Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with iLivid inline popups and redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 Raymond M.

Raymond M.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 28 September 2012 - 05:05 PM

I have been infected with malware that produces inline popups and sometimes redirects the webpage either in the tab currently using or the page in a different tab. This occurs in IE8, FireFox and Chrome.

In December 2010 I was infected with malware with the Trojan:Win32/FakeSysdef which I removed manually pursuant to instructions from ThreatExpert.com

I am running WIN7 64 Bit (so I have not done a GMER scan as per your instructions). Below are the contents of the DDS.txt file. I have also attached the Attach.txt file persuant to your instructions as well. Attached File  Attach.txt   15.21KB   2 downloadsAttached File  Attach.txt   15.21KB   2 downloads

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Raymond at 17:39:56 on 2012-09-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3999.2063 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Users\Raymond\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\BellCanada\PC Screen\PCScreen.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files (x86)\Nuance\PDF Professional 5\bin\PDFDirect.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin


\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live


\WindowsLiveLogin.dll
BHO: DeskBandHelper Class: {9e0b5480-4ff0-4fee-818b-d4db0f220d64} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX


\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
TB: PCLaw Web Timer: {0e1230f8-ea50-42a9-983c-d22abc2eed4b} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Raymond\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Raymond\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\lib\digsby-app.exe
StartupFolder: C:\Users\Raymond\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Raymond\AppData\Roaming\Dropbox\bin


\Dropbox.exe
StartupFolder: C:\Users\Raymond\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PCScreen.lnk - C:\Program Files (x86)\BellCanada\PC Screen


\PCScreen.exe
StartupFolder: C:\Users\Raymond\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEESMI~1.LNK - C:\Program Files (x86)\Microsoft Silverlight


\sllauncher.exe
StartupFolder: C:\Users\Raymond\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer


\skypeieplugin.dll
IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing


\hpswp_BHO.dll
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://dpsl.webex.com/client/T27LB/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 67.69.184.199 67.69.184.7
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2} : DhcpNameServer = 67.69.184.199 67.69.184.7
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2}\247502F447F6E6162656560294E6E6 : DhcpNameServer = 172.16.48.2
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2}\45F627F6E647F602055726C6963602C4962627162797 : DhcpNameServer = 206.191.0.140 206.191.0.210 4.2.2.4
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2}\46C696E6B6 : DhcpNameServer = 67.69.184.199 67.69.184.7
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2}\54C66796370296370234F6F6C6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{15BF10AD-99EB-4C6E-9D6F-48DC4BCFCEC2}\95F627B6 : DhcpNameServer = 64.71.255.198
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files (x86)\QuickTax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin


\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie


\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live


\WindowsLiveLogin.dll
BHO-X64: DeskBandHelper Class: {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX


\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
TB-X64: PCLaw Web Timer: {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files (x86)\LexisNexis\PCLaw\plietool.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin


\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
Hosts: 64.27.10.42 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\ispin0gu.default\
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Raymond\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 lfsfilt;NDAS Lean File Sharing Service;C:\Windows\system32\DRIVERS\lfsfilt.sys --> C:\Windows\system32\DRIVERS\lfsfilt.sys [?]
R0 lpx;LPX Protocol;C:\Windows\system32\DRIVERS\lpx6x.sys --> C:\Windows\system32\DRIVERS\lpx6x.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 ndasfs;ndasfs;C:\Windows\system32\DRIVERS\ndasfs.sys --> C:\Windows\system32\DRIVERS\ndasfs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 c2scsi64;c2scsi64;C:\Windows\system32\DRIVERS\c2scsi64.sys --> C:\Windows\system32\DRIVERS\c2scsi64.sys [?]
R1 ndasfat;NDAS FAT File System Service;C:\Windows\system32\DRIVERS\ndasfat.sys --> C:\Windows\system32\DRIVERS\ndasfat.sys [?]
R1 ndasrofs;NDAS ROFS File System Service;C:\Windows\system32\DRIVERS\ndasrofs.sys --> C:\Windows\system32\DRIVERS\ndasrofs.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2


89600]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
R2 BayerHealthcareService;BayerHealthcareService;C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [2011-6-1 155648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-2-27 144672]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-3 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 ndasbus;NDAS Bus Driver;C:\Windows\system32\DRIVERS\ndasbus.sys --> C:\Windows\system32\DRIVERS\ndasbus.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18


138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]
S2 Print Spooler;Print Spooler;C:\Windows\system32\spoolsv.exe --> C:\Windows\system32\spoolsv.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250288]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys --> C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys


[?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\Windows\system32\DRIVERS\ndasscsi.sys --> C:\Windows\system32\DRIVERS\ndasscsi.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-28 14:48:18 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15012A8B-188B-4F5F-9FB5-


8686ED4C9D59}\mpengine.dll
2012-09-27 21:09:46 -------- d-----w- C:\Program Files\iPod
2012-09-27 21:09:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-27 21:09:45 -------- d-----w- C:\Program Files\iTunes
2012-09-27 21:09:45 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-27 14:40:30 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9136A9B-7E67-470B-AD4C-


2F506EFE39A3}\gapaengine.dll
2012-09-27 14:40:12 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 14:05:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-12 14:12:48 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 14:12:47 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 14:12:46 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 14:12:46 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 14:12:45 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 14:12:45 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:12:45 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-09 03:04:44 315904 ----a-w- C:\Windows\IsUninst.exe
2012-09-09 03:01:03 -------- d-----w- C:\Hexen II
2012-09-04 21:25:15 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-04 19:47:45 -------- d-----w- C:\ProgramData\Canon
2012-09-01 02:36:35 208896 ----a-w- C:\Windows\SysWow64\FFRafShellEx.dll
2012-09-01 02:36:34 233472 ----a-w- C:\Windows\SysWow64\RFCLauncher.exe
2012-09-01 02:36:34 -------- d-----w- C:\Program Files (x86)\RAF
2012-09-01 02:36:12 -------- d-----w- C:\Users\Raymond\AppData\Local\FUJIFILM
2012-09-01 02:34:29 -------- d-----w- C:\ProgramData\FUJIFILM
2012-09-01 02:34:04 -------- d-----w- C:\Program Files (x86)\FUJIFILM
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M ====================
.
2012-09-21 18:13:13 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 18:13:13 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-27 19:30:11 276256 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 17:42:41.95 ===============


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 28 September 2012 - 07:40 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 30 September 2012 - 07:40 PM

Gringo,

Here is the contents of checkup.txt which was created after I ran Security Check.

-----------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 23
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Raymond Downloads Malware Stuff SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


Raymond.

#4 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 30 September 2012 - 08:03 PM

Gringo,

Here is the contents of AdwCleaner[S1].txt created after running AdwCleaner:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 20:42:41
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Raymond - RAYMOND-PC
# Boot Mode : Normal
# Running from : C:\Users\Raymond\Downloads\Malware Stuff\adwcleaner.exe
# Option [Delete]



***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Raymond\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v7.0.1 (en-US)

Profile name : default
File : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\ispin0gu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1705 octets] - [30/09/2012 20:41:52]
AdwCleaner[S2].txt - [2093 octets] - [30/09/2012 20:42:41]

########## EOF - C:\AdwCleaner[S2].txt - [2153 octets] ##########
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Raymond.




#5 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 30 September 2012 - 08:21 PM

Gringo,

Here are the contents of the RKreport[2].txt file created by RogueKiller:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com


Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Raymond [Admin rights]
Mode : Remove -- Date : 09/30/2012 21:15:10


¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELL][SUSP PATH] [ON_J:Amanda]HKCU[...]\Winlogon : Shell (explorer.exe,C:\Documents and


Settings\Amanda\Application Data\Microsoft\Windows\shell.exe) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> J:\windows\system32\config\SOFTWARE
-> J:\Documents and Settings\Administrator\NTUSER.DAT
-> J:\Documents and Settings\All Users\NTUSER.DAT
-> J:\Documents and Settings\Amanda\NTUSER.DAT
-> J:\Documents and Settings\Dad\NTUSER.DAT
-> J:\Documents and Settings\Default User\NTUSER.DAT
-> J:\Documents and Settings\HP_Administrator\NTUSER.DAT
-> J:\Documents and Settings\LocalService\NTUSER.DAT
-> J:\Documents and Settings\Mom\NTUSER.DAT
-> J:\Documents and Settings\NetworkService\NTUSER.DAT


¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] f47be77ac263a48b319ad1d966b4448a
[BSP] b0f92fa3de0ea22251ee298e1006f0e4 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 282590 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 578746368 | Size: 10239 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599717888 | Size: 12411 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: NDAS HDT722520DLA380 SCSI Disk Device +++++
--- User ---
[MBR] f1167b734eb6e23b98129583cfdd8ef1
[BSP] 137fb9128f5a6d5e0febfc932bdb3206 : Whistler/Sinowal MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 181719 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 372177855 | Size: 9052 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Raymond.




#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 01 October 2012 - 01:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 01 October 2012 - 11:06 AM

Gringo,


Thank you for your response. I have not run Combofix yet. I will do so this evening.



I can advise, however, that the inline popups and redirections still occur and that IE8 is now very slow in loading pages. (I cannot upgrade to IE9 because a program I use for my business requires IE8) The speed in which pages are loaded in Chrome is normal.


