Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches Redirected; Windows Updates Fail; Random Audio Plays


  • This topic is locked This topic is locked
19 replies to this topic

#1 voxanomaly

voxanomaly

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 23 September 2012 - 01:33 PM

My symptoms:

1. Clicking on result links of Google searches re-directed to another crude list of search results;
2. Windows updates fail;
3. Random audio plays; and
4. Constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up (I installed Malwarebytes after I began to experience the first three problems).

DDS.txt Contents:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Phillip at 14:04:35 on 2012-09-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8181.5397 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\SysWoW64\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Garmin\Training Center\gStart.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [Akamai NetSession Interface] "C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe"
uRun: [HP Photosmart 5510d series (NET)] "C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AS1B92H05RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
uRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [FAStartup]
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
dRun: [Task Scheduler] "C:\Windows\system32\config\systemprofile\AppData\Roaming\Task Scheduler\Task Scheduler.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with WordPerfect
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{10B3D98C-1874-46BC-B263-4E7B72C1E789} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242}\1417571635861627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242}\34963736F62323138393 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242}\7363143525 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242}\841647F627968416E637F6D27657563747 : DhcpNameServer = 68.87.73.246 68.87.71.230
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [FAStartup]
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 gzflt;gzflt;C:\Windows\system32\DRIVERS\gzflt.sys --> C:\Windows\system32\DRIVERS\gzflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-9-14 103504]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-4-27 5349552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 676936]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-9-14 68416]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-9-9 927840]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-25 250568]
S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
S3 BDSandBox;BDSandBox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-27 79360]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-5-27 79360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-09-23 17:18:29 641 ----a-w- C:\ProgramData\vefibaa.tmp
2012-09-23 17:18:29 631 ----a-w- C:\ProgramData\uefibaa.tmp
2012-09-20 01:56:38 640 ----a-w- C:\ProgramData\clktaaa.tmp
2012-09-20 01:21:46 874 ----a-w- C:\ProgramData\dlktaaa.tmp
2012-09-20 00:19:35 890 ----a-w- C:\ProgramData\hzotaaa.tmp
2012-09-20 00:19:28 888 ----a-w- C:\ProgramData\gzotaaa.tmp
2012-09-19 23:34:35 929 ----a-w- C:\ProgramData\ohpkbaa.tmp
2012-09-19 22:49:34 -------- d-----w- C:\Users\Phillip\AppData\Roaming\Malwarebytes
2012-09-19 22:49:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-19 22:49:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-19 22:49:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-14 21:33:37 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2012-09-14 21:04:42 1000279 ----a-w- C:\ProgramData\1347655408.bdinstall.bin
2012-09-14 21:03:17 -------- d-----w- C:\ProgramData\BDLogging
2012-09-14 21:02:54 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2012-09-14 21:02:54 511328 ----a-w- C:\Windows\capicom.dll
2012-09-14 21:02:50 577248 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-09-14 21:02:50 258736 ----a-w- C:\Windows\System32\drivers\avchv.sys
2012-09-14 21:02:49 700384 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-09-14 20:49:51 -------- d-----w- C:\Users\Phillip\AppData\Roaming\Bitdefender
2012-09-14 20:49:49 -------- d-----w- C:\ProgramData\Bitdefender
2012-09-14 20:48:48 -------- d-----w- C:\Users\Phillip\AppData\Roaming\QuickScan
2012-09-14 20:44:41 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-09-14 20:44:41 138232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2012-09-14 20:44:41 -------- d-----w- C:\Program Files\Bitdefender
2012-09-14 20:43:05 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-09-09 22:54:45 -------- d-----w- C:\Users\Phillip\AppData\Local\WinZip
2012-09-09 22:53:33 -------- d-----w- C:\Users\Phillip\AppData\Local\AVG Secure Search
2012-09-09 22:53:19 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-09 22:52:49 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-09 22:52:44 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-09 22:52:43 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-09-07 08:23:09 -------- d-----w- C:\Program Files (x86)\VUDUToGo
2012-08-25 20:01:45 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 20:01:45 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-09-23 18:04:51 880 ----a-w- C:\ProgramData\qgngbaa.tmp
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:05:38.27 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 24 September 2012 - 01:12 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 25 September 2012 - 06:35 PM

Hola, Gringo -- muchas gracias por su ayuda. I look forward to working with you.

My Computer's Status:

1. Clicking on result links of Google searches are still re-directed to another crude list of search results;
2. Windows updates still fail;
3. I'm monitoring and waiting to see if random audio still plays; and
4. I'm still getting constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up.


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 29
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 updatesrv.exe
Bitdefender Bitdefender 2013 bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


# AdwCleaner v2.003 - Logfile created 09/25/2012 at 19:09:34
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Phillip - ELECTRA
# Boot Mode : Normal
# Running from : C:\Users\Phillip\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Phillip\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Phillip\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Phillip\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\k3h52jcy.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [5997 octets] - [25/09/2012 19:09:34]

########## EOF - C:\AdwCleaner[S1].txt - [6057 octets] ##########


RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phillip [Admin rights]
Mode : Remove -- Date : 09/25/2012 19:18:03

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Task Scheduler ("C:\Windows\system32\config\systemprofile\AppData\Roaming\Task Scheduler\Task Scheduler.exe") -> DELETED
[TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Phillip\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Phillip\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Phillip\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232L9A360 ATA Device +++++
--- User ---
[MBR] 075cab781b1d4d22180bc4b70a3a2f46
[BSP] 86e0863e50002712c3a8f7a1fcd1f6b6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HTS723232L9A360 ATA Device +++++
--- User ---
[MBR] 1314106f9712982942c77bb8e2d2fb8e
[BSP] cc5e28f7fc9bee11e27f5b93a6e895c7 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 25 September 2012 - 07:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 26 September 2012 - 05:30 PM

Hola Gringo -

My Computer's Status:

1. Clicking on result links of Google searches are still re-directed to another crude list of search results;
2. Windows updates still fail;
3. Random audio played after I completed your first set of instructions - I will continue to monitor; and
4. I'm still getting constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up.


