv - ok
09:37:05.0783 7828 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:37:05.0783 7828 spldr - ok
09:37:05.0783 7828 spmd - ok
09:37:05.0815 7828 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:37:05.0830 7828 Spooler - ok
09:37:05.0908 7828 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:37:05.0924 7828 sppsvc - ok
09:37:05.0955 7828 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:37:05.0955 7828 sppuinotify - ok
09:37:05.0971 7828 SQLAgent$MICROSOFTBCM - ok
09:37:06.0017 7828 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:37:06.0017 7828 srv - ok
09:37:06.0033 7828 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:37:06.0033 7828 srv2 - ok
09:37:06.0049 7828 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:37:06.0049 7828 srvnet - ok
09:37:06.0064 7828 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:37:06.0064 7828 SSDPSRV - ok
09:37:06.0080 7828 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:37:06.0080 7828 SstpSvc - ok
09:37:06.0095 7828 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:37:06.0095 7828 stexstor - ok
09:37:06.0095 7828 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:37:06.0095 7828 StillCam - ok
09:37:06.0127 7828 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:37:06.0142 7828 StiSvc - ok
09:37:06.0173 7828 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:37:06.0173 7828 storflt - ok
09:37:06.0189 7828 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
09:37:06.0189 7828 StorSvc - ok
09:37:06.0205 7828 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:37:06.0205 7828 storvsc - ok
09:37:06.0220 7828 susbser - ok
09:37:06.0220 7828 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:37:06.0220 7828 swenum - ok
09:37:06.0251 7828 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:37:06.0251 7828 swprv - ok
09:37:06.0251 7828 symantecantibotdriver - ok
09:37:06.0298 7828 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:37:06.0314 7828 SysMain - ok
09:37:06.0345 7828 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:37:06.0345 7828 TabletInputService - ok
09:37:06.0376 7828 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:37:06.0376 7828 TapiSrv - ok
09:37:06.0407 7828 [ 5D8C820E2D885C25FFC6BBC5D4FE073C ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
09:37:06.0407 7828 tbhsd - ok
09:37:06.0423 7828 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:37:06.0423 7828 TBS - ok
09:37:06.0439 7828 TClass2k - ok
09:37:06.0485 7828 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:37:06.0485 7828 Tcpip - ok
09:37:06.0532 7828 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:37:06.0532 7828 TCPIP6 - ok
09:37:06.0548 7828 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:37:06.0548 7828 tcpipreg - ok
09:37:06.0579 7828 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:37:06.0579 7828 TDPIPE - ok
09:37:06.0610 7828 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:37:06.0610 7828 TDTCP - ok
09:37:06.0657 7828 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:37:06.0657 7828 tdx - ok
09:37:06.0657 7828 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:37:06.0673 7828 TermDD - ok
09:37:06.0688 7828 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:37:06.0688 7828 TermService - ok
09:37:06.0704 7828 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:37:06.0704 7828 Themes - ok
09:37:06.0704 7828 thinkpadmodemservice - ok
09:37:06.0719 7828 thpsrv - ok
09:37:06.0735 7828 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:37:06.0735 7828 THREADORDER - ok
09:37:06.0751 7828 tng-dts - ok
09:37:06.0751 7828 toddsrv - ok
09:37:06.0766 7828 transcode360 - ok
09:37:06.0782 7828 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:37:06.0782 7828 TrkWks - ok
09:37:06.0797 7828 trlokom_rmhsvc - ok
09:37:06.0829 7828 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:37:06.0829 7828 TrustedInstaller - ok
09:37:06.0844 7828 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:37:06.0844 7828 tssecsrv - ok