Raymond.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 01 October 2012 - 09:57 PM

OK no problem and I will check on you in the morning


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 03 October 2012 - 10:23 PM

Gringo,

I've run ComboFix and I've pasted the log below:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 12-09-30.03 - Raymond 10/03/12 22:03:28.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3999.2085 [GMT -4:00]
Running from: c:\users\Raymond\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Raymond\Documents\~WRL0248.tmp
c:\windows\SysWow64\.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Print Spooler
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 02:18 . 2012-10-04 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 02:18 . 2012-10-04 02:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-27 21:09 . 2012-09-27 21:09 -------- d-----w- c:\program files\iPod
2012-09-27 21:09 . 2012-09-27 21:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-27 21:09 . 2012-09-27 21:11 -------- d-----w- c:\program files\iTunes
2012-09-27 21:09 . 2012-09-27 21:11 -------- d-----w- c:\program files (x86)\iTunes
2012-09-26 14:05 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 14:12 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:12 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:12 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:12 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:12 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:12 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:12 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 03:04 . 1997-08-26 16:06 315904 ----a-w- c:\windows\IsUninst.exe
2012-09-09 03:01 . 2012-09-09 03:08 -------- d-----w- C:\Hexen II
2012-09-04 21:25 . 2012-09-04 21:25 -------- d-----w- c:\program files (x86)\Canon
2012-09-04 19:47 . 2012-09-04 19:47 -------- d-----w- c:\programdata\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 14:40 . 2012-09-27 14:40 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9136A9B-7E67-470B-AD4C-2F506EFE39A3}\gapaengine.dll
2012-09-21 18:13 . 2012-03-30 00:17 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 18:13 . 2011-05-18 03:24 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 15:50 . 2010-01-07 21:15 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 07:27 . 2012-10-03 03:24 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79CE9248-1B0E-454D-8B5A-8A80950A5908}\mpengine.dll
2012-08-30 07:27 . 2012-10-02 01:01 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-27 19:30 . 2011-10-28 20:42 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-07-18 18:15 . 2012-08-16 02:58 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 17:36 220608 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 17:36 220608 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 17:36 220608 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\lib\digsby-app.exe [2011-6-22 123928]
Dropbox.lnk - c:\users\Raymond\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
PCScreen.lnk - c:\program files (x86)\BellCanada\PC Screen\PCScreen.exe [2010-1-29 905216]
Seesmic Desktop 2.lnk - c:\program files (x86)\Microsoft Silverlight\sllauncher.exe [2012-4-11 387152]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-2 2380752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Outlook.lnk - c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2012-5-3 13006952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-08-27 276256]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-02-02 37456]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys [2009-08-23 438760]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]
S1 c2scsi64;c2scsi64;c:\windows\system32\DRIVERS\c2scsi64.sys [2009-07-24 167920]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys [2009-08-23 639464]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys [2009-08-23 1059304]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-03 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 BayerHealthcareService;BayerHealthcareService;c:\program files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [2011-06-01 155648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-03-03 64000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:13]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 03:49]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 03:49]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027720761-674895077-4024683169-1000Core.job
- c:\users\Raymond\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 02:13]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3027720761-674895077-4024683169-1000UA.job
- c:\users\Raymond\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 02:13]
.
2012-09-23 c:\windows\Tasks\HPCeeScheduleForRaymond.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B9ED644-4774-4EAE-B680-193C1F039840}]
2010-05-27 14:04 581968 ----a-w- c:\program files (x86)\LexisNexis\PCLaw\PLIETOOL64.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DE63312D-8242-48F7-9046-9914FA6E6C5E}"= "c:\program files (x86)\LexisNexis\PCLaw\plietool64.dll" [2010-05-27 581968]
.
[HKEY_CLASSES_ROOT\CLSID\{DE63312D-8242-48F7-9046-9914FA6E6C5E}]
[HKEY_CLASSES_ROOT\PLIETool64.PLIEToolObj64.1]
[HKEY_CLASSES_ROOT\TypeLib\{E1C481A3-9C0E-4C64-AF8E-17E6812D59AA}]
[HKEY_CLASSES_ROOT\PLIETool64.PLIEToolObj64]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-17 17:36 244672 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-17 17:36 244672 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-17 17:36 244672 ----a-w- c:\users\Raymond\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Raymond\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ca.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files (x86)\LexisNexis\PCLaw\plietool.dll
IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files (x86)\LexisNexis\PCLaw\plietool.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files (x86)\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
FF - ProfilePath - c:\users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\ispin0gu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-OutlookConveyAddIn - c:\windows\system32\DpCAddin.exe
AddRemove-XXClone - c:\windows\SYSTEM32\xxclone.exe
AddRemove-1144749205.www.silverlight.net - c:\program files (x86)\Microsoft Silverlight\4.0.50524.0\Silverlight.Configuration.exe
AddRemove-868651321.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
AddRemove-Glucofacts Deluxe Updater 2.0 - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\xampp\mysql\bin\mysqld --defaults-file=c:\xampp\mysql\bin\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe
.
**************************************************************************
.
Completion time: 2012-10-03 22:34:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 02:34
.
Pre-Run: 30,958,960,640 bytes free
Post-Run: 33,220,558,848 bytes free
.
- - End Of File - - 3DA0906363625B92874D400EC54A7108

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

In the half an hour since running ComboFix I have not had any inline popups or redirects in either IE8 or Chrome.

However, IE8 is still running slower than normal. Not as bad as it was yesterday, but still slower. Yesterday I used IE8 without add ons and it was fine. I've disabled every add on except Flash, Adobe PDF reader and all the Microsoft addons and it's still slow.

Raymond.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 04 October 2012 - 12:17 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 04 October 2012 - 12:15 PM

Gringo,

I've run both the FixIt and the other instructions. IE8 is still slow.

I should clarify what I mean by being slow.

Sometimes the page will take a long time to load.

Sometimes the page will load but I will have to wait in order to scroll down.

When it's a login page, Google or this page, where I need to type something in, I need to wait in order to do so.

All of this started happening after running RogueKiller. (I didn't notice these problems after running SecurityCheck and AdwCleaner, although it's possible one of those programs caused it).

Raymond.




#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 04 October 2012 - 02:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 04 October 2012 - 08:44 PM

Gringo,

I ran TDSSKiller. When the computer reooted it ran again. It found a rootkit on the first scan and the second scan was clean.