17:38:41.0172 9968 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:38:41.0496 9968 ============================================================
17:38:41.0496 9968 Current date / time: 2012/09/26 17:38:41.0496
17:38:41.0496 9968 SystemInfo:
17:38:41.0496 9968
17:38:41.0497 9968 OS Version: 6.1.7601 ServicePack: 1.0
17:38:41.0497 9968 Product type: Workstation
17:38:41.0497 9968 ComputerName: ELECTRA
17:38:41.0497 9968 UserName: Phillip
17:38:41.0497 9968 Windows directory: C:\Windows
17:38:41.0497 9968 System windows directory: C:\Windows
17:38:41.0497 9968 Running under WOW64
17:38:41.0497 9968 Processor architecture: Intel x64
17:38:41.0497 9968 Number of processors: 8
17:38:41.0497 9968 Page size: 0x1000
17:38:41.0497 9968 Boot type: Normal boot
17:38:41.0497 9968 ============================================================
17:38:42.0512 9968 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:42.0857 9968 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:43.0033 9968 ============================================================
17:38:43.0033 9968 \Device\Harddisk0\DR0:
17:38:43.0033 9968 MBR partitions:
17:38:43.0033 9968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:38:43.0033 9968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
17:38:43.0033 9968 \Device\Harddisk1\DR1:
17:38:43.0033 9968 MBR partitions:
17:38:43.0033 9968 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
17:38:43.0033 9968 ============================================================
17:38:43.0085 9968 C: <-> \Device\Harddisk0\DR0\Partition2
17:38:43.0122 9968 D: <-> \Device\Harddisk1\DR1\Partition1
17:38:43.0122 9968 ============================================================
17:38:43.0122 9968 Initialize success
17:38:43.0122 9968 ============================================================
17:38:51.0346 8208 ============================================================
17:38:51.0346 8208 Scan started
17:38:51.0346 8208 Mode: Manual;
17:38:51.0346 8208 ============================================================
17:38:52.0100 8208 ================ Scan system memory ========================
17:38:52.0100 8208 System memory - ok
17:38:52.0101 8208 ================ Scan services =============================
17:38:52.0477 8208 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:38:52.0481 8208 1394ohci - ok
17:38:52.0507 8208 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
17:38:52.0508 8208 Acceler - ok
17:38:52.0529 8208 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:38:52.0535 8208 ACPI - ok
17:38:52.0545 8208 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:38:52.0547 8208 AcpiPmi - ok
17:38:52.0642 8208 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:38:52.0643 8208 AdobeARMservice - ok
17:38:52.0778 8208 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:38:52.0780 8208 AdobeFlashPlayerUpdateSvc - ok
17:38:52.0830 8208 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:38:52.0839 8208 adp94xx - ok
17:38:52.0861 8208 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:38:52.0867 8208 adpahci - ok
17:38:52.0895 8208 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:38:52.0898 8208 adpu320 - ok
17:38:52.0940 8208 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:38:52.0941 8208 AeLookupSvc - ok
17:38:53.0083 8208 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
17:38:53.0084 8208 AESTFilters - ok
17:38:53.0132 8208 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:38:53.0140 8208 AFD - ok
17:38:53.0174 8208 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:38:53.0176 8208 agp440 - ok
17:38:53.0208 8208 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:38:53.0211 8208 ALG - ok
17:38:53.0221 8208 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:38:53.0222 8208 aliide - ok
17:38:53.0244 8208 [ BE778D82B983BA8F8C700C007A04326F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:38:53.0246 8208 AMD External Events Utility - ok
17:38:53.0258 8208 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:38:53.0259 8208 amdide - ok
17:38:53.0298 8208 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:38:53.0300 8208 AmdK8 - ok
17:38:53.0308 8208 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:38:53.0310 8208 AmdPPM - ok
17:38:53.0318 8208 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:38:53.0322 8208 amdsata - ok
17:38:53.0340 8208 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:38:53.0344 8208 amdsbs - ok
17:38:53.0355 8208 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:38:53.0357 8208 amdxata - ok
17:38:53.0391 8208 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:38:53.0393 8208 AppID - ok
17:38:53.0402 8208 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:38:53.0404 8208 AppIDSvc - ok
17:38:53.0438 8208 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:38:53.0439 8208 Appinfo - ok
17:38:53.0479 8208 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:38:53.0483 8208 AppMgmt - ok
17:38:53.0492 8208 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:38:53.0498 8208 arc - ok
17:38:53.0513 8208 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:38:53.0515 8208 arcsas - ok
17:38:53.0636 8208 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:38:53.0639 8208 aspnet_state - ok
17:38:53.0671 8208 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:38:53.0672 8208 AsyncMac - ok
17:38:53.0710 8208 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:38:53.0710 8208 atapi - ok
17:38:53.0737 8208 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:38:53.0739 8208 AtiHdmiService - ok
17:38:53.0867 8208 [ 74813BCD647B441DC9C9C0DB2833781D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:53.0908 8208 atikmdag - ok
17:38:53.0959 8208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:38:53.0965 8208 AudioEndpointBuilder - ok
17:38:53.0980 8208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:38:53.0985 8208 AudioSrv - ok
17:38:54.0039 8208 [ 231283F55C2B78A497A5B3ABC30FEDCE ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
17:38:54.0050 8208 avc3 - ok
17:38:54.0103 8208 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
17:38:54.0105 8208 avchv - ok
17:38:54.0156 8208 [ 4A1C88BDF3FDFF54615690ADD3F6F84B ] avckf C:\Windows\system32\DRIVERS\avckf.sys
17:38:54.0166 8208 avckf - ok
17:38:54.0198 8208 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
17:38:54.0200 8208 avgtp - ok
17:38:54.0239 8208 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:38:54.0242 8208 AxInstSV - ok
17:38:54.0276 8208 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:38:54.0286 8208 b06bdrv - ok
17:38:54.0300 8208 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:38:54.0305 8208 b57nd60a - ok
17:38:54.0346 8208 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:38:54.0349 8208 BDESVC - ok
17:38:54.0476 8208 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
17:38:54.0479 8208 bdfwfpf - ok
17:38:54.0531 8208 [ CCAA465F33FF3CD0836AA7F4520D5025 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
17:38:54.0534 8208 BDSandBox - ok
17:38:54.0560 8208 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:38:54.0562 8208 Beep - ok
17:38:54.0607 8208 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:38:54.0613 8208 BFE - ok
17:38:54.0643 8208 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:38:54.0644 8208 blbdrive - ok
17:38:54.0682 8208 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:38:54.0684 8208 bowser - ok
17:38:54.0707 8208 [ A91B4392B326F6AED0052CB2592E979D ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
17:38:54.0708 8208 bpenum - ok
17:38:54.0721 8208 [ 7057339774618E38CFEFE0B5D1FDD58E ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
17:38:54.0722 8208 bpmp - ok
17:38:54.0728 8208 [ 2636C9619120A6B16DCB51886C46AC20 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
17:38:54.0729 8208 bpusb - ok
17:38:54.0758 8208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:38:54.0759 8208 BrFiltLo - ok
17:38:54.0770 8208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:38:54.0771 8208 BrFiltUp - ok
17:38:54.0782 8208 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:38:54.0785 8208 BridgeMP - ok
17:38:54.0821 8208 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:38:54.0822 8208 Browser - ok
17:38:54.0864 8208 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:38:54.0869 8208 Brserid - ok
17:38:54.0898 8208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:38:54.0902 8208 BrSerWdm - ok
17:38:54.0911 8208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:38:54.0912 8208 BrUsbMdm - ok
17:38:54.0927 8208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:38:54.0928 8208 BrUsbSer - ok
17:38:54.0966 8208 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:38:54.0970 8208 BthEnum - ok
17:38:54.0977 8208 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:38:54.0978 8208 BTHMODEM - ok
17:38:55.0000 8208 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:38:55.0002 8208 BthPan - ok
17:38:55.0023 8208 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:38:55.0027 8208 BTHPORT - ok
17:38:55.0060 8208 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:38:55.0062 8208 bthserv - ok
17:38:55.0074 8208 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:38:55.0075 8208 BTHUSB - ok
17:38:55.0080 8208 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:38:55.0081 8208 btwaudio - ok
17:38:55.0106 8208 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:38:55.0107 8208 btwavdt - ok
17:38:55.0139 8208 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:38:55.0146 8208 btwdins - ok
17:38:55.0157 8208 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:38:55.0158 8208 btwl2cap - ok
17:38:55.0164 8208 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:38:55.0165 8208 btwrchid - ok
17:38:55.0328 8208 [ 33E43A31AC6AC6BA95D4772D8CCA076F ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:38:55.0370 8208 CarboniteService - ok
17:38:55.0389 8208 catchme - ok
17:38:55.0421 8208 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:38:55.0424 8208 cdfs - ok
17:38:55.0459 8208 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:38:55.0466 8208 cdrom - ok
17:38:55.0499 8208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:38:55.0500 8208 CertPropSvc - ok
17:38:55.0508 8208 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:38:55.0510 8208 circlass - ok
17:38:55.0557 8208 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:38:55.0563 8208 CLFS - ok
17:38:55.0641 8208 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:55.0643 8208 clr_optimization_v2.0.50727_32 - ok
17:38:55.0690 8208 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:38:55.0693 8208 clr_optimization_v2.0.50727_64 - ok
17:38:55.0769 8208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:38:55.0771 8208 clr_optimization_v4.0.30319_32 - ok
17:38:55.0787 8208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:38:55.0788 8208 clr_optimization_v4.0.30319_64 - ok
17:38:55.0822 8208 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:55.0823 8208 CmBatt - ok
17:38:55.0837 8208 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:38:55.0839 8208 cmdide - ok
17:38:55.0875 8208 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:38:55.0883 8208 CNG - ok
17:38:55.0902 8208 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:38:55.0904 8208 Compbatt - ok
17:38:55.0942 8208 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:38:55.0944 8208 CompositeBus - ok
17:38:55.0948 8208 COMSysApp - ok
17:38:55.0955 8208 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:38:55.0956 8208 crcdisk - ok
17:38:56.0066 8208 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:38:56.0068 8208 Creative ALchemy AL6 Licensing Service - ok
17:38:56.0106 8208 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:38:56.0109 8208 Creative Audio Engine Licensing Service - ok
17:38:56.0147 8208 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:38:56.0150 8208 CryptSvc - ok
17:38:56.0194 8208 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:38:56.0198 8208 CSC - ok
17:38:56.0223 8208 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:38:56.0228 8208 CscService - ok
17:38:56.0305 8208 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:38:56.0308 8208 CTAudSvcService - ok
17:38:56.0349 8208 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:38:56.0350 8208 CtClsFlt - ok
17:38:56.0398 8208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:38:56.0404 8208 DcomLaunch - ok
17:38:56.0440 8208 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:38:56.0446 8208 defragsvc - ok
17:38:56.0481 8208 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:38:56.0483 8208 DfsC - ok
17:38:56.0527 8208 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:38:56.0530 8208 Dhcp - ok
17:38:56.0566 8208 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:38:56.0567 8208 discache - ok
17:38:56.0607 8208 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:38:56.0610 8208 Disk - ok
17:38:56.0641 8208 [ E56778551BF535500D6B02E68E5BFB47 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:38:56.0644 8208 DMAgent - ok
17:38:56.0677 8208 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:38:56.0679 8208 Dnscache - ok
17:38:56.0715 8208 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:38:56.0721 8208 dot3svc - ok
17:38:56.0769 8208 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:38:56.0772 8208 DPS - ok
17:38:56.0809 8208 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:38:56.0810 8208 drmkaud - ok
17:38:56.0838 8208 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:38:56.0854 8208 DXGKrnl - ok
17:38:56.0883 8208 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:38:56.0885 8208 EapHost - ok
17:38:56.0987 8208 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:38:57.0036 8208 ebdrv - ok
17:38:57.0064 8208 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:38:57.0066 8208 EFS - ok
17:38:57.0151 8208 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:38:57.0164 8208 ehRecvr - ok
17:38:57.0193 8208 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:38:57.0197 8208 ehSched - ok
17:38:57.0240 8208 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:38:57.0250 8208 elxstor - ok
17:38:57.0282 8208 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:38:57.0283 8208 ErrDev - ok
17:38:57.0330 8208 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:38:57.0334 8208 EventSystem - ok
17:38:57.0367 8208 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:38:57.0372 8208 exfat - ok
17:38:57.0405 8208 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
17:38:57.0431 8208 FACAP - ok
17:38:57.0446 8208 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:38:57.0451 8208 fastfat - ok
17:38:57.0490 8208 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:38:57.0496 8208 Fax - ok
17:38:57.0511 8208 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:38:57.0513 8208 fdc - ok
17:38:57.0525 8208 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:38:57.0526 8208 fdPHost - ok
17:38:57.0539 8208 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:38:57.0540 8208 FDResPub - ok
17:38:57.0571 8208 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:38:57.0574 8208 FileInfo - ok
17:38:57.0583 8208 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:38:57.0585 8208 Filetrace - ok
17:38:57.0596 8208 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:57.0597 8208 flpydisk - ok
17:38:57.0631 8208 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:38:57.0633 8208 FltMgr - ok
17:38:57.0685 8208 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
17:38:57.0694 8208 FontCache - ok
17:38:57.0757 8208 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:38:57.0758 8208 FontCache3.0.0.0 - ok
17:38:57.0790 8208 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:38:57.0793 8208 FsDepends - ok
17:38:57.0824 8208 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:38:57.0829 8208 Fs_Rec - ok
17:38:57.0864 8208 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:38:57.0869 8208 fvevol - ok
17:38:57.0881 8208 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:38:57.0883 8208 gagp30kx - ok
17:38:57.0941 8208 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:38:57.0946 8208 GameConsoleService - ok
17:38:57.0958 8208 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:38:57.0960 8208 GoToAssist - ok
17:38:57.0985 8208 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:38:57.0991 8208 gpsvc - ok
17:38:58.0028 8208 GsServer - ok
17:38:58.0091 8208 [ 07177B5A8C277074C30AC515FEBD4F37 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
17:38:58.0094 8208 gzflt - ok
17:38:58.0118 8208 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:38:58.0120 8208 hcw85cir - ok
17:38:58.0159 8208 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:38:58.0161 8208 HDAudBus - ok
17:38:58.0174 8208 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:38:58.0176 8208 HidBatt - ok
17:38:58.0190 8208 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:38:58.0193 8208 HidBth - ok
17:38:58.0199 8208 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:38:58.0201 8208 HidIr - ok
17:38:58.0235 8208 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:38:58.0236 8208 hidserv - ok
17:38:58.0250 8208 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:38:58.0251 8208 HidUsb - ok
17:38:58.0288 8208 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:38:58.0290 8208 hkmsvc - ok
17:38:58.0330 8208 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:38:58.0333 8208 HomeGroupListener - ok
17:38:58.0371 8208 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:38:58.0374 8208 HomeGroupProvider - ok
17:38:58.0387 8208 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:38:58.0389 8208 HpSAMD - ok
17:38:58.0436 8208 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:38:58.0441 8208 HTTP - ok
17:38:58.0481 8208 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:38:58.0483 8208 hwpolicy - ok
17:38:58.0518 8208 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:38:58.0520 8208 i8042prt - ok
17:38:58.0538 8208 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:38:58.0545 8208 iaStorV - ok
17:38:58.0581 8208 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:38:58.0595 8208 idsvc - ok
17:38:58.0628 8208 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:38:58.0630 8208 iirsp - ok
17:38:58.0682 8208 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:38:58.0688 8208 IKEEXT - ok
17:38:58.0725 8208 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:38:58.0726 8208 intelide - ok
17:38:58.0736 8208 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:38:58.0736 8208 intelppm - ok
17:38:58.0777 8208 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:38:58.0780 8208 IPBusEnum - ok
17:38:58.0816 8208 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:58.0818 8208 IpFilterDriver - ok
17:38:58.0862 8208 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:38:58.0866 8208 iphlpsvc - ok
17:38:58.0878 8208 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:38:58.0880 8208 IPMIDRV - ok
17:38:58.0922 8208 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:38:58.0925 8208 IPNAT - ok
17:38:58.0946 8208 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:38:58.0947 8208 IRENUM - ok
17:38:58.0962 8208 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:38:58.0963 8208 isapnp - ok
17:38:58.0978 8208 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:38:58.0983 8208 iScsiPrt - ok
17:38:59.0026 8208 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:38:59.0027 8208 kbdclass - ok
17:38:59.0049 8208 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:38:59.0050 8208 kbdhid - ok
17:38:59.0064 8208 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:38:59.0066 8208 KeyIso - ok
17:38:59.0107 8208 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:38:59.0109 8208 KSecDD - ok
17:38:59.0123 8208 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:38:59.0126 8208 KSecPkg - ok
17:38:59.0135 8208 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:38:59.0136 8208 ksthunk - ok
17:38:59.0172 8208 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:38:59.0179 8208 KtmRm - ok
17:38:59.0230 8208 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:38:59.0234 8208 LanmanServer - ok
17:38:59.0268 8208 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:38:59.0272 8208 LanmanWorkstation - ok
17:38:59.0353 8208 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:38:59.0358 8208 LBTServ - ok
17:38:59.0402 8208 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:38:59.0403 8208 LHidFilt - ok
17:38:59.0415 8208 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:38:59.0416 8208 lltdio - ok
17:38:59.0435 8208 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:38:59.0440 8208 lltdsvc - ok
17:38:59.0452 8208 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:38:59.0454 8208 lmhosts - ok
17:38:59.0467 8208 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:38:59.0467 8208 LMouFilt - ok
17:38:59.0505 8208 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:38:59.0511 8208 LSI_FC - ok
17:38:59.0522 8208 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:38:59.0525 8208 LSI_SAS - ok
17:38:59.0548 8208 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:38:59.0549 8208 LSI_SAS2 - ok
17:38:59.0560 8208 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:38:59.0566 8208 LSI_SCSI - ok
17:38:59.0578 8208 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:38:59.0581 8208 luafv - ok
17:38:59.0630 8208 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:38:59.0631 8208 MBAMProtector - ok
17:38:59.0703 8208 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:38:59.0706 8208 MBAMScheduler - ok
17:38:59.0754 8208 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:38:59.0759 8208 MBAMService - ok
17:38:59.0803 8208 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
17:38:59.0806 8208 McciCMService - ok
17:38:59.0845 8208 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:38:59.0853 8208 Mcx2Svc - ok
17:38:59.0866 8208 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:38:59.0871 8208 megasas - ok
17:38:59.0955 8208 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:38:59.0960 8208 MegaSR - ok
17:38:59.0990 8208 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:38:59.0992 8208 MMCSS - ok
17:39:00.0006 8208 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:39:00.0006 8208 Modem - ok
17:39:00.0017 8208 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:39:00.0018 8208 monitor - ok
17:39:00.0115 8208 [ 2443B978E80F8A3D1F39855AA25882AF ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
17:39:00.0117 8208 MotoHelper - ok
17:39:00.0134 8208 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:39:00.0134 8208 mouclass - ok
17:39:00.0156 8208 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:39:00.0157 8208 mouhid - ok
17:39:00.0196 8208 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:39:00.0198 8208 mountmgr - ok
17:39:00.0216 8208 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:39:00.0222 8208 mpio - ok
17:39:00.0258 8208 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:39:00.0259 8208 mpsdrv - ok
17:39:00.0374 8208 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:39:00.0381 8208 MpsSvc - ok
17:39:00.0410 8208 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:39:00.0411 8208 MREMP50 - ok
17:39:00.0416 8208 MREMP50a64 - ok
17:39:00.0424 8208 MREMPR5 - ok
17:39:00.0434 8208 MRENDIS5 - ok
17:39:00.0465 8208 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:39:00.0466 8208 MRESP50 - ok
17:39:00.0471 8208 MRESP50a64 - ok
17:39:00.0515 8208 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:39:00.0518 8208 MRxDAV - ok
17:39:00.0555 8208 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:00.0556 8208 mrxsmb - ok
17:39:00.0596 8208 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:00.0598 8208 mrxsmb10 - ok
17:39:00.0618 8208 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:00.0619 8208 mrxsmb20 - ok
17:39:00.0655 8208 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:39:00.0656 8208 msahci - ok
17:39:00.0672 8208 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:39:00.0675 8208 msdsm - ok
17:39:00.0704 8208 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:39:00.0708 8208 MSDTC - ok
17:39:00.0747 8208 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:39:00.0749 8208 Msfs - ok
17:39:00.0776 8208 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:39:00.0777 8208 mshidkmdf - ok
17:39:00.0801 8208 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:39:00.0802 8208 msisadrv - ok
17:39:00.0833 8208 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:39:00.0837 8208 MSiSCSI - ok
17:39:00.0842 8208 msiserver - ok
17:39:00.0859 8208 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:39:00.0860 8208 MSKSSRV - ok
17:39:00.0870 8208 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:00.0871 8208 MSPCLOCK - ok
17:39:00.0880 8208 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:39:00.0880 8208 MSPQM - ok
17:39:00.0922 8208 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:39:00.0928 8208 MsRPC - ok
17:39:00.0940 8208 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:39:00.0941 8208 mssmbios - ok
17:39:00.0959 8208 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:39:00.0960 8208 MSTEE - ok
17:39:00.0986 8208 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:39:01.0002 8208 MTConfig - ok
17:39:01.0051 8208 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:39:01.0077 8208 Mup - ok
17:39:01.0112 8208 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:39:01.0117 8208 napagent - ok
17:39:01.0156 8208 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:39:01.0158 8208 NativeWifiP - ok
17:39:01.0186 8208 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:39:01.0193 8208 NDIS - ok
17:39:01.0204 8208 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:01.0206 8208 NdisCap - ok
17:39:01.0216 8208 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:01.0217 8208 NdisTapi - ok
17:39:01.0248 8208 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:01.0249 8208 Ndisuio - ok
17:39:01.0286 8208 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:01.0287 8208 NdisWan - ok
17:39:01.0325 8208 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:39:01.0327 8208 NDProxy - ok
17:39:01.0359 8208 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:39:01.0360 8208 NetBIOS - ok
17:39:01.0399 8208 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:39:01.0401 8208 NetBT - ok
17:39:01.0424 8208 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:39:01.0425 8208 Netlogon - ok
17:39:01.0469 8208 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:39:01.0473 8208 Netman - ok