09:37:06.0860 7828 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:37:06.0860 7828 TsUsbFlt - ok
09:37:06.0875 7828 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:37:06.0875 7828 tunnel - ok
09:37:06.0875 7828 U2SP - ok
09:37:06.0907 7828 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:37:06.0907 7828 uagp35 - ok
09:37:06.0922 7828 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:37:06.0922 7828 udfs - ok
09:37:06.0938 7828 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:37:06.0938 7828 UI0Detect - ok
09:37:06.0953 7828 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:37:06.0953 7828 uliagpkx - ok
09:37:06.0969 7828 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:37:06.0969 7828 umbus - ok
09:37:06.0969 7828 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:37:06.0969 7828 UmPass - ok
09:37:07.0000 7828 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:37:07.0016 7828 UmRdpService - ok
09:37:07.0016 7828 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:37:07.0031 7828 upnphost - ok
09:37:07.0063 7828 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:37:07.0063 7828 USBAAPL - ok
09:37:07.0078 7828 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:37:07.0078 7828 usbaudio - ok
09:37:07.0125 7828 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:37:07.0125 7828 usbccgp - ok
09:37:07.0156 7828 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:37:07.0156 7828 usbcir - ok
09:37:07.0156 7828 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:37:07.0156 7828 usbehci - ok
09:37:07.0187 7828 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:37:07.0187 7828 usbhub - ok
09:37:07.0187 7828 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:37:07.0187 7828 usbohci - ok
09:37:07.0203 7828 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:37:07.0203 7828 usbprint - ok
09:37:07.0234 7828 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:37:07.0234 7828 usbscan - ok
09:37:07.0250 7828 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:37:07.0250 7828 USBSTOR - ok
09:37:07.0250 7828 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:37:07.0250 7828 usbuhci - ok
09:37:07.0265 7828 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:37:07.0265 7828 UxSms - ok
09:37:07.0265 7828 vaiomediaplatform-integratedserver-upnp - ok
09:37:07.0281 7828 VAIOMediaPlatform-MusicServer-HTTP - ok
09:37:07.0297 7828 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:37:07.0297 7828 VaultSvc - ok
09:37:07.0297 7828 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:37:07.0297 7828 vdrvroot - ok
09:37:07.0343 7828 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:37:07.0343 7828 vds - ok
09:37:07.0359 7828 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:37:07.0359 7828 vga - ok
09:37:07.0375 7828 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:37:07.0375 7828 VgaSave - ok
09:37:07.0390 7828 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:37:07.0406 7828 vhdmp - ok
09:37:07.0421 7828 Via4in1 - ok
09:37:07.0421 7828 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:37:07.0437 7828 viaagp - ok
09:37:07.0453 7828 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:37:07.0453 7828 ViaC7 - ok
09:37:07.0453 7828 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:37:07.0453 7828 viaide - ok
09:37:07.0468 7828 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:37:07.0468 7828 vmbus - ok
09:37:07.0484 7828 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:37:07.0484 7828 VMBusHID - ok
09:37:07.0499 7828 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:37:07.0499 7828 volmgr - ok
09:37:07.0515 7828 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:37:07.0515 7828 volmgrx - ok
09:37:07.0531 7828 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:37:07.0531 7828 volsnap - ok
09:37:07.0531 7828 vpn5000service - ok
09:37:07.0546 7828 vpnva - ok
09:37:07.0546 7828 VRFIL - ok
09:37:07.0562 7828 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:37:07.0562 7828 vsmraid - ok