Here is the report:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

21:04:46.0402 5476 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:04:46.0788 5476 ============================================================
21:04:46.0789 5476 Current date / time: 2012/10/04 21:04:46.0788
21:04:46.0789 5476 SystemInfo:
21:04:46.0789 5476
21:04:46.0789 5476 OS Version: 6.1.7601 ServicePack: 1.0
21:04:46.0789 5476 Product type: Workstation
21:04:46.0789 5476 ComputerName: RAYMOND-PC
21:04:46.0789 5476 UserName: Raymond
21:04:46.0789 5476 Windows directory: C:\Windows
21:04:46.0789 5476 System windows directory: C:\Windows
21:04:46.0789 5476 Running under WOW64
21:04:46.0789 5476 Processor architecture: Intel x64
21:04:46.0789 5476 Number of processors: 2
21:04:46.0789 5476 Page size: 0x1000
21:04:46.0789 5476 Boot type: Normal boot
21:04:46.0789 5476 ============================================================
21:04:48.0257 5476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:48.0282 5476 Drive \Device\Harddisk2\DR2 - Size: 0x2E93C30000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:04:48.0312 5476 ============================================================
21:04:48.0312 5476 \Device\Harddisk0\DR0:
21:04:48.0312 5476 MBR partitions:
21:04:48.0312 5476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x227EF7C0
21:04:48.0312 5476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x227EF800, BlocksNum 0x13FF800
21:04:48.0312 5476 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23BEF800, BlocksNum 0x183D800
21:04:48.0312 5476 \Device\Harddisk2\DR2:
21:04:48.0322 5476 MBR partitions:
21:04:48.0322 5476 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162EBCBF
21:04:48.0322 5476 \Device\Harddisk2\DR2\Partition2: MBR, Type 0xC, StartLBA 0x162EFBBF, BlocksNum 0x11AE202
21:04:48.0322 5476 ============================================================
21:04:48.0327 5476 C: <-> \Device\Harddisk0\DR0\Partition1
21:04:48.0377 5476 D: <-> \Device\Harddisk0\DR0\Partition3
21:04:48.0432 5476 F: <-> \Device\Harddisk0\DR0\Partition2
21:04:48.0537 5476 J: <-> \Device\Harddisk2\DR2\Partition1
21:04:48.0562 5476 K: <-> \Device\Harddisk2\DR2\Partition2
21:04:48.0562 5476 ============================================================
21:04:48.0562 5476 Initialize success
21:04:48.0562 5476 ============================================================
21:05:15.0599 7160 ============================================================
21:05:15.0599 7160 Scan started
21:05:15.0599 7160 Mode: Manual;
21:05:15.0599 7160 ============================================================
21:05:16.0319 7160 ================ Scan system memory ========================
21:05:16.0319 7160 System memory - ok
21:05:16.0319 7160 ================ Scan services =============================
21:05:16.0604 7160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:05:16.0609 7160 1394ohci - ok
21:05:16.0779 7160 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
21:05:16.0799 7160 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
21:05:16.0904 7160 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:05:16.0904 7160 Accelerometer - ok
21:05:16.0974 7160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:05:16.0979 7160 ACPI - ok
21:05:17.0039 7160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:05:17.0039 7160 AcpiPmi - ok
21:05:17.0119 7160 [ 7B65F9F3036AA063015C359B5210E250 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:05:17.0134 7160 AcrSch2Svc - ok
21:05:17.0289 7160 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:05:17.0289 7160 AdobeARMservice - ok
21:05:17.0499 7160 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:05:17.0504 7160 AdobeFlashPlayerUpdateSvc - ok
21:05:17.0589 7160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:05:17.0604 7160 adp94xx - ok
21:05:17.0664 7160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:05:17.0674 7160 adpahci - ok
21:05:17.0689 7160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:05:17.0694 7160 adpu320 - ok
21:05:17.0759 7160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:05:17.0759 7160 AeLookupSvc - ok
21:05:17.0964 7160 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
21:05:17.0964 7160 AESTFilters - ok
21:05:18.0054 7160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:05:18.0069 7160 AFD - ok
21:05:18.0164 7160 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
21:05:18.0199 7160 AgereSoftModem - ok
21:05:18.0264 7160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:05:18.0264 7160 agp440 - ok
21:05:18.0319 7160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:05:18.0319 7160 ALG - ok
21:05:18.0369 7160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:05:18.0369 7160 aliide - ok
21:05:18.0429 7160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:05:18.0429 7160 amdide - ok
21:05:18.0499 7160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:05:18.0499 7160 AmdK8 - ok
21:05:18.0524 7160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:05:18.0529 7160 AmdPPM - ok
21:05:18.0584 7160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:05:18.0589 7160 amdsata - ok
21:05:18.0629 7160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:05:18.0634 7160 amdsbs - ok
21:05:18.0689 7160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:05:18.0689 7160 amdxata - ok
21:05:18.0919 7160 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 C:\xampp\apache\bin\httpd.exe
21:05:18.0919 7160 Apache2.2 - ok
21:05:18.0984 7160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:05:18.0984 7160 AppID - ok
21:05:19.0044 7160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:05:19.0049 7160 AppIDSvc - ok
21:05:19.0114 7160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:05:19.0114 7160 Appinfo - ok
21:05:19.0234 7160 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:05:19.0234 7160 Apple Mobile Device - ok
21:05:19.0314 7160 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:05:19.0319 7160 AppMgmt - ok
21:05:19.0379 7160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:05:19.0379 7160 arc - ok
21:05:19.0404 7160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:05:19.0404 7160 arcsas - ok
21:05:19.0639 7160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:05:19.0639 7160 aspnet_state - ok
21:05:19.0694 7160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:05:19.0694 7160 AsyncMac - ok
21:05:19.0744 7160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:05:19.0749 7160 atapi - ok
21:05:19.0809 7160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:05:19.0829 7160 AudioEndpointBuilder - ok
21:05:19.0844 7160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:05:19.0849 7160 AudioSrv - ok
21:05:19.0949 7160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:05:19.0954 7160 AxInstSV - ok
21:05:20.0014 7160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:05:20.0019 7160 b06bdrv - ok
21:05:20.0084 7160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:05:20.0089 7160 b57nd60a - ok
21:05:20.0169 7160 [ 7B187A0F9ACB143E09A40393360B8202 ] BayerHealthcareService C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
21:05:20.0174 7160 BayerHealthcareService - ok
21:05:20.0319 7160 [ 0E14A0071FE26A570BCAFF5401014717 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:05:20.0339 7160 BCM43XX - ok
21:05:20.0389 7160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:05:20.0389 7160 BDESVC - ok
21:05:20.0454 7160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:05:20.0454 7160 Beep - ok
21:05:20.0549 7160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:05:20.0569 7160 BFE - ok
21:05:20.0609 7160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:05:20.0634 7160 BITS - ok
21:05:20.0704 7160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:05:20.0704 7160 blbdrive - ok
21:05:20.0834 7160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:05:20.0844 7160 Bonjour Service - ok
21:05:20.0899 7160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:05:20.0904 7160 bowser - ok
21:05:20.0924 7160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:05:20.0924 7160 BrFiltLo - ok
21:05:20.0939 7160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:05:20.0944 7160 BrFiltUp - ok
21:05:21.0004 7160 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:05:21.0004 7160 BridgeMP - ok
21:05:21.0174 7160 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
21:05:21.0174 7160 Brother XP spl Service - ok
21:05:21.0224 7160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:05:21.0229 7160 Browser - ok
21:05:21.0284 7160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
21:05:21.0289 7160 Brserid - ok
21:05:21.0304 7160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:05:21.0304 7160 BrSerWdm - ok
21:05:21.0334 7160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:05:21.0334 7160 BrUsbMdm - ok
21:05:21.0354 7160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
21:05:21.0354 7160 BrUsbSer - ok
21:05:21.0384 7160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:05:21.0389 7160 BTHMODEM - ok
21:05:21.0444 7160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:05:21.0449 7160 bthserv - ok
21:05:21.0514 7160 [ 59626AB5920F316BDBFDC8B47521A882 ] c2scsi64 C:\Windows\system32\DRIVERS\c2scsi64.sys
21:05:21.0514 7160 c2scsi64 - ok
21:05:21.0754 7160 [ 4D8ECC2E3E7BF5EC0D45B6DE14B453C8 ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
21:05:21.0894 7160 Canon Driver Information Assist Service - ok
21:05:21.0959 7160 catchme - ok
21:05:22.0004 7160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:05:22.0004 7160 cdfs - ok
21:05:22.0079 7160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:05:22.0079 7160 cdrom - ok
21:05:22.0149 7160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:05:22.0149 7160 CertPropSvc - ok
21:05:22.0199 7160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:05:22.0199 7160 circlass - ok
21:05:22.0264 7160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:05:22.0269 7160 CLFS - ok
21:05:22.0369 7160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:05:22.0374 7160 clr_optimization_v2.0.50727_32 - ok
21:05:22.0449 7160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:05:22.0449 7160 clr_optimization_v2.0.50727_64 - ok
21:05:22.0589 7160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:05:22.0589 7160 clr_optimization_v4.0.30319_32 - ok
21:05:22.0669 7160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:05:22.0669 7160 clr_optimization_v4.0.30319_64 - ok
21:05:22.0739 7160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:05:22.0739 7160 CmBatt - ok
21:05:22.0789 7160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:05:22.0789 7160 cmdide - ok
21:05:22.0844 7160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:05:22.0854 7160 CNG - ok
21:05:23.0044 7160 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:05:23.0044 7160 Com4QLBEx - ok
21:05:23.0089 7160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:05:23.0094 7160 Compbatt - ok
21:05:23.0159 7160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:05:23.0159 7160 CompositeBus - ok
21:05:23.0184 7160 COMSysApp - ok
21:05:23.0209 7160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:05:23.0209 7160 crcdisk - ok
21:05:23.0279 7160 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:05:23.0284 7160 CryptSvc - ok
21:05:23.0319 7160 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:05:23.0339 7160 CSC - ok
21:05:23.0404 7160 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:05:23.0424 7160 CscService - ok
21:05:23.0499 7160 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:05:23.0499 7160 dc3d - ok
21:05:23.0529 7160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:05:23.0544 7160 DcomLaunch - ok
21:05:23.0619 7160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:05:23.0624 7160 defragsvc - ok
21:05:23.0679 7160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:05:23.0679 7160 DfsC - ok
21:05:23.0734 7160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:05:23.0739 7160 Dhcp - ok
21:05:23.0834 7160 [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE ] DigiartyVirtualCDBus C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys
21:05:23.0839 7160 DigiartyVirtualCDBus - ok
21:05:23.0894 7160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:05:23.0899 7160 discache - ok
21:05:23.0969 7160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:05:23.0969 7160 Disk - ok
21:05:24.0029 7160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:05:24.0034 7160 Dnscache - ok
21:05:24.0079 7160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:05:24.0084 7160 dot3svc - ok
21:05:24.0149 7160 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:05:24.0154 7160 Dot4 - ok
21:05:24.0234 7160 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
21:05:24.0234 7160 Dot4Print - ok
21:05:24.0259 7160 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:05:24.0259 7160 dot4usb - ok
21:05:24.0364 7160 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
21:05:24.0374 7160 DpHost - ok
21:05:24.0434 7160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:05:24.0439 7160 DPS - ok
21:05:24.0509 7160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:05:24.0509 7160 drmkaud - ok
21:05:24.0564 7160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:05:24.0574 7160 DXGKrnl - ok