17:39:01.0510 8208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:01.0513 8208 NetMsmqActivator - ok
17:39:01.0518 8208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:01.0520 8208 NetPipeActivator - ok
17:39:01.0550 8208 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:39:01.0554 8208 netprofm - ok
17:39:01.0561 8208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:01.0562 8208 NetTcpActivator - ok
17:39:01.0568 8208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:39:01.0569 8208 NetTcpPortSharing - ok
17:39:01.0738 8208 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:39:01.0784 8208 NETw5s64 - ok
17:39:01.0814 8208 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:39:01.0816 8208 nfrd960 - ok
17:39:01.0852 8208 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:39:01.0856 8208 NlaSvc - ok
17:39:01.0868 8208 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:39:01.0869 8208 Npfs - ok
17:39:01.0902 8208 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:39:01.0904 8208 nsi - ok
17:39:01.0919 8208 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:39:01.0919 8208 nsiproxy - ok
17:39:01.0987 8208 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:39:02.0014 8208 Ntfs - ok
17:39:02.0025 8208 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:39:02.0026 8208 Null - ok
17:39:02.0061 8208 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:39:02.0064 8208 nvraid - ok
17:39:02.0078 8208 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:39:02.0081 8208 nvstor - ok
17:39:02.0096 8208 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:39:02.0099 8208 nv_agp - ok
17:39:02.0137 8208 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
17:39:02.0138 8208 O2FLASH - ok
17:39:02.0148 8208 [ 8C2953537CA19DFAA67D612407E0F33E ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
17:39:02.0149 8208 O2MDGRDR - ok
17:39:02.0163 8208 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:39:02.0165 8208 ohci1394 - ok
17:39:02.0197 8208 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:02.0199 8208 ose - ok
17:39:02.0371 8208 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:39:02.0404 8208 osppsvc - ok
17:39:02.0451 8208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:39:02.0455 8208 p2pimsvc - ok
17:39:02.0539 8208 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:39:02.0544 8208 p2psvc - ok
17:39:02.0656 8208 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:39:02.0659 8208 Parport - ok
17:39:02.0732 8208 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:39:02.0735 8208 partmgr - ok
17:39:02.0905 8208 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:39:02.0907 8208 PcaSvc - ok
17:39:03.0018 8208 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
17:39:03.0019 8208 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
17:39:03.0051 8208 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:39:03.0054 8208 pci - ok
17:39:03.0068 8208 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:39:03.0070 8208 pciide - ok
17:39:03.0109 8208 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:39:03.0114 8208 pcmcia - ok
17:39:03.0131 8208 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:39:03.0133 8208 pcw - ok
17:39:03.0161 8208 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:39:03.0166 8208 PEAUTH - ok
17:39:03.0228 8208 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:39:03.0238 8208 PeerDistSvc - ok
17:39:03.0343 8208 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:39:03.0345 8208 PerfHost - ok
17:39:03.0413 8208 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:39:03.0438 8208 pla - ok
17:39:03.0477 8208 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:39:03.0481 8208 PlugPlay - ok
17:39:03.0515 8208 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:39:03.0518 8208 PNRPAutoReg - ok
17:39:03.0534 8208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:39:03.0538 8208 PNRPsvc - ok
17:39:03.0560 8208 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:39:03.0564 8208 PolicyAgent - ok
17:39:03.0620 8208 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:39:03.0623 8208 Power - ok
17:39:03.0655 8208 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:39:03.0657 8208 PptpMiniport - ok
17:39:03.0666 8208 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:39:03.0668 8208 Processor - ok
17:39:03.0706 8208 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
17:39:03.0709 8208 ProfSvc - ok
17:39:03.0723 8208 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:39:03.0725 8208 ProtectedStorage - ok
17:39:03.0762 8208 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:39:03.0763 8208 Psched - ok
17:39:03.0802 8208 [ E7483BE1E7A6FB16FC9AD6B54F99DEE4 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:39:03.0804 8208 PSI_SVC_2 - ok
17:39:03.0845 8208 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:39:03.0847 8208 PxHlpa64 - ok
17:39:03.0910 8208 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:39:03.0934 8208 ql2300 - ok
17:39:03.0953 8208 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:39:03.0957 8208 ql40xx - ok
17:39:04.0001 8208 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:39:04.0007 8208 QWAVE - ok
17:39:04.0024 8208 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:39:04.0029 8208 QWAVEdrv - ok
17:39:04.0039 8208 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:39:04.0041 8208 RasAcd - ok
17:39:04.0075 8208 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:04.0076 8208 RasAgileVpn - ok
17:39:04.0088 8208 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:39:04.0092 8208 RasAuto - ok
17:39:04.0128 8208 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:04.0130 8208 Rasl2tp - ok
17:39:04.0174 8208 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:39:04.0178 8208 RasMan - ok
17:39:04.0218 8208 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:04.0220 8208 RasPppoe - ok
17:39:04.0230 8208 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:39:04.0232 8208 RasSstp - ok
17:39:04.0271 8208 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:39:04.0274 8208 rdbss - ok
17:39:04.0286 8208 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:04.0287 8208 rdpbus - ok
17:39:04.0301 8208 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:04.0302 8208 RDPCDD - ok
17:39:04.0342 8208 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:39:04.0346 8208 RDPDR - ok
17:39:04.0356 8208 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:39:04.0356 8208 RDPENCDD - ok
17:39:04.0366 8208 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:39:04.0367 8208 RDPREFMP - ok
17:39:04.0402 8208 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:39:04.0408 8208 RDPWD - ok
17:39:04.0447 8208 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:39:04.0452 8208 rdyboost - ok
17:39:04.0495 8208 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:39:04.0499 8208 RemoteAccess - ok
17:39:04.0539 8208 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:39:04.0544 8208 RemoteRegistry - ok
17:39:04.0572 8208 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:39:04.0573 8208 RFCOMM - ok
17:39:04.0594 8208 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:39:04.0595 8208 RimUsb - ok
17:39:04.0615 8208 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:39:04.0618 8208 RpcEptMapper - ok
17:39:04.0632 8208 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:39:04.0634 8208 RpcLocator - ok
17:39:04.0683 8208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:39:04.0688 8208 RpcSs - ok
17:39:04.0726 8208 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:39:04.0728 8208 rspndr - ok
17:39:04.0761 8208 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:39:04.0763 8208 RTL8167 - ok
17:39:04.0804 8208 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:39:04.0806 8208 s3cap - ok
17:39:04.0832 8208 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:39:04.0834 8208 SamSs - ok
17:39:04.0858 8208 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:39:04.0861 8208 sbp2port - ok
17:39:04.0909 8208 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:39:04.0915 8208 SCardSvr - ok
17:39:04.0954 8208 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:39:04.0955 8208 scfilter - ok
17:39:05.0022 8208 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:39:05.0032 8208 Schedule - ok
17:39:05.0066 8208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:39:05.0067 8208 SCPolicySvc - ok
17:39:05.0110 8208 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:39:05.0113 8208 sdbus - ok
17:39:05.0151 8208 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:39:05.0157 8208 SDRSVC - ok
17:39:05.0209 8208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:39:05.0210 8208 secdrv - ok
17:39:05.0254 8208 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:39:05.0256 8208 seclogon - ok
17:39:05.0298 8208 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:39:05.0301 8208 SENS - ok
17:39:05.0332 8208 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:39:05.0335 8208 SensrSvc - ok
17:39:05.0363 8208 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:39:05.0365 8208 Serenum - ok
17:39:05.0408 8208 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:39:05.0411 8208 Serial - ok
17:39:05.0441 8208 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:39:05.0443 8208 sermouse - ok
17:39:05.0484 8208 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:39:05.0487 8208 SessionEnv - ok
17:39:05.0529 8208 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:39:05.0531 8208 sffdisk - ok
17:39:05.0564 8208 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:39:05.0565 8208 sffp_mmc - ok
17:39:05.0596 8208 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:39:05.0598 8208 sffp_sd - ok
17:39:05.0630 8208 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:39:05.0631 8208 sfloppy - ok
17:39:05.0685 8208 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:39:05.0689 8208 SharedAccess - ok
17:39:05.0730 8208 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:39:05.0735 8208 ShellHWDetection - ok
17:39:05.0748 8208 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:39:05.0750 8208 SiSRaid2 - ok
17:39:05.0760 8208 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:39:05.0763 8208 SiSRaid4 - ok
17:39:05.0775 8208 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:39:05.0778 8208 Smb - ok
17:39:05.0823 8208 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:39:05.0826 8208 SNMPTRAP - ok
17:39:05.0870 8208 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
17:39:05.0873 8208 Sound Blaster X-Fi MB Licensing Service - ok
17:39:05.0888 8208 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:39:05.0890 8208 spldr - ok
17:39:05.0913 8208 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:39:05.0918 8208 Spooler - ok
17:39:06.0022 8208 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:39:06.0047 8208 sppsvc - ok
17:39:06.0092 8208 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:39:06.0095 8208 sppuinotify - ok
17:39:06.0151 8208 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:39:06.0154 8208 srv - ok
17:39:06.0175 8208 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:39:06.0178 8208 srv2 - ok
17:39:06.0196 8208 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:39:06.0198 8208 srvnet - ok
17:39:06.0216 8208 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:39:06.0220 8208 SSDPSRV - ok
17:39:06.0232 8208 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:39:06.0234 8208 SstpSvc - ok
17:39:06.0372 8208 [ DA7702025DFD169B909C4DA3126762CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
17:39:06.0375 8208 STacSV - ok
17:39:06.0393 8208 Steam Client Service - ok
17:39:06.0429 8208 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:39:06.0430 8208 stexstor - ok
17:39:06.0471 8208 [ CAF5A9708671B14B9670260735B22C4E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:39:06.0475 8208 STHDA - ok
17:39:06.0511 8208 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:39:06.0512 8208 StillCam - ok
17:39:06.0555 8208 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:39:06.0561 8208 stisvc - ok
17:39:06.0584 8208 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:39:06.0586 8208 storflt - ok
17:39:06.0614 8208 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:39:06.0617 8208 StorSvc - ok
17:39:06.0632 8208 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:39:06.0634 8208 storvsc - ok
17:39:06.0647 8208 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:39:06.0648 8208 swenum - ok
17:39:06.0695 8208 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:39:06.0701 8208 swprv - ok
17:39:06.0747 8208 [ 29AD5FF846E8939C10112F34CB2E334A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:39:06.0750 8208 SynTP - ok
17:39:06.0814 8208 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:39:06.0828 8208 SysMain - ok
17:39:06.0865 8208 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:39:06.0869 8208 TabletInputService - ok
17:39:06.0892 8208 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:39:06.0897 8208 TapiSrv - ok
17:39:06.0937 8208 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:39:06.0940 8208 TBS - ok
17:39:07.0020 8208 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:39:07.0052 8208 Tcpip - ok
17:39:07.0101 8208 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:39:07.0115 8208 TCPIP6 - ok
17:39:07.0161 8208 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:39:07.0163 8208 tcpipreg - ok
17:39:07.0197 8208 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:39:07.0199 8208 TDPIPE - ok
17:39:07.0232 8208 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:39:07.0234 8208 TDTCP - ok
17:39:07.0274 8208 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:39:07.0276 8208 tdx - ok
17:39:07.0314 8208 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:39:07.0316 8208 TermDD - ok
17:39:07.0367 8208 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:39:07.0374 8208 TermService - ok
17:39:07.0426 8208 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:39:07.0428 8208 Themes - ok
17:39:07.0465 8208 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:39:07.0467 8208 THREADORDER - ok
17:39:07.0485 8208 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:39:07.0488 8208 TrkWks - ok
17:39:07.0535 8208 [ D8AEE356F3500406ECDC24BB7C80A781 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
17:39:07.0541 8208 trufos - ok
17:39:07.0604 8208 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:39:07.0606 8208 TrustedInstaller - ok
17:39:07.0646 8208 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:07.0648 8208 tssecsrv - ok
17:39:07.0684 8208 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:39:07.0687 8208 TsUsbFlt - ok
17:39:07.0721 8208 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:39:07.0723 8208 tunnel - ok
17:39:07.0746 8208 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:39:07.0747 8208 TurboB - ok
17:39:07.0812 8208 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:39:07.0816 8208 TurboBoost - ok
17:39:07.0850 8208 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:39:07.0852 8208 uagp35 - ok
17:39:07.0888 8208 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:39:07.0894 8208 udfs - ok
17:39:07.0938 8208 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:39:07.0944 8208 UI0Detect - ok
17:39:07.0976 8208 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:39:07.0982 8208 uliagpkx - ok
17:39:08.0039 8208 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:39:08.0040 8208 umbus - ok
17:39:08.0150 8208 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:39:08.0164 8208 UmPass - ok
17:39:08.0213 8208 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:39:08.0217 8208 UmRdpService - ok
17:39:08.0396 8208 [ 2B1970C804C16D887C28246DB6078EC4 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
17:39:08.0398 8208 UPDATESRV - ok
17:39:08.0440 8208 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:39:08.0445 8208 upnphost - ok
17:39:08.0480 8208 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:08.0482 8208 usbccgp - ok
17:39:08.0498 8208 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:39:08.0501 8208 usbcir - ok
17:39:08.0518 8208 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:39:08.0520 8208 usbehci - ok
17:39:08.0539 8208 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
17:39:08.0544 8208 usbhub - ok
17:39:08.0584 8208 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:39:08.0586 8208 usbohci - ok
17:39:08.0594 8208 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:39:08.0596 8208 usbprint - ok
17:39:08.0636 8208 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:39:08.0638 8208 usbscan - ok
17:39:08.0646 8208 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:08.0649 8208 USBSTOR - ok
17:39:08.0702 8208 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:39:08.0711 8208 usbuhci - ok
17:39:08.0748 8208 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:39:08.0752 8208 usbvideo - ok
17:39:08.0789 8208 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:39:08.0791 8208 UxSms - ok
17:39:08.0807 8208 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:39:08.0808 8208 VaultSvc - ok
17:39:08.0819 8208 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:39:08.0821 8208 vdrvroot - ok
17:39:08.0861 8208 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:39:08.0873 8208 vds - ok
17:39:08.0905 8208 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:08.0906 8208 vga - ok
17:39:08.0928 8208 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:39:08.0930 8208 VgaSave - ok
17:39:08.0964 8208 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:39:08.0968 8208 vhdmp - ok
17:39:09.0001 8208 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:39:09.0002 8208 viaide - ok
17:39:09.0024 8208 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:39:09.0028 8208 vmbus - ok
17:39:09.0044 8208 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:39:09.0045 8208 VMBusHID - ok
17:39:09.0064 8208 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:39:09.0066 8208 volmgr - ok
17:39:09.0105 8208 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:39:09.0110 8208 volmgrx - ok
17:39:09.0129 8208 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:39:09.0135 8208 volsnap - ok
17:39:09.0157 8208 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:39:09.0161 8208 vsmraid - ok
17:39:09.0228 8208 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:39:09.0241 8208 VSS - ok
17:39:09.0422 8208 [ 2285DC7DCD31788CF6AC053B445796E0 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
17:39:09.0434 8208 VSSERV - ok
17:39:09.0512 8208 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
17:39:09.0520 8208 vToolbarUpdater12.2.0 - ok
17:39:09.0534 8208 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:39:09.0535 8208 vwifibus - ok
17:39:09.0571 8208 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:39:09.0572 8208 vwififlt - ok
17:39:09.0590 8208 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:39:09.0591 8208 vwifimp - ok
17:39:09.0637 8208 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:39:09.0642 8208 W32Time - ok
17:39:09.0667 8208 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:39:09.0669 8208 WacomPen - ok
17:39:09.0702 8208 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:39:09.0704 8208 WANARP - ok
17:39:09.0711 8208 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:39:09.0712 8208 Wanarpv6 - ok
17:39:09.0775 8208 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:39:09.0795 8208 WatAdminSvc - ok
17:39:09.0855 8208 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:39:09.0880 8208 wbengine - ok
17:39:09.0924 8208 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:39:09.0931 8208 WbioSrvc - ok
17:39:09.0970 8208 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:39:09.0974 8208 wcncsvc - ok
17:39:09.0990 8208 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:39:09.0993 8208 WcsPlugInService - ok
17:39:10.0026 8208 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:39:10.0028 8208 Wd - ok
17:39:10.0061 8208 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:39:10.0073 8208 Wdf01000 - ok
17:39:10.0090 8208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:39:10.0092 8208 WdiServiceHost - ok
17:39:10.0100 8208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:39:10.0102 8208 WdiSystemHost - ok
17:39:10.0149 8208 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:39:10.0155 8208 WebClient - ok
17:39:10.0175 8208 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:39:10.0182 8208 Wecsvc - ok
17:39:10.0222 8208 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:39:10.0225 8208 wercplsupport - ok
17:39:10.0241 8208 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:39:10.0244 8208 WerSvc - ok
17:39:10.0256 8208 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:10.0257 8208 WfpLwf - ok
17:39:10.0308 8208 [ 971423A6B38DDC1501BF1752987DCFD6 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:39:10.0315 8208 WiMAXAppSrv - ok
17:39:10.0347 8208 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:39:10.0351 8208 WimFltr - ok
17:39:10.0373 8208 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:39:10.0374 8208 WIMMount - ok
17:39:10.0391 8208 WinDefend - ok
17:39:10.0408 8208 WinHttpAutoProxySvc - ok
17:39:10.0467 8208 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:39:10.0470 8208 Winmgmt - ok
17:39:10.0545 8208 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:39:10.0580 8208 WinRM - ok
17:39:10.0649 8208 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:39:10.0657 8208 Wlansvc - ok
17:39:10.0800 8208 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:39:10.0815 8208 wlidsvc - ok
17:39:10.0860 8208 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:39:10.0861 8208 WmiAcpi - ok
17:39:10.0911 8208 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:39:10.0913 8208 wmiApSrv - ok
17:39:10.0955 8208 WMPNetworkSvc - ok
17:39:11.0006 8208 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:39:11.0009 8208 WPCSvc - ok
17:39:11.0087 8208 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:39:11.0091 8208 WPDBusEnum - ok
17:39:11.0137 8208 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:39:11.0139 8208 ws2ifsl - ok
17:39:11.0158 8208 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:39:11.0161 8208 wscsvc - ok
17:39:11.0196 8208 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:39:11.0198 8208 WSDPrintDevice - ok
17:39:11.0205 8208 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
17:39:11.0206 8208 WSDScan - ok
17:39:11.0213 8208 WSearch - ok
17:39:11.0309 8208 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:39:11.0327 8208 wuauserv - ok
17:39:11.0363 8208 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:39:11.0364 8208 WudfPf - ok
17:39:11.0389 8208 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:11.0393 8208 WUDFRd - ok
17:39:11.0428 8208 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:39:11.0432 8208 wudfsvc - ok
17:39:11.0475 8208 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:39:11.0482 8208 WwanSvc - ok
17:39:11.0516 8208 ================ Scan global ===============================
17:39:11.0555 8208 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:39:11.0586 8208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:39:11.0594 8208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:39:11.0637 8208 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:39:11.0682 8208 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:39:11.0687 8208 [Global] - ok
17:39:11.0688 8208 ================ Scan MBR ==================================
17:39:11.0705 8208 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:39:11.0993 8208 \Device\Harddisk0\DR0 - ok
17:39:11.0996 8208 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:39:11.0999 8208 \Device\Harddisk1\DR1 - ok
17:39:12.0000 8208 ================ Scan VBR ==================================
17:39:12.0002 8208 [ 47A2B6601A482770DB82E6C7C1FB0314 ] \Device\Harddisk0\DR0\Partition1
17:39:12.0004 8208 \Device\Harddisk0\DR0\Partition1 - ok
17:39:12.0014 8208 [ 6A6B0AFBB8807427DC183BF4C2FEBBFF ] \Device\Harddisk0\DR0\Partition2
17:39:12.0016 8208 \Device\Harddisk0\DR0\Partition2 - ok
17:39:12.0019 8208 [ 43500DCCC4F0431C594B95377B54DAC3 ] \Device\Harddisk1\DR1\Partition1
17:39:12.0021 8208 \Device\Harddisk1\DR1\Partition1 - ok
17:39:12.0021 8208 ============================================================
17:39:12.0021 8208 Scan finished
17:39:12.0021 8208 ============================================================
17:39:12.0030 2932 Detected object count: 0
17:39:12.0030 2932 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 17:49:25
-----------------------------
17:49:25.629 OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:25.629 Number of processors: 8 586 0x1E05
17:49:25.631 ComputerName: ELECTRA UserName: Phillip
17:49:27.274 Initialize success
17:51:00.977 AVAST engine defs: 12092601
17:52:16.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:52:16.753 Disk 0 Vendor: Hitachi_HTS723232L9A360 FC4OC3AF Size: 305245MB BusType: 11
17:52:16.757 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
17:52:16.761 Disk 1 Vendor: Hitachi_HTS723232L9A360 FC4OC3AF Size: 305245MB BusType: 11
17:52:16.783 Disk 0 MBR read successfully
17:52:16.788 Disk 0 MBR scan
17:52:16.834 Disk 0 Windows VISTA default MBR code
17:52:16.840 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:52:16.911 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:52:16.933 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
17:52:16.960 Disk 0 scanning C:\Windows\system32\drivers
17:52:35.038 Service scanning
17:52:39.752 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
17:53:07.325 Modules scanning
17:53:07.343 Disk 0 trace - called modules:
17:53:07.376 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:53:07.384 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dba790]
17:53:07.391 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b3f060]
17:53:08.890 AVAST engine scan C:\Windows
17:53:12.657 AVAST engine scan C:\Windows\system32
17:57:07.816 AVAST engine scan C:\Windows\system32\drivers
17:57:20.807 AVAST engine scan C:\Users\Phillip
18:07:04.497 AVAST engine scan C:\ProgramData
18:11:26.670 Scan finished successfully
18:12:04.411 Disk 0 MBR has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 2\MBR.dat"
18:12:04.451 The log file has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 2\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 26 September 2012 - 05:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 28 September 2012 - 09:10 PM