09:37:07.0609 7828 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:37:07.0624 7828 VSS - ok
09:37:07.0640 7828 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:37:07.0640 7828 vwifibus - ok
09:37:07.0640 7828 vxsvc - ok
09:37:07.0640 7828 vzcdbsvc - ok
09:37:07.0655 7828 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:37:07.0655 7828 W32Time - ok
09:37:07.0671 7828 W700mdfl - ok
09:37:07.0687 7828 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:37:07.0687 7828 WacomPen - ok
09:37:07.0702 7828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:37:07.0702 7828 WANARP - ok
09:37:07.0718 7828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:37:07.0718 7828 Wanarpv6 - ok
09:37:07.0718 7828 wandrv - ok
09:37:07.0780 7828 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:37:07.0780 7828 WatAdminSvc - ok
09:37:07.0827 7828 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:37:07.0827 7828 wbengine - ok
09:37:07.0843 7828 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:37:07.0843 7828 WbioSrvc - ok
09:37:07.0874 7828 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:37:07.0874 7828 wcncsvc - ok
09:37:07.0889 7828 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:37:07.0889 7828 WcsPlugInService - ok
09:37:07.0905 7828 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:37:07.0905 7828 Wd - ok
09:37:07.0921 7828 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:37:07.0921 7828 Wdf01000 - ok
09:37:07.0936 7828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:37:07.0936 7828 WdiServiceHost - ok
09:37:07.0952 7828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:37:07.0952 7828 WdiSystemHost - ok
09:37:07.0967 7828 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:37:07.0967 7828 WebClient - ok
09:37:07.0983 7828 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:37:07.0983 7828 Wecsvc - ok
09:37:07.0999 7828 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:37:07.0999 7828 wercplsupport - ok
09:37:08.0014 7828 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:37:08.0030 7828 WerSvc - ok
09:37:08.0030 7828 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:37:08.0030 7828 WfpLwf - ok
09:37:08.0045 7828 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:37:08.0045 7828 WIMMount - ok
09:37:08.0092 7828 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:37:08.0092 7828 WinDefend - ok
09:37:08.0108 7828 WinFl32 - ok
09:37:08.0108 7828 WinHttpAutoProxySvc - ok
09:37:08.0139 7828 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:37:08.0139 7828 Winmgmt - ok
09:37:08.0155 7828 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:37:08.0170 7828 WinRM - ok
09:37:08.0201 7828 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:37:08.0201 7828 WinUsb - ok
09:37:08.0233 7828 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:37:08.0233 7828 Wlansvc - ok
09:37:08.0279 7828 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:37:08.0279 7828 WmiAcpi - ok
09:37:08.0295 7828 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:37:08.0295 7828 wmiApSrv - ok
09:37:08.0326 7828 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:37:08.0342 7828 WMPNetworkSvc - ok
09:37:08.0342 7828 WmVirHid - ok
09:37:08.0342 7828 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:37:08.0357 7828 WPCSvc - ok
09:37:08.0389 7828 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:37:08.0389 7828 WPDBusEnum - ok
09:37:08.0404 7828 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:37:08.0404 7828 ws2ifsl - ok
09:37:08.0435 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
09:37:08.0435 7828 WsAudio_DeviceS(1) - ok
09:37:08.0451 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
09:37:08.0451 7828 WsAudio_DeviceS(2) - ok
09:37:08.0482 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
09:37:08.0482 7828 WsAudio_DeviceS(3) - ok
09:37:08.0498 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
09:37:08.0498 7828 WsAudio_DeviceS(4) - ok
09:37:08.0498 7828 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