21:05:24.0669 7160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:05:24.0674 7160 EapHost - ok
21:05:24.0809 7160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:05:24.0914 7160 ebdrv - ok
21:05:24.0944 7160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:05:24.0949 7160 EFS - ok
21:05:25.0039 7160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:05:25.0059 7160 ehRecvr - ok
21:05:25.0109 7160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:05:25.0109 7160 ehSched - ok
21:05:25.0184 7160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:05:25.0204 7160 elxstor - ok
21:05:25.0259 7160 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
21:05:25.0259 7160 enecir - ok
21:05:25.0294 7160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:05:25.0299 7160 ErrDev - ok
21:05:25.0389 7160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:05:25.0394 7160 EventSystem - ok
21:05:25.0419 7160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:05:25.0424 7160 exfat - ok
21:05:25.0489 7160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:05:25.0494 7160 fastfat - ok
21:05:25.0569 7160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:05:25.0589 7160 Fax - ok
21:05:25.0614 7160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:05:25.0619 7160 fdc - ok
21:05:25.0639 7160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:05:25.0644 7160 fdPHost - ok
21:05:25.0659 7160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:05:25.0659 7160 FDResPub - ok
21:05:25.0674 7160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:05:25.0674 7160 FileInfo - ok
21:05:25.0694 7160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:05:25.0694 7160 Filetrace - ok
21:05:25.0714 7160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:25.0719 7160 flpydisk - ok
21:05:25.0774 7160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:05:25.0779 7160 FltMgr - ok
21:05:25.0854 7160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:05:25.0889 7160 FontCache - ok
21:05:25.0980 7160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:05:25.0980 7160 FontCache3.0.0.0 - ok
21:05:26.0000 7160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:05:26.0000 7160 FsDepends - ok
21:05:26.0060 7160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:05:26.0065 7160 Fs_Rec - ok
21:05:26.0120 7160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:05:26.0125 7160 fvevol - ok
21:05:26.0170 7160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:05:26.0175 7160 gagp30kx - ok
21:05:26.0225 7160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:05:26.0250 7160 gpsvc - ok
21:05:26.0365 7160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:05:26.0370 7160 gupdate - ok
21:05:26.0385 7160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:05:26.0390 7160 gupdatem - ok
21:05:26.0440 7160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:05:26.0440 7160 hcw85cir - ok
21:05:26.0520 7160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:05:26.0525 7160 HdAudAddService - ok
21:05:26.0600 7160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:05:26.0600 7160 HDAudBus - ok
21:05:26.0625 7160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:05:26.0625 7160 HidBatt - ok
21:05:26.0645 7160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:05:26.0645 7160 HidBth - ok
21:05:26.0690 7160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:05:26.0690 7160 HidIr - ok
21:05:26.0750 7160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:05:26.0750 7160 hidserv - ok
21:05:26.0820 7160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:05:26.0825 7160 HidUsb - ok
21:05:26.0850 7160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:05:26.0855 7160 hkmsvc - ok
21:05:26.0890 7160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:05:26.0895 7160 HomeGroupListener - ok
21:05:26.0925 7160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:05:26.0930 7160 HomeGroupProvider - ok
21:05:27.0020 7160 [ 71297BD56776F90866423D14B963A5C8 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
21:05:27.0025 7160 hotcore3 - ok
21:05:27.0105 7160 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:05:27.0105 7160 HP Support Assistant Service - ok
21:05:27.0200 7160 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:05:27.0200 7160 HPDrvMntSvc.exe - ok
21:05:27.0255 7160 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:05:27.0255 7160 hpdskflt - ok
21:05:27.0375 7160 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:05:27.0380 7160 hpqcxs08 - ok
21:05:27.0430 7160 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:05:27.0430 7160 HpqKbFiltr - ok
21:05:27.0465 7160 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:05:27.0485 7160 hpqwmiex - ok
21:05:27.0545 7160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:05:27.0550 7160 HpSAMD - ok
21:05:27.0595 7160 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:05:27.0630 7160 HPSLPSVC - ok
21:05:27.0695 7160 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
21:05:27.0695 7160 hpsrv - ok
21:05:27.0760 7160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:05:27.0785 7160 HTTP - ok
21:05:27.0805 7160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:05:27.0805 7160 hwpolicy - ok
21:05:27.0885 7160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:05:27.0890 7160 i8042prt - ok
21:05:27.0965 7160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:05:27.0975 7160 iaStorV - ok
21:05:28.0040 7160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:05:28.0060 7160 idsvc - ok
21:05:28.0370 7160 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:05:28.0670 7160 igfx - ok
21:05:28.0740 7160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:05:28.0745 7160 iirsp - ok
21:05:28.0795 7160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:05:28.0830 7160 IKEEXT - ok
21:05:28.0880 7160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:05:28.0885 7160 intelide - ok
21:05:28.0925 7160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:05:28.0930 7160 intelppm - ok
21:05:28.0990 7160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:05:28.0995 7160 IPBusEnum - ok
21:05:29.0035 7160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:29.0035 7160 IpFilterDriver - ok
21:05:29.0075 7160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:05:29.0090 7160 iphlpsvc - ok
21:05:29.0150 7160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:05:29.0150 7160 IPMIDRV - ok
21:05:29.0170 7160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:05:29.0175 7160 IPNAT - ok
21:05:29.0280 7160 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:05:29.0315 7160 iPod Service - ok
21:05:29.0360 7160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:05:29.0365 7160 IRENUM - ok
21:05:29.0425 7160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:05:29.0425 7160 isapnp - ok
21:05:29.0485 7160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:05:29.0490 7160 iScsiPrt - ok
21:05:29.0540 7160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:29.0540 7160 kbdclass - ok
21:05:29.0605 7160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:05:29.0605 7160 kbdhid - ok
21:05:29.0625 7160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:05:29.0630 7160 KeyIso - ok
21:05:29.0685 7160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:05:29.0685 7160 KSecDD - ok
21:05:29.0700 7160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:05:29.0705 7160 KSecPkg - ok
21:05:29.0720 7160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:05:29.0725 7160 ksthunk - ok
21:05:29.0775 7160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:05:29.0785 7160 KtmRm - ok
21:05:29.0850 7160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:05:29.0855 7160 LanmanServer - ok
21:05:29.0875 7160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:05:29.0880 7160 LanmanWorkstation - ok
21:05:29.0945 7160 [ D4817C708EFED5AE6F46EC36B77E51A7 ] lfsfilt C:\Windows\system32\DRIVERS\lfsfilt.sys
21:05:29.0955 7160 lfsfilt - ok
21:05:30.0130 7160 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:05:30.0135 7160 LightScribeService - ok
21:05:30.0185 7160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:05:30.0185 7160 lltdio - ok
21:05:30.0245 7160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:05:30.0250 7160 lltdsvc - ok
21:05:30.0270 7160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:05:30.0270 7160 lmhosts - ok
21:05:30.0330 7160 [ E51CFC637080BB59BA1CDC168B657930 ] lpx C:\Windows\system32\DRIVERS\lpx6x.sys
21:05:30.0335 7160 lpx - ok
21:05:30.0400 7160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:05:30.0400 7160 LSI_FC - ok
21:05:30.0425 7160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:05:30.0430 7160 LSI_SAS - ok
21:05:30.0445 7160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:05:30.0445 7160 LSI_SAS2 - ok
21:05:30.0470 7160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:05:30.0470 7160 LSI_SCSI - ok
21:05:30.0525 7160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:05:30.0525 7160 luafv - ok
21:05:30.0560 7160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:05:30.0560 7160 Mcx2Svc - ok
21:05:30.0680 7160 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:05:30.0685 7160 MDM - ok
21:05:30.0710 7160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:05:30.0715 7160 megasas - ok
21:05:30.0750 7160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:05:30.0755 7160 MegaSR - ok
21:05:30.0825 7160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:05:30.0825 7160 MMCSS - ok
21:05:30.0845 7160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:05:30.0845 7160 Modem - ok
21:05:30.0900 7160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:05:30.0900 7160 monitor - ok
21:05:30.0950 7160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:05:30.0955 7160 mouclass - ok
21:05:31.0025 7160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:05:31.0025 7160 mouhid - ok
21:05:31.0095 7160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:05:31.0095 7160 mountmgr - ok
21:05:31.0180 7160 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:05:31.0185 7160 MpFilter - ok
21:05:31.0245 7160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:05:31.0250 7160 mpio - ok
21:05:31.0270 7160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:05:31.0270 7160 mpsdrv - ok
21:05:31.0315 7160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:05:31.0350 7160 MpsSvc - ok
21:05:31.0395 7160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:05:31.0400 7160 MRxDAV - ok
21:05:31.0425 7160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:31.0425 7160 mrxsmb - ok
21:05:31.0450 7160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:31.0455 7160 mrxsmb10 - ok
21:05:31.0475 7160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:31.0475 7160 mrxsmb20 - ok
21:05:31.0545 7160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:05:31.0550 7160 msahci - ok
21:05:31.0600 7160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:05:31.0600 7160 msdsm - ok
21:05:31.0630 7160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:05:31.0635 7160 MSDTC - ok
21:05:31.0685 7160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:05:31.0690 7160 Msfs - ok
21:05:31.0710 7160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:05:31.0710 7160 mshidkmdf - ok
21:05:31.0765 7160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:05:31.0765 7160 msisadrv - ok
21:05:31.0840 7160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:05:31.0845 7160 MSiSCSI - ok
21:05:31.0850 7160 msiserver - ok
21:05:31.0905 7160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:05:31.0905 7160 MSKSSRV - ok
21:05:32.0050 7160 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:05:32.0050 7160 MsMpSvc - ok
21:05:32.0095 7160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:32.0095 7160 MSPCLOCK - ok
21:05:32.0120 7160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:05:32.0120 7160 MSPQM - ok
21:05:32.0155 7160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:05:32.0160 7160 MsRPC - ok
21:05:32.0180 7160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:05:32.0180 7160 mssmbios - ok
21:05:32.0200 7160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:05:32.0205 7160 MSTEE - ok
21:05:32.0230 7160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:05:32.0230 7160 MTConfig - ok
21:05:32.0260 7160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:05:32.0260 7160 Mup - ok
21:05:32.0420 7160 mysql - ok
21:05:32.0500 7160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:05:32.0520 7160 napagent - ok
21:05:32.0620 7160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:05:32.0630 7160 NativeWifiP - ok
21:05:32.0710 7160 [ 277133AAF997474CA218F686B17B997C ] ndasbus C:\Windows\system32\DRIVERS\ndasbus.sys
21:05:32.0715 7160 ndasbus - ok
21:05:32.0780 7160 [ 742F32034AF7AAFCCB6EF1FEA194FCEF ] ndasfat C:\Windows\system32\DRIVERS\ndasfat.sys
21:05:32.0790 7160 ndasfat - ok
21:05:32.0855 7160 [ 2B2678EE7F15B0F9DBBDF32C6EADC30A ] ndasfs C:\Windows\system32\DRIVERS\ndasfs.sys
21:05:32.0865 7160 ndasfs - ok
21:05:32.0950 7160 [ A485A1764C4F92961E548C19C25EBB84 ] ndasrofs C:\Windows\system32\DRIVERS\ndasrofs.sys
21:05:32.0960 7160 ndasrofs - ok
21:05:32.0985 7160 [ EBED72803B6959EED610513C4DBDB2DB ] ndasscsi C:\Windows\system32\DRIVERS\ndasscsi.sys
21:05:32.0990 7160 ndasscsi - ok