Another problem developed after running ComboFix: Internet Explorer performance is now so poor (i.e. verrrrry slow & often stops responding) that I had to install Foxfire to be able to access the web - this problem is completely new. Otherwise, I'm still having the same problems.

My Computer's Status:

1. Clicking on result links of Google searches are still re-directed to another crude list of search results;
2. Windows updates still fail;
3. Random audio played after I completed your first set of instructions - I will continue to monitor; and
4. I'm still getting constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up.


ComboFix 12-09-27.03 - Phillip 09/28/2012 20:19:13.7.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8181.5923 [GMT -4:00]
Running from: c:\users\Phillip\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\onsxaaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\Minecraft\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\John\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\John.Electra\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-09-29 00:27 . 2012-09-29 00:27 -------- d-----w- c:\users\Claire.Electra\AppData\Local\temp
2012-09-28 23:04 . 2012-09-28 23:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-28 23:04 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 07:32 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-28 07:25 . 2012-09-28 07:25 145696 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-09-28 07:17 . 2012-09-28 07:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-28 02:46 . 2012-09-29 00:27 -------- d-----w- c:\users\Phillip\AppData\Local\temp
2012-09-28 01:29 . 2012-09-28 03:08 -------- d-----w- c:\users\Godric
2012-09-28 01:05 . 2012-09-28 01:05 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-09-28 00:52 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-09-28 00:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-28 00:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-09-28 00:52 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-09-28 00:52 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-09-28 00:50 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-09-19 22:49 . 2012-09-19 22:49 -------- d-----w- c:\users\Phillip\AppData\Roaming\Malwarebytes
2012-09-19 22:49 . 2012-09-19 22:49 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 21:33 . 2012-09-14 21:33 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-09-14 21:03 . 2012-09-14 21:03 -------- d-----w- c:\programdata\BDLogging
2012-09-14 21:02 . 2012-08-23 21:07 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-09-14 21:02 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2012-09-14 21:02 . 2012-06-13 18:01 577248 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-09-14 21:02 . 2011-11-25 19:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-09-14 21:02 . 2012-06-13 18:01 700384 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-09-14 20:49 . 2012-09-14 20:49 -------- d-----w- c:\users\Phillip\AppData\Roaming\Bitdefender
2012-09-14 20:49 . 2012-09-14 21:04 -------- d-----w- c:\programdata\Bitdefender
2012-09-14 20:48 . 2012-09-14 20:48 -------- d-----w- c:\users\Phillip\AppData\Roaming\QuickScan
2012-09-14 20:44 . 2012-09-14 20:44 -------- d-----w- c:\program files\Bitdefender
2012-09-14 20:44 . 2012-07-02 19:21 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-09-14 20:43 . 2012-09-14 20:44 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-09-09 22:54 . 2012-09-09 22:54 -------- d-----w- c:\users\Phillip\AppData\Local\WinZip
2012-09-09 22:53 . 2012-09-09 22:55 -------- d-----w- c:\programdata\WinZip
2012-09-09 22:53 . 2012-09-09 22:53 -------- d-----w- c:\program files\WinZip
2012-09-09 22:52 . 2012-09-09 22:52 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-09 22:52 . 2012-09-25 23:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-07 08:23 . 2012-09-07 08:23 -------- d-----w- c:\program files (x86)\VUDUToGo
2012-09-06 02:44 . 2012-09-06 02:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 04:43 . 2010-06-13 02:34 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-25 20:01 . 2012-08-25 20:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 20:01 . 2012-08-25 20:01 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06 . 2012-08-11 06:56 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2010-06-28 05:57 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[-] 2010-11-20 . 57300E71DFBB58D8ED0D7B9813E55795 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-01-16 5300360]
"Akamai NetSession Interface"="c:\users\Phillip\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 2676584]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-23 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"FAStartup"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-23 109336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-06-13 577248]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-08-23 82384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-27 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-05-27 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-06-13 700384]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-09-28 145696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-09 31080]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 202752]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-04-27 5349552]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-07-03 68416]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-09 927840]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-15 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-15 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-15 81920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 20:01]
.
2012-09-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2012-09-28 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-15 18:39]
.
2012-09-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-09-28 1544912]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with WordPerfect
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:25,31,fb,24,66,77,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,40,af,2b,08,f5,38,45,9b,a3,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,40,af,2b,08,f5,38,45,9b,a3,05,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 20:30:02
ComboFix-quarantined-files.txt 2012-09-29 00:30
ComboFix2.txt 2012-09-28 02:46
ComboFix3.txt 2012-09-26 23:26
ComboFix4.txt 2012-08-21 05:43
ComboFix5.txt 2012-09-29 00:17
.
Pre-Run: 247,083,569,152 bytes free
Post-Run: 248,391,991,296 bytes free
.
- - End Of File - - 906BBDF61E9A7EC11573F94AEE5D3FCD

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 28 September 2012 - 09:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 29 September 2012 - 02:51 PM

Still having the same problem that developed after running ComboFix per your instructions on September 26: Internet Explorer performance is now so poor (i.e. verrrrry slow & often stops responding) that I am now using Firefox to access the web. Otherwise, I'm still having the same problemsthat I first described:

My Computer's Status:

1. Clicking on result links of Google searches are still re-directed to another crude list of search results;
2. Windows updates still fail;
3. Random audio played after I completed your first set of instructions - I will continue to monitor; and
4. I'm still getting constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up.