09:37:08.0498 7828 WsAudio_DeviceS(5) - ok
09:37:08.0529 7828 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:37:08.0545 7828 wscsvc - ok
09:37:08.0545 7828 WSearch - ok
09:37:08.0545 7828 wtwservice - ok
09:37:08.0607 7828 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:37:08.0623 7828 wuauserv - ok
09:37:08.0638 7828 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:37:08.0638 7828 WudfPf - ok
09:37:08.0701 7828 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:37:08.0716 7828 WUDFRd - ok
09:37:08.0732 7828 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:37:08.0732 7828 wudfsvc - ok
09:37:08.0747 7828 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:37:08.0747 7828 WwanSvc - ok
09:37:08.0763 7828 Xyz777b - ok
09:37:08.0763 7828 ZDPSp50 - ok
09:37:08.0779 7828 _iomega_active_disk_service_ - ok
09:37:08.0779 7828 ================ Scan global ===============================
09:37:08.0794 7828 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:37:08.0825 7828 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:37:08.0825 7828 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:37:08.0841 7828 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:37:08.0857 7828 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:37:08.0857 7828 [Global] - ok
09:37:08.0857 7828 ================ Scan MBR ==================================
09:37:08.0872 7828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:37:09.0044 7828 \Device\Harddisk0\DR0 - ok
09:37:09.0059 7828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:37:11.0415 7828 \Device\Harddisk1\DR1 - ok
09:37:11.0415 7828 ================ Scan VBR ==================================
09:37:11.0431 7828 [ D8B6E720B2FA6BB796E01E58F775F07E ] \Device\Harddisk0\DR0\Partition1
09:37:11.0431 7828 \Device\Harddisk0\DR0\Partition1 - ok
09:37:11.0431 7828 [ E67A7DC82D0DCD752F61C7A7987DC4EB ] \Device\Harddisk0\DR0\Partition2
09:37:11.0446 7828 \Device\Harddisk0\DR0\Partition2 - ok
09:37:11.0446 7828 [ DAB23D81A3BBA37D44CE166429F72259 ] \Device\Harddisk1\DR1\Partition1
09:37:11.0446 7828 \Device\Harddisk1\DR1\Partition1 - ok
09:37:11.0446 7828 ============================================================
09:37:11.0446 7828 Scan finished
09:37:11.0446 7828 ============================================================
09:37:11.0462 2064 Detected object count: 0
09:37:11.0462 2064 Actual detected object count: 0
09:38:20.0151 1908 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 10:19:36
-----------------------------
10:19:36.406 OS Version: Windows 6.1.7601 Service Pack 1
10:19:36.406 Number of processors: 4 586 0xF0B
10:19:36.406 ComputerName: GEORGEMALZ-PC UserName: George Malz
10:19:38.684 Initialize success
10:21:41.377 AVAST engine defs: 12092300
10:24:45.956 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
10:24:45.956 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
10:24:45.972 Disk 0 MBR read successfully
10:24:45.972 Disk 0 MBR scan
10:24:45.972 Disk 0 Windows 7 default MBR code
10:24:45.988 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:24:45.988 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:24:46.003 Disk 0 scanning sectors +976771072
10:24:46.081 Disk 0 scanning C:\Windows\system32\drivers
10:24:55.363 Service scanning
10:25:12.476 Modules scanning
10:25:16.922 Disk 0 trace - called modules:
10:25:16.938 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
10:25:17.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864bd3a8]
10:25:17.437 3 CLASSPNP.SYS[8a86d59e] -> nt!IofCallDriver -> [0x85462f08]
10:25:17.437 5 ACPI.sys[8a0c03d4] -> nt!IofCallDriver -> \Device\0000005f[0x85462920]
10:25:18.467 AVAST engine scan C:\Windows
10:25:20.432 AVAST engine scan C:\Windows\system32
10:27:51.440 AVAST engine scan C:\Windows\system32\drivers
10:28:04.529 AVAST engine scan C:\Users\George Malz
10:30:50.919 Disk 0 MBR has been saved successfully to "C:\Users\George Malz\Desktop\MBR.dat"
10:30:50.935 The log file has been saved successfully to "C:\Users\George Malz\Desktop\aswMBR.txt"