21:05:33.0070 7160 [ 4B5A4CAED7A3FEDBE1BA57707D8C7F74 ] ndassvc C:\Program Files\NDAS\System\ndassvc.exe
21:05:33.0075 7160 ndassvc - ok
21:05:33.0165 7160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:05:33.0195 7160 NDIS - ok
21:05:33.0240 7160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:05:33.0245 7160 NdisCap - ok
21:05:33.0300 7160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:33.0305 7160 NdisTapi - ok
21:05:33.0365 7160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:33.0365 7160 Ndisuio - ok
21:05:33.0395 7160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:33.0395 7160 NdisWan - ok
21:05:33.0420 7160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:05:33.0420 7160 NDProxy - ok
21:05:33.0620 7160 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:05:33.0655 7160 Nero BackItUp Scheduler 4.0 - ok
21:05:33.0725 7160 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:05:33.0730 7160 Net Driver HPZ12 - ok
21:05:33.0795 7160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:05:33.0800 7160 NetBIOS - ok
21:05:33.0830 7160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:05:33.0835 7160 NetBT - ok
21:05:33.0850 7160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:05:33.0855 7160 Netlogon - ok
21:05:33.0925 7160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:05:33.0935 7160 Netman - ok
21:05:33.0995 7160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:34.0000 7160 NetMsmqActivator - ok
21:05:34.0030 7160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:34.0035 7160 NetPipeActivator - ok
21:05:34.0070 7160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:05:34.0090 7160 netprofm - ok
21:05:34.0130 7160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:34.0130 7160 NetTcpActivator - ok
21:05:34.0135 7160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:34.0135 7160 NetTcpPortSharing - ok
21:05:34.0160 7160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:34.0160 7160 nfrd960 - ok
21:05:34.0245 7160 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:05:34.0245 7160 NisDrv - ok
21:05:34.0325 7160 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:05:34.0330 7160 NisSrv - ok
21:05:34.0385 7160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:05:34.0390 7160 NlaSvc - ok
21:05:34.0445 7160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:05:34.0445 7160 Npfs - ok
21:05:34.0495 7160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:05:34.0495 7160 nsi - ok
21:05:34.0510 7160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:05:34.0510 7160 nsiproxy - ok
21:05:34.0610 7160 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:05:34.0655 7160 Ntfs - ok
21:05:34.0670 7160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:05:34.0670 7160 Null - ok
21:05:34.0720 7160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:05:34.0725 7160 nvraid - ok
21:05:34.0745 7160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:05:34.0750 7160 nvstor - ok
21:05:34.0795 7160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:05:34.0800 7160 nv_agp - ok
21:05:34.0865 7160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:05:34.0875 7160 odserv - ok
21:05:34.0935 7160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:05:34.0935 7160 ohci1394 - ok
21:05:34.0995 7160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:05:34.0995 7160 ose - ok
21:05:35.0080 7160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:05:35.0090 7160 p2pimsvc - ok
21:05:35.0160 7160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:05:35.0165 7160 p2psvc - ok
21:05:35.0220 7160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:05:35.0225 7160 Parport - ok
21:05:35.0275 7160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:05:35.0275 7160 partmgr - ok
21:05:35.0300 7160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:05:35.0305 7160 PcaSvc - ok
21:05:35.0320 7160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:05:35.0325 7160 pci - ok
21:05:35.0380 7160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:05:35.0385 7160 pciide - ok
21:05:35.0415 7160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:35.0415 7160 pcmcia - ok
21:05:35.0440 7160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:05:35.0440 7160 pcw - ok
21:05:35.0545 7160 [ 6674663315CBD028E4E762A717820A88 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
21:05:35.0545 7160 PDFProFiltSrv - ok
21:05:35.0580 7160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:05:35.0600 7160 PEAUTH - ok
21:05:35.0695 7160 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:05:35.0740 7160 PeerDistSvc - ok
21:05:35.0875 7160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:05:35.0880 7160 PerfHost - ok
21:05:35.0955 7160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:05:36.0000 7160 pla - ok
21:05:36.0080 7160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:05:36.0100 7160 PlugPlay - ok
21:05:36.0165 7160 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:05:36.0165 7160 Pml Driver HPZ12 - ok
21:05:36.0225 7160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:05:36.0230 7160 PNRPAutoReg - ok
21:05:36.0250 7160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:05:36.0255 7160 PNRPsvc - ok
21:05:36.0345 7160 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:05:36.0345 7160 Point64 - ok
21:05:36.0385 7160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:05:36.0405 7160 PolicyAgent - ok
21:05:36.0475 7160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:05:36.0480 7160 Power - ok
21:05:36.0545 7160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:05:36.0545 7160 PptpMiniport - ok
21:05:36.0570 7160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:05:36.0570 7160 Processor - ok
21:05:36.0640 7160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:05:36.0645 7160 ProfSvc - ok
21:05:36.0665 7160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:05:36.0670 7160 ProtectedStorage - ok
21:05:36.0735 7160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:05:36.0735 7160 Psched - ok
21:05:36.0810 7160 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:05:36.0815 7160 PxHlpa64 - ok
21:05:36.0900 7160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:05:36.0945 7160 ql2300 - ok
21:05:36.0985 7160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:36.0990 7160 ql40xx - ok
21:05:37.0055 7160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:05:37.0060 7160 QWAVE - ok
21:05:37.0095 7160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:05:37.0095 7160 QWAVEdrv - ok
21:05:37.0115 7160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:05:37.0120 7160 RasAcd - ok
21:05:37.0175 7160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:37.0175 7160 RasAgileVpn - ok
21:05:37.0190 7160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:05:37.0195 7160 RasAuto - ok
21:05:37.0220 7160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:37.0225 7160 Rasl2tp - ok
21:05:37.0265 7160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:05:37.0270 7160 RasMan - ok
21:05:37.0285 7160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:37.0285 7160 RasPppoe - ok
21:05:37.0325 7160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:05:37.0330 7160 RasSstp - ok
21:05:37.0360 7160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:05:37.0365 7160 rdbss - ok
21:05:37.0380 7160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:37.0385 7160 rdpbus - ok
21:05:37.0400 7160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:37.0400 7160 RDPCDD - ok
21:05:37.0440 7160 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:05:37.0445 7160 RDPDR - ok
21:05:37.0485 7160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:05:37.0485 7160 RDPENCDD - ok
21:05:37.0495 7160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:05:37.0495 7160 RDPREFMP - ok
21:05:37.0530 7160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:05:37.0535 7160 RDPWD - ok
21:05:37.0595 7160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:05:37.0595 7160 rdyboost - ok
21:05:37.0665 7160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:05:37.0670 7160 RemoteAccess - ok
21:05:37.0725 7160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:05:37.0730 7160 RemoteRegistry - ok
21:05:37.0885 7160 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
21:05:37.0915 7160 RoxMediaDB12 - ok
21:05:37.0980 7160 [ 71B38B8DF1A9B55FC0FB64958CC7B9DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
21:05:37.0985 7160 RoxWatch12 - ok
21:05:38.0045 7160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:05:38.0050 7160 RpcEptMapper - ok
21:05:38.0095 7160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:05:38.0100 7160 RpcLocator - ok
21:05:38.0150 7160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:05:38.0160 7160 RpcSs - ok
21:05:38.0235 7160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:05:38.0235 7160 rspndr - ok
21:05:38.0295 7160 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:05:38.0300 7160 RTL8167 - ok
21:05:38.0355 7160 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:05:38.0355 7160 s3cap - ok
21:05:38.0420 7160 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\Windows\system32\Drivers\Sahdad64.sys
21:05:38.0420 7160 Sahdad64 - ok
21:05:38.0435 7160 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\Windows\system32\Drivers\Saibad64.sys
21:05:38.0435 7160 Saibad64 - ok
21:05:38.0495 7160 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\Windows\system32\Drivers\SaibVdAd64.sys
21:05:38.0500 7160 SaibVdAd64 - ok
21:05:38.0510 7160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:05:38.0515 7160 SamSs - ok
21:05:38.0570 7160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:05:38.0575 7160 sbp2port - ok
21:05:38.0640 7160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:05:38.0645 7160 SCardSvr - ok
21:05:38.0665 7160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:05:38.0670 7160 scfilter - ok
21:05:38.0720 7160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:05:38.0755 7160 Schedule - ok
21:05:38.0815 7160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:05:38.0815 7160 SCPolicySvc - ok
21:05:38.0860 7160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:05:38.0865 7160 SDRSVC - ok
21:05:38.0930 7160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:05:38.0930 7160 secdrv - ok
21:05:38.0971 7160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:05:38.0971 7160 seclogon - ok
21:05:38.0996 7160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:05:39.0001 7160 SENS - ok
21:05:39.0056 7160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:05:39.0061 7160 SensrSvc - ok
21:05:39.0086 7160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:05:39.0086 7160 Serenum - ok
21:05:39.0131 7160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:05:39.0131 7160 Serial - ok
21:05:39.0176 7160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:05:39.0181 7160 sermouse - ok
21:05:39.0231 7160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:05:39.0236 7160 SessionEnv - ok
21:05:39.0296 7160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:05:39.0296 7160 sffdisk - ok
21:05:39.0306 7160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:05:39.0306 7160 sffp_mmc - ok
21:05:39.0316 7160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:05:39.0316 7160 sffp_sd - ok
21:05:39.0336 7160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:39.0336 7160 sfloppy - ok
21:05:39.0406 7160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:05:39.0411 7160 SharedAccess - ok
21:05:39.0441 7160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:05:39.0446 7160 ShellHWDetection - ok
21:05:39.0486 7160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:39.0491 7160 SiSRaid2 - ok
21:05:39.0511 7160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:39.0511 7160 SiSRaid4 - ok
21:05:39.0586 7160 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:05:39.0586 7160 SkypeUpdate - ok
21:05:39.0641 7160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:05:39.0641 7160 Smb - ok
21:05:39.0726 7160 [ B84440E7554FC85E900EEF0A7AABA228 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:05:39.0726 7160 snapman - ok
21:05:39.0791 7160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:05:39.0791 7160 SNMPTRAP - ok
21:05:39.0806 7160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:05:39.0806 7160 spldr - ok
21:05:39.0876 7160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:05:39.0896 7160 Spooler - ok
21:05:40.0011 7160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:05:40.0116 7160 sppsvc - ok
21:05:40.0136 7160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:05:40.0141 7160 sppuinotify - ok
21:05:40.0181 7160 sptd - ok
21:05:40.0226 7160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:05:40.0231 7160 srv - ok
21:05:40.0256 7160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:05:40.0261 7160 srv2 - ok
21:05:40.0276 7160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:05:40.0281 7160 srvnet - ok
21:05:40.0351 7160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:05:40.0356 7160 SSDPSRV - ok
21:05:40.0371 7160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:05:40.0371 7160 SstpSvc - ok
21:05:40.0561 7160 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
21:05:40.0566 7160 STacSV - ok
21:05:40.0701 7160 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