12:30:37.0595 6308 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:30:37.0940 6308 ============================================================
12:30:37.0940 6308 Current date / time: 2012/09/29 12:30:37.0940
12:30:37.0940 6308 SystemInfo:
12:30:37.0940 6308
12:30:37.0940 6308 OS Version: 6.1.7601 ServicePack: 1.0
12:30:37.0940 6308 Product type: Workstation
12:30:37.0940 6308 ComputerName: ELECTRA
12:30:37.0940 6308 UserName: Phillip
12:30:37.0940 6308 Windows directory: C:\Windows
12:30:37.0940 6308 System windows directory: C:\Windows
12:30:37.0940 6308 Running under WOW64
12:30:37.0940 6308 Processor architecture: Intel x64
12:30:37.0940 6308 Number of processors: 8
12:30:37.0940 6308 Page size: 0x1000
12:30:37.0940 6308 Boot type: Normal boot
12:30:37.0940 6308 ============================================================
12:30:39.0717 6308 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:40.0062 6308 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:40.0085 6308 ============================================================
12:30:40.0085 6308 \Device\Harddisk0\DR0:
12:30:40.0093 6308 MBR partitions:
12:30:40.0093 6308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:30:40.0093 6308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
12:30:40.0093 6308 \Device\Harddisk1\DR1:
12:30:40.0093 6308 MBR partitions:
12:30:40.0093 6308 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
12:30:40.0093 6308 ============================================================
12:30:40.0229 6308 C: <-> \Device\Harddisk0\DR0\Partition2
12:30:40.0260 6308 D: <-> \Device\Harddisk1\DR1\Partition1
12:30:40.0260 6308 ============================================================
12:30:40.0260 6308 Initialize success
12:30:40.0260 6308 ============================================================
12:30:45.0694 1656 ============================================================
12:30:45.0694 1656 Scan started
12:30:45.0694 1656 Mode: Manual;
12:30:45.0694 1656 ============================================================
12:30:51.0130 1656 ================ Scan system memory ========================
12:30:51.0130 1656 System memory - ok
12:30:51.0131 1656 ================ Scan services =============================
12:30:51.0799 1656 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:30:51.0832 1656 1394ohci - ok
12:30:51.0896 1656 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys
12:30:51.0900 1656 Acceler - ok
12:30:52.0068 1656 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:30:52.0089 1656 ACPI - ok
12:30:52.0133 1656 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:30:52.0147 1656 AcpiPmi - ok
12:30:52.0356 1656 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:30:52.0358 1656 AdobeARMservice - ok
12:30:52.0666 1656 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:52.0669 1656 AdobeFlashPlayerUpdateSvc - ok
12:30:52.0843 1656 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:30:52.0859 1656 adp94xx - ok
12:30:52.0900 1656 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:30:52.0906 1656 adpahci - ok
12:30:52.0951 1656 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:30:52.0961 1656 adpu320 - ok
12:30:52.0995 1656 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:30:52.0996 1656 AeLookupSvc - ok
12:30:53.0404 1656 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
12:30:53.0422 1656 AESTFilters - ok
12:30:53.0504 1656 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:30:53.0558 1656 AFD - ok
12:30:53.0621 1656 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:30:53.0659 1656 agp440 - ok
12:30:53.0722 1656 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:30:53.0725 1656 ALG - ok
12:30:53.0734 1656 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:30:53.0735 1656 aliide - ok
12:30:53.0770 1656 [ BE778D82B983BA8F8C700C007A04326F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:30:53.0773 1656 AMD External Events Utility - ok
12:30:53.0780 1656 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:30:53.0781 1656 amdide - ok
12:30:53.0820 1656 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:30:53.0823 1656 AmdK8 - ok
12:30:53.0830 1656 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:30:53.0833 1656 AmdPPM - ok
12:30:53.0863 1656 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:30:53.0868 1656 amdsata - ok
12:30:53.0894 1656 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:30:53.0899 1656 amdsbs - ok
12:30:53.0913 1656 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:30:53.0914 1656 amdxata - ok
12:30:53.0946 1656 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:30:53.0951 1656 AppID - ok
12:30:53.0991 1656 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:30:53.0994 1656 AppIDSvc - ok
12:30:54.0026 1656 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:30:54.0028 1656 Appinfo - ok
12:30:54.0100 1656 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:30:54.0151 1656 AppMgmt - ok
12:30:54.0197 1656 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:30:54.0212 1656 arc - ok
12:30:54.0226 1656 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:30:54.0229 1656 arcsas - ok
12:30:54.0600 1656 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:30:54.0652 1656 aspnet_state - ok
12:30:54.0693 1656 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:54.0713 1656 AsyncMac - ok
12:30:54.0748 1656 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:30:54.0749 1656 atapi - ok
12:30:54.0776 1656 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:30:54.0779 1656 AtiHdmiService - ok
12:30:56.0255 1656 [ 74813BCD647B441DC9C9C0DB2833781D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:56.0510 1656 atikmdag - ok
12:30:56.0688 1656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:30:56.0692 1656 AudioEndpointBuilder - ok
12:30:56.0896 1656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:30:56.0899 1656 AudioSrv - ok
12:30:57.0143 1656 [ 231283F55C2B78A497A5B3ABC30FEDCE ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
12:30:57.0190 1656 avc3 - ok
12:30:57.0258 1656 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
12:30:57.0264 1656 avchv - ok
12:30:57.0337 1656 [ 4A1C88BDF3FDFF54615690ADD3F6F84B ] avckf C:\Windows\system32\DRIVERS\avckf.sys
12:30:57.0343 1656 avckf - ok
12:30:57.0396 1656 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
12:30:57.0398 1656 avgtp - ok
12:30:57.0445 1656 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:30:57.0465 1656 AxInstSV - ok
12:30:57.0514 1656 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:30:57.0532 1656 b06bdrv - ok
12:30:57.0556 1656 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:57.0563 1656 b57nd60a - ok
12:30:57.0627 1656 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:30:57.0631 1656 BDESVC - ok
12:30:57.0774 1656 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
12:30:57.0777 1656 bdfwfpf - ok
12:30:57.0846 1656 [ CCAA465F33FF3CD0836AA7F4520D5025 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
12:30:57.0866 1656 BDSandBox - ok
12:30:57.0908 1656 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:30:57.0909 1656 Beep - ok
12:30:57.0961 1656 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:30:57.0965 1656 BFE - ok
12:30:58.0092 1656 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:30:58.0100 1656 BITS - ok
12:30:58.0133 1656 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:58.0135 1656 blbdrive - ok
12:30:58.0171 1656 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:30:58.0173 1656 bowser - ok
12:30:58.0196 1656 [ A91B4392B326F6AED0052CB2592E979D ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
12:30:58.0200 1656 bpenum - ok
12:30:58.0277 1656 [ 7057339774618E38CFEFE0B5D1FDD58E ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
12:30:58.0281 1656 bpmp - ok
12:30:58.0286 1656 [ 2636C9619120A6B16DCB51886C46AC20 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
12:30:58.0290 1656 bpusb - ok
12:30:58.0314 1656 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:30:58.0315 1656 BrFiltLo - ok
12:30:58.0343 1656 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:30:58.0344 1656 BrFiltUp - ok
12:30:58.0355 1656 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:30:58.0358 1656 BridgeMP - ok
12:30:58.0388 1656 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:30:58.0389 1656 Browser - ok
12:30:58.0412 1656 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:30:58.0418 1656 Brserid - ok
12:30:58.0462 1656 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:58.0466 1656 BrSerWdm - ok
12:30:58.0475 1656 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:58.0477 1656 BrUsbMdm - ok
12:30:58.0491 1656 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:58.0492 1656 BrUsbSer - ok
12:30:58.0512 1656 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:30:58.0512 1656 BthEnum - ok
12:30:58.0532 1656 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:30:58.0534 1656 BTHMODEM - ok
12:30:58.0556 1656 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:30:58.0558 1656 BthPan - ok
12:30:58.0603 1656 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:30:58.0611 1656 BTHPORT - ok
12:30:58.0649 1656 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:30:58.0651 1656 bthserv - ok
12:30:58.0698 1656 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:30:58.0715 1656 BTHUSB - ok
12:30:58.0719 1656 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:30:58.0720 1656 btwaudio - ok
12:30:58.0787 1656 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
12:30:58.0789 1656 btwavdt - ok
12:30:58.0970 1656 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:30:58.0999 1656 btwdins - ok
12:30:59.0037 1656 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:30:59.0038 1656 btwl2cap - ok
12:30:59.0062 1656 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:30:59.0062 1656 btwrchid - ok
12:31:00.0405 1656 [ 33E43A31AC6AC6BA95D4772D8CCA076F ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
12:31:00.0583 1656 CarboniteService - ok
12:31:00.0680 1656 catchme - ok
12:31:00.0802 1656 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:31:00.0907 1656 cdfs - ok
12:31:00.0939 1656 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:31:00.0945 1656 cdrom - ok
12:31:00.0996 1656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:31:01.0008 1656 CertPropSvc - ok
12:31:01.0031 1656 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:31:01.0033 1656 circlass - ok
12:31:01.0088 1656 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:31:01.0093 1656 CLFS - ok
12:31:01.0164 1656 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:01.0167 1656 clr_optimization_v2.0.50727_32 - ok
12:31:01.0213 1656 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:01.0216 1656 clr_optimization_v2.0.50727_64 - ok
12:31:01.0341 1656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:01.0370 1656 clr_optimization_v4.0.30319_32 - ok
12:31:01.0393 1656 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:01.0394 1656 clr_optimization_v4.0.30319_64 - ok
12:31:01.0428 1656 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:01.0429 1656 CmBatt - ok
12:31:01.0443 1656 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:31:01.0445 1656 cmdide - ok
12:31:01.0480 1656 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:31:01.0487 1656 CNG - ok
12:31:01.0500 1656 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:31:01.0501 1656 Compbatt - ok
12:31:01.0540 1656 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:31:01.0548 1656 CompositeBus - ok
12:31:01.0551 1656 COMSysApp - ok
12:31:01.0595 1656 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:01.0597 1656 crcdisk - ok
12:31:01.0947 1656 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
12:31:01.0971 1656 Creative ALchemy AL6 Licensing Service - ok
12:31:02.0012 1656 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:31:02.0027 1656 Creative Audio Engine Licensing Service - ok
12:31:02.0062 1656 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:31:02.0064 1656 CryptSvc - ok
12:31:02.0215 1656 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:31:02.0259 1656 CSC - ok
12:31:02.0321 1656 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:31:02.0327 1656 CscService - ok
12:31:02.0580 1656 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
12:31:02.0608 1656 CTAudSvcService - ok
12:31:02.0665 1656 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:31:02.0691 1656 CtClsFlt - ok
12:31:02.0815 1656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:31:02.0822 1656 DcomLaunch - ok
12:31:02.0971 1656 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:31:03.0030 1656 defragsvc - ok
12:31:03.0087 1656 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:31:03.0124 1656 DfsC - ok
12:31:03.0186 1656 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:31:03.0188 1656 Dhcp - ok
12:31:03.0230 1656 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:31:03.0248 1656 discache - ok
12:31:03.0280 1656 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:31:03.0281 1656 Disk - ok
12:31:03.0312 1656 [ E56778551BF535500D6B02E68E5BFB47 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
12:31:03.0317 1656 DMAgent - ok
12:31:03.0376 1656 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:31:03.0378 1656 Dnscache - ok
12:31:03.0462 1656 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:31:03.0498 1656 dot3svc - ok
12:31:03.0551 1656 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:31:03.0553 1656 DPS - ok
12:31:03.0615 1656 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:31:03.0643 1656 drmkaud - ok
12:31:03.0774 1656 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:31:03.0780 1656 DXGKrnl - ok
12:31:03.0847 1656 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:31:03.0849 1656 EapHost - ok
12:31:04.0427 1656 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:31:04.0528 1656 ebdrv - ok
12:31:04.0562 1656 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:31:04.0564 1656 EFS - ok
12:31:04.0886 1656 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:31:05.0087 1656 ehRecvr - ok
12:31:05.0124 1656 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:31:05.0168 1656 ehSched - ok
12:31:05.0228 1656 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:31:05.0314 1656 elxstor - ok
12:31:05.0346 1656 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:31:05.0359 1656 ErrDev - ok
12:31:05.0522 1656 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:31:05.0525 1656 EventSystem - ok
12:31:05.0607 1656 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:31:05.0669 1656 exfat - ok
12:31:05.0703 1656 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
12:31:05.0728 1656 FACAP - ok
12:31:05.0760 1656 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:31:05.0763 1656 fastfat - ok
12:31:05.0803 1656 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:31:05.0820 1656 Fax - ok
12:31:05.0842 1656 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:31:05.0844 1656 fdc - ok
12:31:05.0872 1656 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:31:05.0874 1656 fdPHost - ok
12:31:05.0886 1656 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:31:05.0887 1656 FDResPub - ok
12:31:05.0935 1656 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:31:05.0969 1656 FileInfo - ok
12:31:05.0997 1656 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:31:06.0000 1656 Filetrace - ok
12:31:06.0085 1656 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:06.0103 1656 flpydisk - ok
12:31:06.0136 1656 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:31:06.0207 1656 FltMgr - ok
12:31:06.0346 1656 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
12:31:06.0354 1656 FontCache - ok
12:31:06.0504 1656 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:06.0542 1656 FontCache3.0.0.0 - ok
12:31:06.0613 1656 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:31:06.0645 1656 FsDepends - ok
12:31:06.0729 1656 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:31:06.0730 1656 Fs_Rec - ok
12:31:06.0836 1656 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:31:06.0886 1656 fvevol - ok
12:31:06.0928 1656 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:06.0968 1656 gagp30kx - ok
12:31:07.0080 1656 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
12:31:07.0103 1656 GameConsoleService - ok
12:31:07.0131 1656 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:31:07.0140 1656 GoToAssist - ok
12:31:07.0164 1656 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:31:07.0169 1656 gpsvc - ok
12:31:07.0200 1656 GsServer - ok
12:31:07.0396 1656 [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
12:31:07.0402 1656 gzflt - ok
12:31:07.0466 1656 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:31:07.0491 1656 hcw85cir - ok
12:31:07.0539 1656 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:31:07.0541 1656 HDAudBus - ok
12:31:07.0555 1656 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:07.0557 1656 HidBatt - ok
12:31:07.0613 1656 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:31:07.0633 1656 HidBth - ok
12:31:07.0638 1656 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:31:07.0640 1656 HidIr - ok
12:31:07.0657 1656 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:31:07.0658 1656 hidserv - ok
12:31:07.0673 1656 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:31:07.0675 1656 HidUsb - ok
12:31:07.0710 1656 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:31:07.0736 1656 hkmsvc - ok
12:31:07.0786 1656 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:31:07.0788 1656 HomeGroupListener - ok
12:31:07.0868 1656 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:31:07.0870 1656 HomeGroupProvider - ok
12:31:07.0917 1656 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:31:07.0961 1656 HpSAMD - ok
12:31:08.0231 1656 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:31:08.0261 1656 HTTP - ok
12:31:08.0345 1656 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:31:08.0346 1656 hwpolicy - ok