#8 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 24 September 2012 - 06:21 PM

Sorry to keep bugging you Gringo, just wondering are you continuing with my computer after all, if so I would like to tell you that I am getting the blue screens and sudden shutdowns more frequently now... all this started when we started this analysis of the computer ... should I do something or is everything alright.

George

#9 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 27 September 2012 - 08:02 AM

Hello Gringo, my browser window are now shuting down when I try to go to a site. I was going to send this from another computer but for some reason it is working but I could not send emails from 2 gmail windows or Explorer shutdown and I could not look at this web page http://www.theweathernetwork.com/weather/CAON0441?ie9pinning=ture or explorer shut down + I am getting blue windows and windows is shutting down ... Please help ... are you still working on my topic?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 PM

Posted 28 September 2012 - 09:22 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:26 PM

Posted 28 September 2012 - 09:28 PM

Topic moved to proper forum.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 PM

Posted 28 September 2012 - 09:31 PM

Thank you orange and adam see post 10


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 28 September 2012 - 09:52 PM

ComboFix 12-09-27.03 - George Malz 28/09/2012 22:42:07.15.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2558.1635 [GMT -4:00]
Running from: c:\users\George Malz\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 02:48 . 2012-09-29 02:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-29 02:48 . 2012-09-29 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 02:48 . 2012-09-29 02:48 -------- d-----w- c:\users\AlexanderNatalia\AppData\Local\temp
2012-09-28 06:47 . 2012-09-29 00:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC9BBCC3-36A7-4E85-A41D-647CBA7F3C85}\offreg.dll
2012-09-28 06:46 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC9BBCC3-36A7-4E85-A41D-647CBA7F3C85}\mpengine.dll
2012-09-26 01:36 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 16:08 . 2012-09-24 16:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-23 13:46 . 2012-09-23 13:46 -------- d-----w- c:\users\George Malz\AppData\Roaming\Canon
2012-09-13 19:55 . 2012-09-13 19:55 -------- d-----w- c:\program files\Microsoft
2012-09-13 19:55 . 2012-09-13 19:55 -------- d-----w- c:\program files\Common Files\Skype
2012-09-12 06:26 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 06:26 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:26 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:26 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:26 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:26 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 16:08 . 2010-10-01 20:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-24 16:08 . 2010-10-01 20:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 21:04 . 2011-02-21 20:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 17:47 . 2012-08-15 05:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 05:59 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 05:59 102912 ----a-w- c:\windows\system32\browser.dll
2011-06-16 04:17 . 2011-07-10 02:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-09 39408]
"cdloader"="c:\users\George Malz\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-24 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^George Malz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\George Malz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-30 02:14 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
R1 SABKUTIL;SABKUTIL;c:\users\George Malz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0A3FDPT\SASKUTIL.SYS [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 pcouffin;Exportit;c:\windows\system32\svchost.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
kbfiltr
FlexBios
rpcsvr4x
vzcdbsvc
oracle_load_balancer_60_client-forms6ip14
MTC0001_ESB
cmdmon
epoxusdm
ptilink
atdisk
ntrtscan
Ndisipo
ALABULK
cwcwdm
scramby
ixiaendpoint
iam
prtg4service
mssql$sqlexpress
mbackmonitor
bwmservice
avsvcmonitor
rtl8139
WINIO
vmusb
pavfnsvr
s117bus
cdrbsdrv
vsapint
AlteraByteBlaster
avgcoresvc
pcdrndisuio
VAIOMediaPlatform-MusicServer-HTTP