21:05:40.0711 7160 StarWindServiceAE - ok
21:05:40.0786 7160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:05:40.0786 7160 stexstor - ok
21:05:40.0856 7160 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:05:40.0866 7160 STHDA - ok
21:05:40.0921 7160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:05:40.0946 7160 stisvc - ok
21:05:41.0011 7160 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:05:41.0011 7160 storflt - ok
21:05:41.0066 7160 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:05:41.0071 7160 StorSvc - ok
21:05:41.0136 7160 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:05:41.0136 7160 storvsc - ok
21:05:41.0221 7160 [ 3B75C6F37B35F911B094D86C80BE5724 ] Stuffit Archive Name Service C:\Program Files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe
21:05:41.0226 7160 Stuffit Archive Name Service - ok
21:05:41.0281 7160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:05:41.0281 7160 swenum - ok
21:05:41.0446 7160 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:05:41.0466 7160 SwitchBoard - ok
21:05:41.0526 7160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:05:41.0551 7160 swprv - ok
21:05:41.0621 7160 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:05:41.0626 7160 SynTP - ok
21:05:41.0691 7160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:05:41.0746 7160 SysMain - ok
21:05:41.0786 7160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:05:41.0791 7160 TabletInputService - ok
21:05:41.0826 7160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:05:41.0836 7160 TapiSrv - ok
21:05:41.0896 7160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:05:41.0901 7160 TBS - ok
21:05:42.0011 7160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:05:42.0071 7160 Tcpip - ok
21:05:42.0161 7160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:05:42.0176 7160 TCPIP6 - ok
21:05:42.0211 7160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:05:42.0211 7160 tcpipreg - ok
21:05:42.0271 7160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:05:42.0271 7160 TDPIPE - ok
21:05:42.0306 7160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:05:42.0306 7160 TDTCP - ok
21:05:42.0356 7160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:05:42.0356 7160 tdx - ok
21:05:42.0416 7160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:05:42.0416 7160 TermDD - ok
21:05:42.0466 7160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:05:42.0501 7160 TermService - ok
21:05:42.0576 7160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:05:42.0581 7160 Themes - ok
21:05:42.0641 7160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:05:42.0646 7160 THREADORDER - ok
21:05:42.0701 7160 [ FE95379561B6554611F47E29F48EE931 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
21:05:42.0706 7160 tifsfilter - ok
21:05:42.0731 7160 [ 2D0DC8F1578CF9C1434FD41DE46FA00A ] timounter C:\Windows\system32\DRIVERS\timntr.sys
21:05:42.0751 7160 timounter - ok
21:05:42.0766 7160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:05:42.0776 7160 TrkWks - ok
21:05:42.0851 7160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:05:42.0851 7160 TrustedInstaller - ok
21:05:42.0891 7160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:42.0896 7160 tssecsrv - ok
21:05:42.0961 7160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:05:42.0961 7160 TsUsbFlt - ok
21:05:43.0026 7160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:05:43.0031 7160 tunnel - ok
21:05:43.0081 7160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:05:43.0081 7160 uagp35 - ok
21:05:43.0111 7160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:05:43.0116 7160 udfs - ok
21:05:43.0171 7160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:05:43.0176 7160 UI0Detect - ok
21:05:43.0226 7160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:05:43.0226 7160 uliagpkx - ok
21:05:43.0286 7160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:05:43.0286 7160 umbus - ok
21:05:43.0311 7160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:05:43.0311 7160 UmPass - ok
21:05:43.0341 7160 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:05:43.0351 7160 UmRdpService - ok
21:05:43.0411 7160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:05:43.0421 7160 upnphost - ok
21:05:43.0446 7160 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:05:43.0451 7160 USBAAPL64 - ok
21:05:43.0511 7160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:43.0516 7160 usbccgp - ok
21:05:43.0566 7160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:05:43.0571 7160 usbcir - ok
21:05:43.0591 7160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:05:43.0596 7160 usbehci - ok
21:05:43.0651 7160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:05:43.0656 7160 usbhub - ok
21:05:43.0686 7160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:05:43.0691 7160 usbohci - ok
21:05:43.0751 7160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:05:43.0756 7160 usbprint - ok
21:05:43.0816 7160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:05:43.0816 7160 usbscan - ok
21:05:43.0836 7160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:43.0836 7160 USBSTOR - ok
21:05:43.0901 7160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:43.0901 7160 usbuhci - ok
21:05:43.0966 7160 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:05:43.0966 7160 usbvideo - ok
21:05:44.0021 7160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:05:44.0021 7160 UxSms - ok
21:05:44.0036 7160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:05:44.0036 7160 VaultSvc - ok
21:05:44.0081 7160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:05:44.0081 7160 vdrvroot - ok
21:05:44.0116 7160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:05:44.0131 7160 vds - ok
21:05:44.0176 7160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:44.0176 7160 vga - ok
21:05:44.0196 7160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:05:44.0196 7160 VgaSave - ok
21:05:44.0211 7160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:05:44.0216 7160 vhdmp - ok
21:05:44.0261 7160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:05:44.0261 7160 viaide - ok
21:05:44.0306 7160 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:05:44.0311 7160 vmbus - ok
21:05:44.0331 7160 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:05:44.0331 7160 VMBusHID - ok
21:05:44.0356 7160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:05:44.0361 7160 volmgr - ok
21:05:44.0391 7160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:05:44.0396 7160 volmgrx - ok
21:05:44.0451 7160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:05:44.0456 7160 volsnap - ok
21:05:44.0511 7160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:44.0516 7160 vsmraid - ok
21:05:44.0586 7160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:05:44.0666 7160 VSS - ok
21:05:44.0681 7160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:05:44.0686 7160 vwifibus - ok
21:05:44.0731 7160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:05:44.0736 7160 vwififlt - ok
21:05:44.0796 7160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:05:44.0816 7160 W32Time - ok
21:05:44.0846 7160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:05:44.0846 7160 WacomPen - ok
21:05:44.0901 7160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:05:44.0906 7160 WANARP - ok
21:05:44.0926 7160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:05:44.0931 7160 Wanarpv6 - ok
21:05:45.0016 7160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:05:45.0051 7160 WatAdminSvc - ok
21:05:45.0121 7160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:05:45.0161 7160 wbengine - ok
21:05:45.0186 7160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:05:45.0191 7160 WbioSrvc - ok
21:05:45.0221 7160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:05:45.0231 7160 wcncsvc - ok
21:05:45.0241 7160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:05:45.0241 7160 WcsPlugInService - ok
21:05:45.0291 7160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:05:45.0296 7160 Wd - ok
21:05:45.0336 7160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:05:45.0356 7160 Wdf01000 - ok
21:05:45.0376 7160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:05:45.0381 7160 WdiServiceHost - ok
21:05:45.0396 7160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:05:45.0396 7160 WdiSystemHost - ok
21:05:45.0436 7160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:05:45.0446 7160 WebClient - ok
21:05:45.0476 7160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:05:45.0481 7160 Wecsvc - ok
21:05:45.0506 7160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:05:45.0506 7160 wercplsupport - ok
21:05:45.0565 7160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:05:45.0569 7160 WerSvc - ok
21:05:45.0620 7160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:45.0621 7160 WfpLwf - ok
21:05:45.0651 7160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:05:45.0652 7160 WIMMount - ok
21:05:45.0682 7160 WinDefend - ok
21:05:45.0703 7160 WinHttpAutoProxySvc - ok
21:05:45.0801 7160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:05:45.0805 7160 Winmgmt - ok
21:05:45.0885 7160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:05:45.0946 7160 WinRM - ok
21:05:46.0026 7160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:05:46.0026 7160 WinUsb - ok
21:05:46.0101 7160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:05:46.0131 7160 Wlansvc - ok
21:05:46.0366 7160 [ A8E1DC28DC49C0C0AD59969B87049602 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:05:46.0456 7160 wlidsvc - ok
21:05:46.0531 7160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:05:46.0531 7160 WmiAcpi - ok
21:05:46.0606 7160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:05:46.0611 7160 wmiApSrv - ok
21:05:46.0661 7160 WMPNetworkSvc - ok
21:05:46.0716 7160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:05:46.0721 7160 WPCSvc - ok
21:05:46.0751 7160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:05:46.0761 7160 WPDBusEnum - ok
21:05:46.0816 7160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:05:46.0816 7160 ws2ifsl - ok
21:05:46.0841 7160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:05:46.0846 7160 wscsvc - ok
21:05:46.0901 7160 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:05:46.0906 7160 WSDPrintDevice - ok
21:05:46.0911 7160 WSearch - ok
21:05:47.0027 7160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:05:47.0137 7160 wuauserv - ok
21:05:47.0192 7160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:05:47.0192 7160 WudfPf - ok
21:05:47.0217 7160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:47.0222 7160 WUDFRd - ok
21:05:47.0247 7160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:05:47.0252 7160 wudfsvc - ok
21:05:47.0307 7160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:05:47.0317 7160 WwanSvc - ok
21:05:47.0347 7160 ================ Scan global ===============================
21:05:47.0382 7160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:05:47.0412 7160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:05:47.0432 7160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:05:47.0492 7160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:05:47.0542 7160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:05:47.0547 7160 [Global] - ok
21:05:47.0552 7160 ================ Scan MBR ==================================
21:05:47.0562 7160 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
21:05:47.0882 7160 \Device\Harddisk0\DR0 - ok
21:05:47.0922 7160 [ F072E590493BA78B0EB9086940709A88 ] \Device\Harddisk2\DR2
21:05:47.0992 7160 \Device\Harddisk2\DR2 ( Rootkit.Boot.Wistler.a ) - infected
21:05:47.0992 7160 \Device\Harddisk2\DR2 - detected Rootkit.Boot.Wistler.a (0)
21:05:47.0992 7160 ================ Scan VBR ==================================
21:05:47.0997 7160 [ 2C140E6075C154E73C14814CAB7C5CE7 ] \Device\Harddisk0\DR0\Partition1
21:05:47.0997 7160 \Device\Harddisk0\DR0\Partition1 - ok
21:05:48.0012 7160 [ 15E05C0A36B74088DB7B8AC3186075E1 ] \Device\Harddisk0\DR0\Partition2
21:05:48.0017 7160 \Device\Harddisk0\DR0\Partition2 - ok
21:05:48.0027 7160 [ C7FCDFA175E7FA9485D3021EFFBA5F7E ] \Device\Harddisk0\DR0\Partition3
21:05:48.0027 7160 \Device\Harddisk0\DR0\Partition3 - ok
21:05:48.0042 7160 [ 0C9A0F2F16E69D094A7199E82643DBDC ] \Device\Harddisk2\DR2\Partition1
21:05:48.0062 7160 \Device\Harddisk2\DR2\Partition1 - ok
21:05:48.0077 7160 [ 1E4FB1AFB0937CF3BA41A40E6B9B2004 ] \Device\Harddisk2\DR2\Partition2
21:05:48.0082 7160 \Device\Harddisk2\DR2\Partition2 - ok
21:05:48.0082 7160 ============================================================
21:05:48.0082 7160 Scan finished
21:05:48.0082 7160 ============================================================
21:05:48.0092 4580 Detected object count: 1
21:05:48.0092 4580 Actual detected object count: 1
21:06:25.0145 4580 \Device\Harddisk2\DR2\# - copied to quarantine
21:06:25.0145 4580 \Device\Harddisk2\DR2 - copied to quarantine
21:06:26.0575 4580 \Device\Harddisk2\DR2 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
21:06:26.0635 4580 \Device\Harddisk2\DR2 - ok
21:06:26.0635 4580 \Device\Harddisk2\DR2 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
21:06:41.0291 7040 Deinitialize success
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Raymond.