12:31:08.0390 1656 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:31:08.0427 1656 i8042prt - ok
12:31:08.0486 1656 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:31:08.0492 1656 iaStorV - ok
12:31:08.0579 1656 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:08.0596 1656 idsvc - ok
12:31:08.0626 1656 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:31:08.0628 1656 iirsp - ok
12:31:08.0679 1656 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:31:08.0683 1656 IKEEXT - ok
12:31:08.0722 1656 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:31:08.0732 1656 intelide - ok
12:31:08.0750 1656 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:31:08.0751 1656 intelppm - ok
12:31:08.0816 1656 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:31:08.0826 1656 IPBusEnum - ok
12:31:08.0906 1656 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:08.0925 1656 IpFilterDriver - ok
12:31:09.0015 1656 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:31:09.0022 1656 iphlpsvc - ok
12:31:09.0058 1656 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:31:09.0078 1656 IPMIDRV - ok
12:31:09.0120 1656 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:31:09.0129 1656 IPNAT - ok
12:31:09.0177 1656 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:31:09.0192 1656 IRENUM - ok
12:31:09.0218 1656 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:31:09.0220 1656 isapnp - ok
12:31:09.0234 1656 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:31:09.0240 1656 iScsiPrt - ok
12:31:09.0282 1656 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:31:09.0284 1656 kbdclass - ok
12:31:09.0304 1656 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:31:09.0377 1656 kbdhid - ok
12:31:09.0403 1656 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:31:09.0405 1656 KeyIso - ok
12:31:09.0479 1656 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:31:09.0481 1656 KSecDD - ok
12:31:09.0588 1656 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:31:09.0591 1656 KSecPkg - ok
12:31:09.0624 1656 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:31:09.0627 1656 ksthunk - ok
12:31:09.0736 1656 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:31:09.0775 1656 KtmRm - ok
12:31:09.0819 1656 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:31:09.0822 1656 LanmanServer - ok
12:31:09.0857 1656 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:31:09.0860 1656 LanmanWorkstation - ok
12:31:10.0052 1656 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:31:10.0103 1656 LBTServ - ok
12:31:10.0141 1656 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:31:10.0142 1656 LHidFilt - ok
12:31:10.0154 1656 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:31:10.0155 1656 lltdio - ok
12:31:10.0191 1656 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:31:10.0199 1656 lltdsvc - ok
12:31:10.0217 1656 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:31:10.0218 1656 lmhosts - ok
12:31:10.0231 1656 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:31:10.0232 1656 LMouFilt - ok
12:31:10.0302 1656 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:10.0343 1656 LSI_FC - ok
12:31:10.0394 1656 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:10.0413 1656 LSI_SAS - ok
12:31:10.0444 1656 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:10.0448 1656 LSI_SAS2 - ok
12:31:10.0465 1656 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:10.0470 1656 LSI_SCSI - ok
12:31:10.0483 1656 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:31:10.0485 1656 luafv - ok
12:31:10.0543 1656 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:31:10.0544 1656 MBAMProtector - ok
12:31:10.0618 1656 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:31:10.0622 1656 MBAMScheduler - ok
12:31:10.0659 1656 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:31:10.0663 1656 MBAMService - ok
12:31:10.0917 1656 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
12:31:10.0920 1656 McciCMService - ok
12:31:10.0984 1656 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:31:11.0056 1656 Mcx2Svc - ok
12:31:11.0080 1656 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:31:11.0084 1656 megasas - ok
12:31:11.0212 1656 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:11.0228 1656 MegaSR - ok
12:31:11.0312 1656 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:31:11.0315 1656 MMCSS - ok
12:31:11.0377 1656 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:31:11.0379 1656 Modem - ok
12:31:11.0422 1656 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:31:11.0423 1656 monitor - ok
12:31:11.0674 1656 [ 2443B978E80F8A3D1F39855AA25882AF ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
12:31:11.0676 1656 MotoHelper - ok
12:31:11.0714 1656 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:31:11.0716 1656 mouclass - ok
12:31:11.0753 1656 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:31:11.0767 1656 mouhid - ok
12:31:11.0817 1656 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:31:11.0833 1656 mountmgr - ok
12:31:11.0901 1656 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:11.0928 1656 MozillaMaintenance - ok
12:31:11.0945 1656 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:31:11.0952 1656 mpio - ok
12:31:11.0963 1656 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:31:11.0965 1656 mpsdrv - ok
12:31:12.0179 1656 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:31:12.0188 1656 MpsSvc - ok
12:31:12.0248 1656 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
12:31:12.0259 1656 MREMP50 - ok
12:31:12.0264 1656 MREMP50a64 - ok
12:31:12.0269 1656 MREMPR5 - ok
12:31:12.0274 1656 MRENDIS5 - ok
12:31:12.0345 1656 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
12:31:12.0407 1656 MRESP50 - ok
12:31:12.0413 1656 MRESP50a64 - ok
12:31:12.0445 1656 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:31:12.0460 1656 MRxDAV - ok
12:31:12.0568 1656 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:12.0598 1656 mrxsmb - ok
12:31:12.0693 1656 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:12.0704 1656 mrxsmb10 - ok
12:31:12.0739 1656 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:12.0777 1656 mrxsmb20 - ok
12:31:12.0826 1656 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:31:12.0828 1656 msahci - ok
12:31:12.0935 1656 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:31:12.0978 1656 msdsm - ok
12:31:13.0060 1656 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:31:13.0110 1656 MSDTC - ok
12:31:13.0193 1656 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:31:13.0219 1656 Msfs - ok
12:31:13.0247 1656 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:31:13.0249 1656 mshidkmdf - ok
12:31:13.0306 1656 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:31:13.0306 1656 msisadrv - ok
12:31:13.0397 1656 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:31:13.0421 1656 MSiSCSI - ok
12:31:13.0426 1656 msiserver - ok
12:31:13.0439 1656 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:31:13.0440 1656 MSKSSRV - ok
12:31:13.0450 1656 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:13.0451 1656 MSPCLOCK - ok
12:31:13.0460 1656 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:31:13.0461 1656 MSPQM - ok
12:31:13.0575 1656 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:31:13.0604 1656 MsRPC - ok
12:31:13.0653 1656 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:31:13.0655 1656 mssmbios - ok
12:31:13.0706 1656 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:31:13.0728 1656 MSTEE - ok
12:31:13.0749 1656 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:13.0751 1656 MTConfig - ok
12:31:13.0798 1656 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:31:13.0799 1656 Mup - ok
12:31:13.0967 1656 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:31:13.0984 1656 napagent - ok
12:31:14.0069 1656 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:31:14.0074 1656 NativeWifiP - ok
12:31:14.0355 1656 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:31:14.0393 1656 NDIS - ok
12:31:14.0427 1656 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:14.0444 1656 NdisCap - ok
12:31:14.0472 1656 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:14.0474 1656 NdisTapi - ok
12:31:14.0513 1656 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:14.0514 1656 Ndisuio - ok
12:31:14.0592 1656 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:14.0632 1656 NdisWan - ok
12:31:14.0672 1656 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:31:14.0675 1656 NDProxy - ok
12:31:14.0690 1656 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:31:14.0692 1656 NetBIOS - ok
12:31:14.0737 1656 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:31:14.0757 1656 NetBT - ok
12:31:14.0813 1656 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:31:14.0814 1656 Netlogon - ok
12:31:14.0850 1656 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:31:14.0853 1656 Netman - ok
12:31:14.0890 1656 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0905 1656 NetMsmqActivator - ok
12:31:14.0911 1656 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0912 1656 NetPipeActivator - ok
12:31:14.0956 1656 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:31:14.0960 1656 netprofm - ok
12:31:14.0974 1656 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0976 1656 NetTcpActivator - ok
12:31:15.0000 1656 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:15.0001 1656 NetTcpPortSharing - ok
12:31:15.0656 1656 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
12:31:15.0825 1656 NETw5s64 - ok
12:31:15.0870 1656 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:15.0883 1656 nfrd960 - ok
12:31:15.0934 1656 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:31:15.0938 1656 NlaSvc - ok
12:31:15.0982 1656 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:31:16.0006 1656 Npfs - ok
12:31:16.0050 1656 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:31:16.0051 1656 nsi - ok
12:31:16.0100 1656 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:31:16.0101 1656 nsiproxy - ok
12:31:16.0348 1656 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:31:16.0380 1656 Ntfs - ok
12:31:16.0422 1656 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:31:16.0449 1656 Null - ok
12:31:16.0488 1656 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:31:16.0492 1656 nvraid - ok
12:31:16.0552 1656 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:31:16.0557 1656 nvstor - ok
12:31:16.0636 1656 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:31:16.0645 1656 nv_agp - ok
12:31:16.0677 1656 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
12:31:16.0678 1656 O2FLASH - ok
12:31:16.0695 1656 [ 8C2953537CA19DFAA67D612407E0F33E ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
12:31:16.0698 1656 O2MDGRDR - ok
12:31:16.0727 1656 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:31:16.0738 1656 ohci1394 - ok
12:31:16.0770 1656 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:16.0774 1656 ose - ok
12:31:17.0208 1656 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:31:17.0333 1656 osppsvc - ok
12:31:17.0431 1656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:31:17.0434 1656 p2pimsvc - ok
12:31:17.0469 1656 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:31:17.0474 1656 p2psvc - ok
12:31:17.0537 1656 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:31:17.0551 1656 Parport - ok
12:31:17.0613 1656 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:31:17.0614 1656 partmgr - ok
12:31:17.0740 1656 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:31:17.0743 1656 PcaSvc - ok
12:31:17.0873 1656 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
12:31:17.0886 1656 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
12:31:17.0933 1656 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:31:17.0936 1656 pci - ok
12:31:17.0991 1656 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:31:17.0993 1656 pciide - ok
12:31:18.0032 1656 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:18.0036 1656 pcmcia - ok
12:31:18.0053 1656 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:31:18.0054 1656 pcw - ok
12:31:18.0090 1656 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:31:18.0100 1656 PEAUTH - ok
12:31:18.0283 1656 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:31:18.0325 1656 PeerDistSvc - ok
12:31:18.0549 1656 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:31:18.0556 1656 PerfHost - ok
12:31:18.0785 1656 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:31:18.0824 1656 pla - ok
12:31:18.0874 1656 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:31:18.0879 1656 PlugPlay - ok
12:31:18.0938 1656 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:31:18.0961 1656 PNRPAutoReg - ok
12:31:19.0082 1656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:31:19.0085 1656 PNRPsvc - ok
12:31:19.0174 1656 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:31:19.0179 1656 PolicyAgent - ok
12:31:19.0334 1656 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:31:19.0336 1656 Power - ok
12:31:19.0403 1656 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:31:19.0430 1656 PptpMiniport - ok
12:31:19.0447 1656 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:31:19.0449 1656 Processor - ok
12:31:19.0491 1656 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:31:19.0494 1656 ProfSvc - ok
12:31:19.0562 1656 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:31:19.0564 1656 ProtectedStorage - ok
12:31:19.0628 1656 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:31:19.0637 1656 Psched - ok
12:31:19.0674 1656 [ E7483BE1E7A6FB16FC9AD6B54F99DEE4 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:31:19.0676 1656 PSI_SVC_2 - ok
12:31:19.0742 1656 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:31:19.0743 1656 PxHlpa64 - ok
12:31:20.0222 1656 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:31:20.0305 1656 ql2300 - ok
12:31:20.0317 1656 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:20.0321 1656 ql40xx - ok
12:31:20.0365 1656 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:31:20.0396 1656 QWAVE - ok
12:31:20.0421 1656 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:31:20.0425 1656 QWAVEdrv - ok
12:31:20.0462 1656 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:31:20.0463 1656 RasAcd - ok
12:31:20.0505 1656 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:20.0522 1656 RasAgileVpn - ok
12:31:20.0544 1656 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:31:20.0548 1656 RasAuto - ok
12:31:20.0584 1656 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:20.0587 1656 Rasl2tp - ok
12:31:20.0670 1656 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:31:20.0674 1656 RasMan - ok
12:31:20.0732 1656 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:20.0736 1656 RasPppoe - ok
12:31:20.0786 1656 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:31:20.0789 1656 RasSstp - ok
12:31:20.0868 1656 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:31:20.0906 1656 rdbss - ok
12:31:20.0941 1656 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:20.0943 1656 rdpbus - ok
12:31:20.0998 1656 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:21.0000 1656 RDPCDD - ok
12:31:21.0065 1656 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:31:21.0097 1656 RDPDR - ok
12:31:21.0128 1656 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:31:21.0129 1656 RDPENCDD - ok
12:31:21.0140 1656 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:31:21.0142 1656 RDPREFMP - ok
12:31:21.0224 1656 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:31:21.0258 1656 RDPWD - ok
12:31:21.0311 1656 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:31:21.0314 1656 rdyboost - ok
12:31:21.0401 1656 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:31:21.0460 1656 RemoteAccess - ok
12:31:21.0503 1656 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:31:21.0508 1656 RemoteRegistry - ok
12:31:21.0575 1656 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:31:21.0588 1656 RFCOMM - ok
12:31:21.0616 1656 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:31:21.0619 1656 RimUsb - ok
12:31:21.0679 1656 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:31:21.0681 1656 RpcEptMapper - ok
12:31:21.0696 1656 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:31:21.0698 1656 RpcLocator - ok
12:31:21.0766 1656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:31:21.0772 1656 RpcSs - ok
12:31:21.0815 1656 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:31:21.0817 1656 rspndr - ok
12:31:21.0850 1656 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:21.0856 1656 RTL8167 - ok
12:31:21.0893 1656 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:31:21.0895 1656 s3cap - ok
12:31:21.0921 1656 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:31:21.0923 1656 SamSs - ok
12:31:21.0972 1656 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:31:21.0997 1656 sbp2port - ok
12:31:22.0065 1656 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:31:22.0076 1656 SCardSvr - ok
12:31:22.0126 1656 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:31:22.0128 1656 scfilter - ok
12:31:22.0308 1656 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:31:22.0978 1656 Schedule - ok
12:31:23.0264 1656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:31:23.0397 1656 SCPolicySvc - ok
12:31:23.0499 1656 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:31:24.0220 1656 sdbus - ok
12:31:24.0423 1656 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:31:24.0526 1656 SDRSVC - ok
12:31:24.0581 1656 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:31:24.0582 1656 secdrv - ok
12:31:24.0701 1656 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:31:24.0703 1656 seclogon - ok
12:31:24.0837 1656 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:31:24.0840 1656 SENS - ok
12:31:24.0863 1656 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:31:24.0866 1656 SensrSvc - ok