ltmodem5
RapiMgr
advantage
syntp
Xyz777b
dsproct
st330service
LMouFilt
winpowermanager
iPassPeriodicUpdateService
ggsemc
AppnApi
tiumfwl
TClass2k
pcradminserver
deltafw
LUsbFilt
NetMsmqActivator
ARSVC
ispwdsvc
kraidsvc
IntelC52
AMDPCI
changer
jsdaemon
spmd
cebdaldr
hpzius12
msftpsvc
toddsrv
bthidmgr
IBM_LLC2
SNC
cyberpowerups
pmshellsrv
iaimfp2
lxbt_device
papyjoy
dphost
avgarcln
mindrepair
trlokom_rmhsvc
avgtdi
s217unic
vpn5000service
RadProbe
pdlnacom
xpagentserver
avsinc
avgems
enxpsvc
avg7rsxp
pdlnecfg
SNPSTD3
mctaskmanager
k750obex
WmaCVideo32
WmaCDriverV32
db2jds
oracleservicesecinst
vmount2
Airgo
PTDCMdm
RMSvc
c-dillasrv
mgabgexe
vaiomediaplatform-integratedserver-upnp
CoachUsb
ha10kx2k
eloggersvc6
iaimfp3
usb_rndisx
VIAPFD
hpgate
netw4x32
vcommmgr
oracleorahomepagingserver
bdss
GVCplDrv
pinnaclesys.mediaserver
utilman
WmVirHid
sbpci
TPM
amoagent
pwkntmon
se2Cnd5
co_mon
msmframework
EUSBMSD
k750mgmt
tsscoreservice
SSHDRV61
nsengine
UlSata
tmlisten
rkhdrv31
alcxwdm
PGPwded
cachemanxp
rppkt
ddxgb
wtwservice
thinkpadmodemservice
bdselfpr
thpsrv
hnmsvc
cmdagent
lxcj_device
iaimtv0
se44mgmt
bh611
LEX_AS_NIC_SERVICE_YNOS
DSI_SiUSBXp_3_1
jobserver_report
s616mgmt
Via4in1
W700mdfl
As6frin
sandboxu
ntsyslog
nwlnkfwd
eelsservice
ZDPSp50
transcode360
CADlink
LoopBeMidi1
ARPolicy
mksvirmonsvc
pcouffin
susbser
sparrow
SaiNtHid
downloadmanagerlite
wandrv
PCDCODEC
nvnforce
iPassPeriodicUpdateApp
GoProto
riomsc
EL2000
mksupdateint
mapserver6.3
isamsmt
LC7981
spbbcdrv
vxsvc
ltxred
VRFIL
kservice
rca
mxserver
neokdss
pinger
HPSLPSVC
BcmSqlStartupSvc
BCMModem
vpnva
qhwscsvc
KR3NPXP
SQLAgent$MICROSOFTBCM
CVPNDRVA
lxbs_device
rnadirectory
ROCKEYNT
odclientservice
om518p
dot4scan
CoachAud
s117mdfl
_iomega_active_disk_service_
S7oppilx
TPECioCtl
U2SP
RIOXDRV
pmem
MobilePreInstallerService
websensecamreportserver
w810mdfl
aolservice
icm10blk
screadspool
dmadmin
pcidrv
entertainment
backupclientsvc
pserve
LUsbKbd
VHidMinidrv
noipducservice
dsunidrv
CrystalSysInfo
mwssched
cfsvcs
U3sHlpDr
pavdrv
Appn
pktfilter
incdfs
hpdj
TIEHDUSB
ma_cmidi_installerservice
aolavupd
cdudf_xp
npapimon
rnadirmultiplexor
slapd-data52
atirage3
s24eventmonitor
sf
s116bus
fa_scheduler
JiaoCap
USRpdA
PcdrNt
ccproxy
LVBulk
scsk4
SndTDriverV32
mdmxsdk
AYDrvNT_ALYAC
telnet
vserial
fsssvc
NxFsMon
nhcDriverDevice
k750mdfl
zebrmdm
bwsvc
mcvsrte
tng-dts
mks_scan
rismxdp
mraid35x
WinFl32
sonywbms
mnmsrvc
cfosspeeds
WscNetDr
ftpds
VirtualCam
pcnet
ATIVTUTW
firelm01
proxyhostmirrordisplay
MS1000
axsnmsvc
dlcc_device
NMSCFG
ATIVXSTW
FINEPIX_PCC
ersvc
snpstd2
lhidflt2
KMWDFilter
mwstick
acrsch2svc
nmindexingservice
mldserv
appnnode
bglivesvc
BUFADPT
se58mdfl
RIOUNIV
ql2100
STV680
nbf
wmconnectcds
roxliveshare
ozoneinstallerservice
symmpi
oraclemtsrecoveryservice
tifsfilter
DM9102
rupsmon
PSSdk23
s125bus
bcftdi
ctprxy2k
mssql$sony_mediamgr
EagleNT
GoBack2K
zpjava
iPassP
pdlnemap
sndsrvc
UimBus
icdsptsv
nicser_wmp11
protectionservice
tfsndres
axsaki
symantecantibotdriver
fireport
driverhardwarev2
outpostfirewall
w300bus
AffinegyService
symantecantibotfilter
ser2pl
ati2mpaa
FileDisk
qbposdbextservices
WUSB54GPV4SRV
elockservice
sqlagent$sony_mediamgr
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000Core.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000UA.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60323
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{302A1E2E-DD58-4673-BC99-9CC10EC2637A} - c:\progra~2\INSTAL~1\{302A1~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,72,70,5d,3d,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 22:49:51
ComboFix-quarantined-files.txt 2012-09-29 02:49
.
Pre-Run: 88,639,119,360 bytes free
Post-Run: 88,451,305,472 bytes free
.
- - End Of File - - F07C3B8ECACD07A2436EEA47EC5CB2A2

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 PM

Posted 28 September 2012 - 10:32 PM

I have uploaded a file I want you to download it to the desktop and right click on it and run as admin

if asked to merge please allow

restart the computer and then rerun combofix for me

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 29 September 2012 - 07:22 AM

When I right click on the software, there is no option to run as administrator but there is an option saying Merge. What should I do. Is ther any other way to run as administrator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users