#14 Raymond M.

Raymond M.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 AM

Posted 04 October 2012 - 08:50 PM

Gringo,

Here is the second TDSSKiller log report created after my computer rebooted:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

21:30:58.0701 4584 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:31:00.0729 4584 ============================================================
21:31:00.0729 4584 Current date / time: 2012/10/04 21:31:00.0729
21:31:00.0729 4584 SystemInfo:
21:31:00.0729 4584
21:31:00.0729 4584 OS Version: 6.1.7601 ServicePack: 1.0
21:31:00.0729 4584 Product type: Workstation
21:31:00.0729 4584 ComputerName: RAYMOND-PC
21:31:00.0729 4584 UserName: Raymond
21:31:00.0729 4584 Windows directory: C:\Windows
21:31:00.0729 4584 System windows directory: C:\Windows
21:31:00.0729 4584 Running under WOW64
21:31:00.0729 4584 Processor architecture: Intel x64
21:31:00.0729 4584 Number of processors: 2
21:31:00.0729 4584 Page size: 0x1000
21:31:00.0729 4584 Boot type: Normal boot
21:31:00.0729 4584 ============================================================
21:31:03.0147 4584 BG loaded
21:31:03.0802 4584 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:03.0818 4584 Drive \Device\Harddisk2\DR2 - Size: 0x2E93C30000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:31:03.0849 4584 ============================================================
21:31:03.0849 4584 \Device\Harddisk0\DR0:
21:31:03.0849 4584 MBR partitions:
21:31:03.0849 4584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x227EF7C0
21:31:03.0849 4584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x227EF800, BlocksNum 0x13FF800
21:31:03.0849 4584 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23BEF800, BlocksNum 0x183D800
21:31:03.0849 4584 \Device\Harddisk2\DR2:
21:31:03.0849 4584 MBR partitions:
21:31:03.0865 4584 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162EBCBF
21:31:03.0865 4584 \Device\Harddisk2\DR2\Partition2: MBR, Type 0xC, StartLBA 0x162EFBBF, BlocksNum 0x11AE202
21:31:03.0865 4584 ============================================================
21:31:03.0880 4584 C: <-> \Device\Harddisk0\DR0\Partition1
21:31:04.0068 4584 D: <-> \Device\Harddisk0\DR0\Partition3
21:31:04.0177 4584 F: <-> \Device\Harddisk0\DR0\Partition2
21:31:04.0224 4584 J: <-> \Device\Harddisk2\DR2\Partition1
21:31:04.0239 4584 K: <-> \Device\Harddisk2\DR2\Partition2
21:31:04.0239 4584 ============================================================
21:31:04.0239 4584 Initialize success
21:31:04.0239 4584 ============================================================
21:31:10.0855 0848 ============================================================
21:31:10.0855 0848 Scan started
21:31:10.0855 0848 Mode: Manual;
21:31:10.0855 0848 ============================================================
21:31:21.0525 0848 ================ Scan system memory ========================
21:31:21.0525 0848 System memory - ok
21:31:21.0525 0848 ================ Scan services =============================
21:31:30.0777 0848 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:31:30.0855 0848 1394ohci - ok
21:31:37.0844 0848 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
21:31:37.0844 0848 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
21:31:40.0043 0848 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:31:40.0043 0848 Accelerometer - ok
21:31:42.0524 0848 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:31:42.0524 0848 ACPI - ok
21:31:43.0996 0848 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:31:43.0996 0848 AcpiPmi - ok
21:31:46.0450 0848 [ 7B65F9F3036AA063015C359B5210E250 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:31:46.0450 0848 AcrSch2Svc - ok
21:31:54.0103 0848 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:54.0103 0848 AdobeARMservice - ok
21:32:00.0124 0848 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:03.0650 0848 AdobeFlashPlayerUpdateSvc - ok
21:32:05.0851 0848 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:32:07.0177 0848 adp94xx - ok
21:32:08.0518 0848 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:32:09.0111 0848 adpahci - ok
21:32:09.0860 0848 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:32:09.0922 0848 adpu320 - ok
21:32:10.0796 0848 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:32:10.0796 0848 AeLookupSvc - ok
21:32:13.0916 0848 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
21:32:13.0916 0848 AESTFilters - ok
21:32:17.0398 0848 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:32:17.0398 0848 AFD - ok
21:32:18.0298 0848 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
21:32:18.0308 0848 AgereSoftModem - ok
21:32:19.0918 0848 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:32:19.0963 0848 agp440 - ok
21:32:23.0719 0848 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:32:23.0719 0848 ALG - ok
21:32:24.0279 0848 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:32:26.0179 0848 aliide - ok
21:32:27.0339 0848 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:32:27.0929 0848 amdide - ok
21:32:28.0834 0848 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:32:29.0499 0848 AmdK8 - ok
21:32:29.0714 0848 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:32:29.0719 0848 AmdPPM - ok
21:32:30.0179 0848 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:32:30.0624 0848 amdsata - ok
21:32:31.0509 0848 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:32:31.0684 0848 amdsbs - ok
21:32:32.0994 0848 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:32:33.0874 0848 amdxata - ok
21:32:36.0729 0848 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 C:\xampp\apache\bin\httpd.exe
21:32:36.0969 0848 Apache2.2 - ok
21:32:37.0844 0848 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:32:37.0849 0848 AppID - ok
21:32:38.0024 0848 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:32:38.0024 0848 AppIDSvc - ok
21:32:38.0669 0848 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:32:38.0669 0848 Appinfo - ok
21:32:39.0809 0848 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:39.0809 0848 Apple Mobile Device - ok
21:32:41.0079 0848 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:32:41.0079 0848 AppMgmt - ok
21:32:41.0524 0848 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:32:41.0524 0848 arc - ok
21:32:41.0724 0848 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:32:41.0724 0848 arcsas - ok
21:32:43.0485 0848 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:32:44.0315 0848 aspnet_state - ok
21:32:45.0105 0848 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:45.0110 0848 AsyncMac - ok
21:32:45.0345 0848 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:32:45.0350 0848 atapi - ok
21:32:45.0810 0848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:32:45.0815 0848 AudioEndpointBuilder - ok
21:32:45.0835 0848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:32:45.0840 0848 AudioSrv - ok
21:32:46.0275 0848 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:32:46.0275 0848 AxInstSV - ok
21:32:46.0705 0848 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:32:46.0845 0848 b06bdrv - ok
21:32:47.0310 0848 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:32:47.0315 0848 b57nd60a - ok
21:32:48.0095 0848 [ 7B187A0F9ACB143E09A40393360B8202 ] BayerHealthcareService C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
21:32:48.0100 0848 BayerHealthcareService - ok
21:32:48.0648 0848 [ 0E14A0071FE26A570BCAFF5401014717 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:32:48.0668 0848 BCM43XX - ok
21:32:48.0928 0848 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:32:48.0928 0848 BDESVC - ok
21:32:49.0178 0848 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:32:49.0178 0848 Beep - ok
21:32:50.0965 0848 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:32:50.0975 0848 BFE - ok
21:32:51.0060 0848 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:32:51.0070 0848 BITS - ok
21:32:51.0230 0848 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:32:51.0230 0848 blbdrive - ok
21:32:52.0565 0848 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:32:52.0570 0848 Bonjour Service - ok
21:32:53.0315 0848 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:32:53.0320 0848 bowser - ok
21:32:53.0340 0848 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:32:53.0340 0848 BrFiltLo - ok
21:32:53.0925 0848 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:32:53.0925 0848 BrFiltUp - ok
21:32:57.0091 0848 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:32:57.0091 0848 BridgeMP - ok
21:32:59.0238 0848 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
21:32:59.0238 0848 Brother XP spl Service - ok
21:32:59.0948 0848 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:32:59.0948 0848 Browser - ok
21:33:01.0005 0848 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
21:33:01.0009 0848 Brserid - ok
21:33:01.0072 0848 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:01.0073 0848 BrSerWdm - ok
21:33:01.0133 0848 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:01.0135 0848 BrUsbMdm - ok
21:33:01.0178 0848 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
21:33:01.0180 0848 BrUsbSer - ok
21:33:01.0499 0848 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:01.0501 0848 BTHMODEM - ok
21:33:02.0449 0848 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:33:02.0451 0848 bthserv - ok
21:33:03.0594 0848 [ 59626AB5920F316BDBFDC8B47521A882 ] c2scsi64 C:\Windows\system32\DRIVERS\c2scsi64.sys
21:33:03.0596 0848 c2scsi64 - ok
21:33:04.0811 0848 [ 4D8ECC2E3E7BF5EC0D45B6DE14B453C8 ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
21:33:04.0857 0848 Canon Driver Information Assist Service - ok
21:33:05.0284 0848 catchme - ok
21:33:05.0441 0848 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:33:05.0443 0848 cdfs - ok
21:33:05.0916 0848 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:33:05.0919 0848 cdrom - ok
21:33:06.0330 0848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:33:06.0332 0848 CertPropSvc - ok
21:33:06.0904 0848 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:33:06.0905 0848 circlass - ok
21:33:07.0213 0848 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:33:07.0213 0848 CLFS - ok
21:33:08.0308 0848 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:08.0754 0848 clr_optimization_v2.0.50727_32 - ok
21:33:09.0132 0848 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:09.0544 0848 clr_optimization_v2.0.50727_64 - ok
21:33:10.0627 0848 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:12.0764 0848 clr_optimization_v4.0.30319_32 - ok
21:33:13.0265 0848 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:33:13.0997 0848 clr_optimization_v4.0.30319_64 - ok
21:33:14.0612 0848 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:14.0612 0848 CmBatt - ok
21:33:14.0897 0848 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:33:14.0897 0848 cmdide - ok
21:33:15.0442 0848 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:33:15.0452 0848 CNG - ok
21:33:17.0183 0848 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:33:17.0188 0848 Com4QLBEx - ok
21:33:17.0613 0848 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:33:17.0613 0848 Compbatt - ok
21:33:18.0293 0848 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:33:18.0293 0848 CompositeBus - ok
21:33:18.0674 0848 COMSysApp - ok
21:33:19.0009 0848 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:19.0009 0848 crcdisk - ok
21:33:19.0979 0848 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:33:19.0981 0848 CryptSvc - ok
21:33:20.0331 0848 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:33:20.0334 0848 CSC - ok
21:33:20.0706 0848 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:33:20.0711 0848 CscService - ok
21:33:21.0221 0848 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:33:21.0792 0848 dc3d - ok