12:31:24.0910 1656 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:31:24.0917 1656 Serenum - ok
12:31:24.0930 1656 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:31:24.0935 1656 Serial - ok
12:31:24.0972 1656 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:31:24.0973 1656 sermouse - ok
12:31:25.0031 1656 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:31:25.0038 1656 SessionEnv - ok
12:31:25.0077 1656 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:31:25.0079 1656 sffdisk - ok
12:31:25.0111 1656 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:31:25.0136 1656 sffp_mmc - ok
12:31:25.0160 1656 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:31:25.0162 1656 sffp_sd - ok
12:31:25.0194 1656 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:25.0196 1656 sfloppy - ok
12:31:25.0248 1656 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:31:25.0251 1656 SharedAccess - ok
12:31:25.0302 1656 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:31:25.0307 1656 ShellHWDetection - ok
12:31:25.0353 1656 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:25.0361 1656 SiSRaid2 - ok
12:31:25.0374 1656 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:25.0377 1656 SiSRaid4 - ok
12:31:25.0441 1656 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:31:25.0443 1656 SkypeUpdate - ok
12:31:25.0473 1656 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:31:25.0476 1656 Smb - ok
12:31:25.0529 1656 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:31:25.0531 1656 SNMPTRAP - ok
12:31:25.0643 1656 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
12:31:25.0660 1656 Sound Blaster X-Fi MB Licensing Service - ok
12:31:25.0719 1656 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:31:25.0721 1656 spldr - ok
12:31:25.0857 1656 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:31:25.0866 1656 Spooler - ok
12:31:26.0184 1656 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:31:26.0247 1656 sppsvc - ok
12:31:26.0314 1656 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:31:26.0333 1656 sppuinotify - ok
12:31:26.0448 1656 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:31:26.0456 1656 srv - ok
12:31:26.0647 1656 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:31:26.0653 1656 srv2 - ok
12:31:26.0668 1656 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:31:26.0671 1656 srvnet - ok
12:31:26.0730 1656 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:31:26.0733 1656 SSDPSRV - ok
12:31:26.0754 1656 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:31:26.0757 1656 SstpSvc - ok
12:31:27.0019 1656 [ DA7702025DFD169B909C4DA3126762CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
12:31:27.0023 1656 STacSV - ok
12:31:27.0057 1656 Steam Client Service - ok
12:31:27.0151 1656 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:31:27.0167 1656 stexstor - ok
12:31:27.0310 1656 [ CAF5A9708671B14B9670260735B22C4E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:31:27.0459 1656 STHDA - ok
12:31:27.0500 1656 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:31:27.0521 1656 StillCam - ok
12:31:27.0614 1656 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:31:27.0619 1656 stisvc - ok
12:31:27.0691 1656 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:31:27.0692 1656 storflt - ok
12:31:27.0786 1656 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
12:31:27.0841 1656 StorSvc - ok
12:31:27.0888 1656 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:31:27.0890 1656 storvsc - ok
12:31:27.0936 1656 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:31:27.0937 1656 swenum - ok
12:31:28.0034 1656 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:31:28.0039 1656 swprv - ok
12:31:28.0111 1656 [ 29AD5FF846E8939C10112F34CB2E334A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:31:28.0116 1656 SynTP - ok
12:31:28.0227 1656 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:31:28.0240 1656 SysMain - ok
12:31:28.0303 1656 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:31:28.0308 1656 TabletInputService - ok
12:31:28.0348 1656 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:31:28.0352 1656 TapiSrv - ok
12:31:28.0417 1656 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:31:28.0420 1656 TBS - ok
12:31:28.0579 1656 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:31:28.0619 1656 Tcpip - ok
12:31:28.0692 1656 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:31:28.0705 1656 TCPIP6 - ok
12:31:28.0800 1656 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:31:28.0801 1656 tcpipreg - ok
12:31:28.0853 1656 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:31:28.0855 1656 TDPIPE - ok
12:31:28.0913 1656 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:31:28.0916 1656 TDTCP - ok
12:31:28.0971 1656 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:31:29.0003 1656 tdx - ok
12:31:29.0061 1656 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:31:29.0062 1656 TermDD - ok
12:31:29.0180 1656 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:31:29.0223 1656 TermService - ok
12:31:29.0281 1656 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:31:29.0283 1656 Themes - ok
12:31:29.0362 1656 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:31:29.0364 1656 THREADORDER - ok
12:31:29.0407 1656 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:31:29.0410 1656 TrkWks - ok
12:31:29.0600 1656 [ D8AEE356F3500406ECDC24BB7C80A781 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
12:31:29.0609 1656 trufos - ok
12:31:29.0684 1656 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:31:29.0687 1656 TrustedInstaller - ok
12:31:29.0793 1656 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:29.0810 1656 tssecsrv - ok
12:31:29.0873 1656 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:31:29.0885 1656 TsUsbFlt - ok
12:31:29.0960 1656 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:31:30.0008 1656 tunnel - ok
12:31:30.0077 1656 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
12:31:30.0078 1656 TurboB - ok
12:31:30.0185 1656 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:31:30.0252 1656 TurboBoost - ok
12:31:30.0405 1656 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:31:30.0426 1656 uagp35 - ok
12:31:30.0587 1656 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:31:30.0683 1656 udfs - ok
12:31:30.0827 1656 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:31:30.0929 1656 UI0Detect - ok
12:31:30.0965 1656 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:31:30.0967 1656 uliagpkx - ok
12:31:31.0044 1656 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:31:31.0073 1656 umbus - ok
12:31:31.0106 1656 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:31:31.0123 1656 UmPass - ok
12:31:31.0143 1656 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:31:31.0150 1656 UmRdpService - ok
12:31:31.0376 1656 [ 2B1970C804C16D887C28246DB6078EC4 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
12:31:31.0377 1656 UPDATESRV - ok
12:31:31.0505 1656 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:31:31.0508 1656 upnphost - ok
12:31:31.0566 1656 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:31.0567 1656 usbccgp - ok
12:31:31.0613 1656 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:31:31.0629 1656 usbcir - ok
12:31:31.0708 1656 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:31:31.0784 1656 usbehci - ok
12:31:31.0837 1656 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:31:31.0894 1656 usbhub - ok
12:31:31.0942 1656 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:31:31.0945 1656 usbohci - ok
12:31:31.0996 1656 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:31:31.0998 1656 usbprint - ok
12:31:32.0050 1656 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:31:32.0073 1656 usbscan - ok
12:31:32.0142 1656 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
12:31:32.0186 1656 USBSTOR - ok
12:31:32.0237 1656 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:31:32.0254 1656 usbuhci - ok
12:31:32.0305 1656 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:31:32.0349 1656 usbvideo - ok
12:31:32.0445 1656 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:31:32.0448 1656 UxSms - ok
12:31:32.0488 1656 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:31:32.0490 1656 VaultSvc - ok
12:31:32.0534 1656 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:31:32.0535 1656 vdrvroot - ok
12:31:32.0643 1656 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:31:32.0678 1656 vds - ok
12:31:32.0753 1656 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:32.0766 1656 vga - ok
12:31:32.0852 1656 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:31:32.0854 1656 VgaSave - ok
12:31:32.0912 1656 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:31:32.0943 1656 vhdmp - ok
12:31:32.0999 1656 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:31:33.0011 1656 viaide - ok
12:31:33.0073 1656 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:31:33.0077 1656 vmbus - ok
12:31:33.0117 1656 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:31:33.0119 1656 VMBusHID - ok
12:31:33.0179 1656 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:31:33.0180 1656 volmgr - ok
12:31:33.0273 1656 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:31:33.0278 1656 volmgrx - ok
12:31:33.0453 1656 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:31:33.0476 1656 volsnap - ok
12:31:33.0521 1656 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:33.0526 1656 vsmraid - ok
12:31:33.0700 1656 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:31:33.0738 1656 VSS - ok
12:31:34.0165 1656 [ 65C72DCB05E151438DDAD72B941A972D ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
12:31:34.0228 1656 VSSERV - ok
12:31:34.0366 1656 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
12:31:34.0370 1656 vToolbarUpdater12.2.0 - ok
12:31:34.0557 1656 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:31:34.0564 1656 vwifibus - ok
12:31:34.0636 1656 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:31:34.0652 1656 vwififlt - ok
12:31:34.0705 1656 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:31:34.0706 1656 vwifimp - ok
12:31:34.0794 1656 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:31:34.0843 1656 W32Time - ok
12:31:34.0899 1656 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:31:34.0913 1656 WacomPen - ok
12:31:34.0983 1656 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:31:35.0039 1656 WANARP - ok
12:31:35.0047 1656 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:31:35.0049 1656 Wanarpv6 - ok
12:31:35.0137 1656 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:35.0159 1656 WatAdminSvc - ok
12:31:35.0341 1656 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:31:35.0369 1656 wbengine - ok
12:31:35.0456 1656 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:31:35.0462 1656 WbioSrvc - ok
12:31:35.0501 1656 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:31:35.0508 1656 wcncsvc - ok
12:31:35.0521 1656 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:31:35.0525 1656 WcsPlugInService - ok
12:31:35.0566 1656 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:31:35.0569 1656 Wd - ok
12:31:35.0721 1656 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:31:35.0765 1656 Wdf01000 - ok
12:31:35.0805 1656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:31:35.0807 1656 WdiServiceHost - ok
12:31:35.0818 1656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:31:35.0821 1656 WdiSystemHost - ok
12:31:35.0904 1656 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:31:35.0921 1656 WebClient - ok
12:31:36.0073 1656 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:31:36.0124 1656 Wecsvc - ok
12:31:36.0220 1656 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:31:36.0223 1656 wercplsupport - ok
12:31:36.0281 1656 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:31:36.0284 1656 WerSvc - ok
12:31:36.0338 1656 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:36.0340 1656 WfpLwf - ok
12:31:36.0529 1656 [ 971423A6B38DDC1501BF1752987DCFD6 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
12:31:36.0546 1656 WiMAXAppSrv - ok
12:31:36.0637 1656 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
12:31:36.0670 1656 WimFltr - ok
12:31:36.0704 1656 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:31:36.0832 1656 WIMMount - ok
12:31:36.0906 1656 WinDefend - ok
12:31:36.0927 1656 WinHttpAutoProxySvc - ok
12:31:37.0491 1656 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:31:37.0493 1656 Winmgmt - ok
12:31:37.0981 1656 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:31:38.0060 1656 WinRM - ok
12:31:38.0313 1656 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:31:38.0321 1656 Wlansvc - ok
12:31:38.0592 1656 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:31:38.0604 1656 wlidsvc - ok
12:31:38.0658 1656 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:31:38.0659 1656 WmiAcpi - ok
12:31:38.0775 1656 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:31:38.0777 1656 wmiApSrv - ok
12:31:38.0828 1656 WMPNetworkSvc - ok
12:31:38.0879 1656 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:31:38.0900 1656 WPCSvc - ok
12:31:38.0943 1656 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:31:38.0945 1656 WPDBusEnum - ok
12:31:38.0993 1656 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:31:38.0995 1656 ws2ifsl - ok
12:31:39.0048 1656 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:31:39.0050 1656 wscsvc - ok
12:31:39.0111 1656 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:31:39.0113 1656 WSDPrintDevice - ok
12:31:39.0121 1656 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:31:39.0123 1656 WSDScan - ok
12:31:39.0129 1656 WSearch - ok
12:31:39.0469 1656 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:31:39.0483 1656 wuauserv - ok
12:31:39.0645 1656 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:31:39.0657 1656 WudfPf - ok
12:31:39.0785 1656 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:39.0968 1656 WUDFRd - ok
12:31:40.0027 1656 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:31:40.0029 1656 wudfsvc - ok
12:31:40.0116 1656 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:31:40.0169 1656 WwanSvc - ok
12:31:40.0208 1656 ================ Scan global ===============================
12:31:40.0290 1656 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:31:40.0334 1656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:31:40.0342 1656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:31:40.0418 1656 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:31:40.0588 1656 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:31:40.0591 1656 [Global] - ok
12:31:40.0592 1656 ================ Scan MBR ==================================
12:31:40.0611 1656 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:31:41.0138 1656 \Device\Harddisk0\DR0 - ok
12:31:41.0140 1656 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:31:41.0144 1656 \Device\Harddisk1\DR1 - ok
12:31:41.0144 1656 ================ Scan VBR ==================================
12:31:41.0147 1656 [ 47A2B6601A482770DB82E6C7C1FB0314 ] \Device\Harddisk0\DR0\Partition1
12:31:41.0148 1656 \Device\Harddisk0\DR0\Partition1 - ok
12:31:41.0187 1656 [ 6A6B0AFBB8807427DC183BF4C2FEBBFF ] \Device\Harddisk0\DR0\Partition2
12:31:41.0189 1656 \Device\Harddisk0\DR0\Partition2 - ok
12:31:41.0192 1656 [ 43500DCCC4F0431C594B95377B54DAC3 ] \Device\Harddisk1\DR1\Partition1
12:31:41.0193 1656 \Device\Harddisk1\DR1\Partition1 - ok
12:31:41.0193 1656 ============================================================
12:31:41.0193 1656 Scan finished
12:31:41.0193 1656 ============================================================
12:31:41.0202 4572 Detected object count: 0
12:31:41.0202 4572 Actual detected object count: 0
12:33:51.0453 3788 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 15:14:31
-----------------------------
15:14:31.215 OS Version: Windows x64 6.1.7601 Service Pack 1
15:14:31.215 Number of processors: 8 586 0x1E05
15:14:31.216 ComputerName: ELECTRA UserName: Phillip
15:14:33.546 Initialize success
15:14:42.734 AVAST engine defs: 12092900
15:14:53.305 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:14:53.308 Disk 0 Vendor: Hitachi_HTS723232L9A360 FC4OC3AF Size: 305245MB BusType: 11
15:14:53.313 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:14:53.316 Disk 1 Vendor: Hitachi_HTS723232L9A360 FC4OC3AF Size: 305245MB BusType: 11
15:14:53.332 Disk 0 MBR read successfully
15:14:53.338 Disk 0 MBR scan
15:14:53.383 Disk 0 Windows VISTA default MBR code
15:14:53.397 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:14:53.452 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
15:14:53.483 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
15:14:53.527 Disk 0 scanning C:\Windows\system32\drivers
15:15:23.091 Service scanning
15:15:36.896 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
15:16:08.110 Modules scanning
15:16:08.127 Disk 0 trace - called modules:
15:16:08.193 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:16:08.202 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d96790]
15:16:08.212 3 CLASSPNP.SYS[fffff880017b543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b16680]
15:16:11.258 AVAST engine scan C:\Windows
15:16:14.975 AVAST engine scan C:\Windows\system32
15:22:08.047 AVAST engine scan C:\Windows\system32\drivers
15:22:40.315 AVAST engine scan C:\Users\Phillip
15:36:19.714 AVAST engine scan C:\ProgramData
15:40:51.640 Scan finished successfully
15:41:40.733 Disk 0 MBR has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 2\MBR.dat"
15:41:40.774 The log file has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 2\aswMBR.txt"
15:44:13.884 Disk 0 MBR has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 4\MBR.dat"
15:44:13.914 The log file has been saved successfully to "C:\Users\Phillip\Desktop\Computer Logs\Round 4\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 29 September 2012 - 03:26 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 29 September 2012 - 05:11 PM

We may have made some progress: I have successfully run Windows updates.

However am I still having the same problem that developed after running ComboFix per your instructions on September 26: Internet Explorer performance is so poor (i.e. verrrrry slow & often stops responding) that I now use Firefox to access the web. I'm also still having these problems that I first described:

My Computer's Status:

1. Clicking on result links of Google searches are still re-directed to another crude list of search results;
2. I am still monitoring for random audio, although I haven't experienced it yet today; and
3. I'm still getting constant Malwarebytes Anti-Malware notifications that it's blocking outbound comms to "a potentially malicious website" with IPs in the range of 112.175.234.21 - 24 at various ports with an ever-increasing range from 5xxxx on up.

***

OTL logfile created on: 9/29/2012 4:57:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phillip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 70.77% Memory free
19.75 Gb Paging File | 17.06 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): c:\pagefile.sys 50 50d:\pagefile. [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 228.04 Gb Free Space | 80.46% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 286.24 Gb Free Space | 96.02% Space Free | Partition Type: NTFS

Computer Name: ELECTRA | User Name: Phillip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Phillip\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
MOD - C:\Program Files\Backup Assistant Plus\swscale-0.dll ()
MOD - C:\Program Files\Backup Assistant Plus\avutil-50.dll ()
MOD - C:\Program Files\Backup Assistant Plus\avcodec-52.dll ()
MOD - C:\Program Files\Backup Assistant Plus\avformat-52.dll ()
MOD - C:\Program Files\Backup Assistant Plus\libexpat.dll ()
MOD - C:\Program Files\Backup Assistant Plus\sqlite3.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (GsServer) -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe ()
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater12.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{25693887-54AC-42A2-B2D0-CFA6985806F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKLM\..\SearchScopes\{DEE78FF2-30F7-4F59-B090-A364485A6186}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes,DefaultScope = {C0F62AA1-5C65-4570-87EC-C2805E40783B}
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes\{C0F62AA1-5C65-4570-87EC-C2805E40783B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/28 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/28 20:44:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/21 09:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phillip\AppData\Roaming\Mozilla\Extensions
[2012/09/28 20:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/28 20:44:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 22:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/24 22:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/28 20:27:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001..\Run: [Akamai NetSession Interface] C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10B3D98C-1874-46BC-B263-4E7B72C1E789}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C42F895-100D-42F4-9BD1-FCCF8BE30242}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 16:55:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phillip\Desktop\OTL.exe
[2012/09/29 12:56:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Phillip\Desktop\aswMBR.exe
[2012/09/28 20:47:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/28 20:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/28 20:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/28 20:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/09/28 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Local\Conduit
[2012/09/28 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_US_New
[2012/09/28 20:35:25 | 000,680,032 | ---- | C] (OptimumInstaller) -- C:\Users\Phillip\Desktop\Mozilla_FireFox_Setup.exe
[2012/09/28 19:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 19:04:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 19:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/28 03:25:54 | 000,145,696 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2012/09/28 03:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/28 03:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/28 03:14:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/27 22:46:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/27 22:46:22 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Local\temp
[2012/09/27 21:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2012/09/27 20:52:07 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/09/27 20:52:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/27 20:52:01 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/09/27 20:52:01 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/09/27 20:51:56 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/09/27 20:51:54 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/09/27 20:51:53 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/09/27 20:51:53 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/09/27 20:51:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/09/27 20:51:53 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/09/27 20:51:53 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/09/27 20:51:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/09/27 20:51:53 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/09/27 20:51:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/09/27 20:51:52 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/09/27 20:51:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/09/27 20:51:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/09/27 20:51:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/09/27 20:51:44 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/09/27 20:51:44 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/09/27 20:51:43 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/27 20:51:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/27 20:51:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/27 20:51:42 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/09/27 20:51:41 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/09/27 20:51:39 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/09/27 20:51:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/09/27 20:51:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/27 20:51:33 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/27 20:51:20 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/27 20:51:20 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/27 20:51:19 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/09/27 20:51:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 20:51:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/09/27 20:51:08 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/09/27 20:51:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/27 20:51:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/27 20:51:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/27 20:51:04 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/09/27 20:51:04 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/09/27 20:50:53 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/09/27 20:50:53 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/09/27 20:50:53 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/09/27 20:50:53 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/09/27 20:50:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/09/27 20:50:53 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/09/27 20:50:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/09/27 20:50:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/09/27 20:50:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/09/27 20:50:40 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/26 18:57:21 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\Phillip\Desktop\ComboFix.exe
[2012/09/26 17:33:03 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Phillip\Desktop\tdsskiller.exe
[2012/09/25 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\RK_Quarantine
[2012/09/25 19:00:26 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\Computer Logs
[2012/09/23 13:46:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Phillip\Desktop\dds.com
[2012/09/19 18:49:34 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Roaming\Malwarebytes
[2012/09/19 18:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/14 17:33:37 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2012/09/14 17:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2012/09/14 17:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/09/14 17:02:54 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2012/09/14 17:02:54 | 000,082,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/09/14 17:02:50 | 000,577,248 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/09/14 17:02:50 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/09/14 17:02:49 | 000,700,384 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/09/14 16:49:51 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Roaming\Bitdefender
[2012/09/14 16:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/09/14 16:48:48 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Roaming\QuickScan
[2012/09/14 16:44:41 | 000,350,160 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/09/14 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/09/14 16:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/09/09 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\Bleep
[2012/09/09 18:54:45 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Local\WinZip
[2012/09/09 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/09/09 18:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/09/09 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/09/09 18:52:49 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/09 18:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/07 04:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VUDUToGo
[2012/09/05 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/09/05 15:30:58 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\Christmas 2012
[3 C:\Users\Phillip\Desktop\*.tmp files -> C:\Users\Phillip\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/29 16:57:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/29 16:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phillip\Desktop\OTL.exe
[2012/09/29 15:25:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/09/29 15:19:30 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 15:19:30 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 15:17:16 | 000,783,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/29 15:17:16 | 000,663,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/29 15:17:16 | 000,122,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/29 15:13:51 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/09/29 15:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/29 15:10:34 | 2138,447,871 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/29 12:56:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Phillip\Desktop\aswMBR.exe
[2012/09/28 20:41:12 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/28 20:40:29 | 000,000,009 | ---- | M] () -- C:\END
[2012/09/28 20:35:31 | 000,680,032 | ---- | M] (OptimumInstaller) -- C:\Users\Phillip\Desktop\Mozilla_FireFox_Setup.exe
[2012/09/28 20:27:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/28 20:15:25 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\Phillip\Desktop\ComboFix.exe
[2012/09/28 20:06:56 | 000,000,134 | ---- | M] () -- C:\Users\Phillip\Desktop\Internet Explorer Troubleshooting.url
[2012/09/28 19:04:31 | 000,001,135 | ---- | M] () -- C:\Users\Phillip\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/28 19:04:31 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/28 16:31:23 | 000,426,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/28 03:31:40 | 000,777,376 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/28 03:25:54 | 000,145,696 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2012/09/26 17:33:04 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Phillip\Desktop\tdsskiller.exe
[2012/09/25 19:15:52 | 001,391,616 | ---- | M] () -- C:\Users\Phillip\Desktop\RogueKiller.exe
[2012/09/25 19:07:19 | 000,513,501 | ---- | M] () -- C:\Users\Phillip\Desktop\adwcleaner.exe
[2012/09/25 18:57:08 | 000,881,724 | ---- | M] () -- C:\Users\Phillip\Desktop\SecurityCheck.exe
[2012/09/23 13:46:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Phillip\Desktop\dds.com
[2012/09/14 17:33:37 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2012/09/14 17:04:27 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012/09/14 17:03:40 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2012/09/14 17:03:40 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2012/09/14 17:03:40 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2012/09/14 17:03:27 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012/09/14 17:03:27 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2013.lnk
[2012/09/14 17:03:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/09/09 18:53:57 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/09/09 18:52:49 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/09 17:56:19 | 000,000,000 | ---- | M] () -- C:\Users\Phillip\defogger_reenable
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 04:23:10 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VUDUToGo.lnk
[2012/09/05 13:15:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[3 C:\Users\Phillip\Desktop\*.tmp files -> C:\Users\Phillip\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 20:41:12 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/28 20:41:12 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/28 20:40:29 | 000,000,009 | ---- | C] () -- C:\END
[2012/09/28 20:06:56 | 000,000,134 | ---- | C] () -- C:\Users\Phillip\Desktop\Internet Explorer Troubleshooting.url
[2012/09/28 19:04:31 | 000,001,135 | ---- | C] () -- C:\Users\Phillip\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/28 19:04:31 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 19:15:52 | 001,391,616 | ---- | C] () -- C:\Users\Phillip\Desktop\RogueKiller.exe
[2012/09/25 19:07:18 | 000,513,501 | ---- | C] () -- C:\Users\Phillip\Desktop\adwcleaner.exe
[2012/09/25 18:57:08 | 000,881,724 | ---- | C] () -- C:\Users\Phillip\Desktop\SecurityCheck.exe
[2012/09/14 17:04:27 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012/09/14 17:03:40 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2012/09/14 17:03:27 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012/09/14 17:03:27 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2013.lnk
[2012/09/14 17:03:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/09/14 16:49:49 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01
[2012/09/14 16:49:49 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2012/09/14 16:49:48 | 037,134,407 | -H-- | C] () -- C:\bdr-im01.gz
[2012/09/14 16:49:48 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2012/09/09 18:53:57 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/09/09 17:56:19 | 000,000,000 | ---- | C] () -- C:\Users\Phillip\defogger_reenable
[2012/09/07 04:23:10 | 000,000,885 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDUToGo.lnk
[2012/09/07 04:23:10 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VUDUToGo.lnk
[2012/08/02 22:11:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/02 22:11:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/02 22:11:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/02 22:11:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/02 22:11:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/03 11:17:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/18 05:47:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2011/11/12 12:12:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/09/23 06:46:47 | 000,000,632 | RHS- | C] () -- C:\Users\Phillip\ntuser.pol
[2011/08/09 14:13:04 | 000,007,636 | ---- | C] () -- C:\Users\Phillip\AppData\Local\Resmon.ResmonCfg
[2011/04/29 22:51:12 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2010/12/31 17:07:52 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/04 19:57:09 | 000,777,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/08 19:08:54 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 30 September 2012 - 05:25 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [FAStartup] File not found
    O8:64bit: - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
    O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    IE - HKLM\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes,DefaultScope = {C0F62AA1-5C65-4570-87EC-C2805E40783B}
    IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    IE - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    O2 - BHO: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4063261598-1715823508-398942870-1001\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
    [2012/09/28 20:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/09/28 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Local\Conduit
    [2012/09/28 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_US_New
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 03 October 2012 - 07:17 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 voxanomaly

voxanomaly
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 03 October 2012 - 09:05 PM

Hola -

Apologies for being out of touch - I'm on the road at the behest of my employer. I ran the script you provided and my Google searches are no longer being redirected, which is great. However, IE Google searches result in IE stops responding and are painfully slow in Firefox. I haven't heard random audio in quite a while. I ran the script before I left home and was still receiving notices of blocked traffic from Malwarebytes, but when I've accessed the Internet during my trip the notifications have not appeared. I'll be back home on Friday and more attentive to resolving this issue. i very much appreciate your help.

Regards,

Phillip

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 04 October 2012 - 12:23 AM

hello

no problem and thanks for letting me know

the problem is only when you are home correct?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users