21:33:22.0153 0848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:33:22.0158 0848 DcomLaunch - ok
21:33:23.0066 0848 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:33:23.0071 0848 defragsvc - ok
21:33:23.0246 0848 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:33:23.0251 0848 DfsC - ok
21:33:23.0617 0848 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:33:23.0622 0848 Dhcp - ok
21:33:23.0937 0848 [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE ] DigiartyVirtualCDBus C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys
21:33:23.0962 0848 DigiartyVirtualCDBus - ok
21:33:24.0252 0848 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:33:24.0257 0848 discache - ok
21:33:24.0582 0848 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:33:24.0582 0848 Disk - ok
21:33:24.0807 0848 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:33:24.0812 0848 Dnscache - ok
21:33:25.0592 0848 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:33:25.0597 0848 dot3svc - ok
21:33:26.0142 0848 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:33:26.0167 0848 Dot4 - ok
21:33:26.0827 0848 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
21:33:27.0197 0848 Dot4Print - ok
21:33:27.0217 0848 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:33:27.0222 0848 dot4usb - ok
21:33:27.0902 0848 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
21:33:27.0907 0848 DpHost - ok
21:33:27.0962 0848 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:33:27.0967 0848 DPS - ok
21:33:28.0562 0848 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:33:29.0172 0848 drmkaud - ok
21:33:29.0512 0848 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:33:29.0522 0848 DXGKrnl - ok
21:33:29.0787 0848 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:33:29.0792 0848 EapHost - ok
21:33:33.0608 0848 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:33:33.0753 0848 ebdrv - ok
21:33:34.0568 0848 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:33:34.0568 0848 EFS - ok
21:33:35.0507 0848 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:33:35.0519 0848 ehRecvr - ok
21:33:36.0096 0848 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:33:36.0099 0848 ehSched - ok
21:33:37.0472 0848 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:33:37.0617 0848 elxstor - ok
21:33:37.0872 0848 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
21:33:37.0873 0848 enecir - ok
21:33:38.0686 0848 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:33:38.0688 0848 ErrDev - ok
21:33:41.0468 0848 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:33:41.0474 0848 EventSystem - ok
21:33:41.0701 0848 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:33:41.0796 0848 exfat - ok
21:33:41.0891 0848 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:33:41.0891 0848 fastfat - ok
21:33:42.0239 0848 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:33:42.0247 0848 Fax - ok
21:33:42.0298 0848 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:33:42.0299 0848 fdc - ok
21:33:42.0497 0848 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:33:42.0497 0848 fdPHost - ok
21:33:42.0547 0848 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:33:42.0552 0848 FDResPub - ok
21:33:42.0773 0848 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:33:42.0778 0848 FileInfo - ok
21:33:43.0063 0848 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:33:43.0063 0848 Filetrace - ok
21:33:43.0098 0848 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:43.0098 0848 flpydisk - ok
21:33:43.0388 0848 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:33:43.0393 0848 FltMgr - ok
21:33:43.0558 0848 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:33:43.0568 0848 FontCache - ok
21:33:43.0893 0848 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:43.0893 0848 FontCache3.0.0.0 - ok
21:33:44.0113 0848 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:33:44.0113 0848 FsDepends - ok
21:33:44.0308 0848 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:33:44.0313 0848 Fs_Rec - ok
21:33:44.0783 0848 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:33:44.0788 0848 fvevol - ok
21:33:45.0301 0848 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:45.0303 0848 gagp30kx - ok
21:33:45.0409 0848 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:33:45.0442 0848 gpsvc - ok
21:33:45.0704 0848 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:45.0706 0848 gupdate - ok
21:33:45.0761 0848 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:45.0763 0848 gupdatem - ok
21:33:45.0834 0848 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:33:45.0856 0848 hcw85cir - ok
21:33:46.0438 0848 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:33:46.0443 0848 HdAudAddService - ok
21:33:46.0872 0848 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:33:46.0874 0848 HDAudBus - ok
21:33:47.0121 0848 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:47.0123 0848 HidBatt - ok
21:33:47.0418 0848 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:33:47.0420 0848 HidBth - ok
21:33:47.0708 0848 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:33:47.0709 0848 HidIr - ok
21:33:48.0035 0848 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:33:48.0037 0848 hidserv - ok
21:33:48.0396 0848 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:33:48.0396 0848 HidUsb - ok
21:33:48.0746 0848 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:33:48.0746 0848 hkmsvc - ok
21:33:48.0906 0848 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:33:48.0911 0848 HomeGroupListener - ok
21:33:48.0986 0848 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:33:48.0991 0848 HomeGroupProvider - ok
21:33:49.0216 0848 [ 71297BD56776F90866423D14B963A5C8 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
21:33:49.0221 0848 hotcore3 - ok
21:33:49.0621 0848 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:33:49.0621 0848 HP Support Assistant Service - ok
21:33:49.0871 0848 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:33:49.0871 0848 HPDrvMntSvc.exe - ok
21:33:50.0286 0848 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:33:50.0286 0848 hpdskflt - ok
21:33:50.0781 0848 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:33:51.0016 0848 hpqcxs08 - ok
21:33:51.0291 0848 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:33:51.0296 0848 HpqKbFiltr - ok
21:33:51.0691 0848 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:33:51.0701 0848 hpqwmiex - ok
21:33:52.0556 0848 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:33:52.0811 0848 HpSAMD - ok
21:33:53.0101 0848 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:33:53.0136 0848 HPSLPSVC - ok
21:33:53.0766 0848 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
21:33:53.0771 0848 hpsrv - ok
21:33:54.0126 0848 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:33:54.0131 0848 HTTP - ok
21:33:54.0181 0848 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:33:54.0181 0848 hwpolicy - ok
21:33:54.0631 0848 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:33:54.0631 0848 i8042prt - ok
21:33:55.0021 0848 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:33:55.0041 0848 iaStorV - ok
21:33:55.0251 0848 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:33:55.0296 0848 idsvc - ok
21:33:55.0786 0848 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:33:55.0851 0848 igfx - ok
21:33:55.0961 0848 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:33:56.0321 0848 iirsp - ok
21:33:56.0631 0848 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:33:56.0641 0848 IKEEXT - ok
21:33:56.0881 0848 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:33:57.0416 0848 intelide - ok
21:33:57.0626 0848 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:33:57.0626 0848 intelppm - ok
21:33:57.0826 0848 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:33:57.0826 0848 IPBusEnum - ok
21:33:57.0881 0848 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:57.0881 0848 IpFilterDriver - ok
21:33:58.0121 0848 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:33:58.0126 0848 iphlpsvc - ok
21:33:58.0295 0848 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:33:58.0297 0848 IPMIDRV - ok
21:33:58.0611 0848 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:33:59.0086 0848 IPNAT - ok
21:33:59.0472 0848 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:33:59.0482 0848 iPod Service - ok
21:33:59.0731 0848 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:33:59.0733 0848 IRENUM - ok
21:33:59.0938 0848 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:33:59.0939 0848 isapnp - ok
21:34:00.0176 0848 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:34:00.0504 0848 iScsiPrt - ok
21:34:00.0620 0848 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:34:00.0622 0848 kbdclass - ok
21:34:00.0864 0848 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:34:00.0865 0848 kbdhid - ok
21:34:00.0875 0848 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:34:00.0877 0848 KeyIso - ok
21:34:01.0076 0848 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:34:01.0253 0848 KSecDD - ok
21:34:01.0423 0848 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:34:01.0603 0848 KSecPkg - ok
21:34:01.0848 0848 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:34:01.0848 0848 ksthunk - ok
21:34:01.0968 0848 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:34:01.0973 0848 KtmRm - ok
21:34:02.0283 0848 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:34:02.0288 0848 LanmanServer - ok
21:34:02.0546 0848 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:34:02.0548 0848 LanmanWorkstation - ok
21:34:02.0794 0848 [ D4817C708EFED5AE6F46EC36B77E51A7 ] lfsfilt C:\Windows\system32\DRIVERS\lfsfilt.sys
21:34:02.0800 0848 lfsfilt - ok
21:34:03.0237 0848 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:34:03.0295 0848 LightScribeService - ok
21:34:03.0565 0848 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:34:03.0566 0848 lltdio - ok
21:34:03.0760 0848 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:34:03.0768 0848 lltdsvc - ok
21:34:03.0929 0848 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:34:03.0931 0848 lmhosts - ok
21:34:04.0082 0848 [ E51CFC637080BB59BA1CDC168B657930 ] lpx C:\Windows\system32\DRIVERS\lpx6x.sys
21:34:04.0086 0848 lpx - ok
21:34:04.0683 0848 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:34:04.0880 0848 LSI_FC - ok
21:34:05.0205 0848 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:34:05.0210 0848 LSI_SAS - ok
21:34:05.0425 0848 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:34:05.0517 0848 LSI_SAS2 - ok
21:34:05.0808 0848 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:34:05.0810 0848 LSI_SCSI - ok
21:34:07.0052 0848 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:34:07.0053 0848 luafv - ok
21:34:07.0387 0848 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:34:07.0387 0848 Mcx2Svc - ok
21:34:08.0098 0848 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:34:08.0100 0848 MDM - ok
21:34:08.0130 0848 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:34:08.0131 0848 megasas - ok
21:34:08.0300 0848 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:34:08.0306 0848 MegaSR - ok
21:34:08.0687 0848 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:34:09.0439 0848 MMCSS - ok
21:34:09.0495 0848 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:34:09.0496 0848 Modem - ok
21:34:09.0708 0848 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:34:09.0708 0848 monitor - ok
21:34:10.0012 0848 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:34:10.0017 0848 mouclass - ok
21:34:10.0277 0848 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:34:10.0277 0848 mouhid - ok
21:34:10.0778 0848 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:34:10.0783 0848 mountmgr - ok
21:34:11.0043 0848 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:34:11.0048 0848 MpFilter - ok
21:34:11.0298 0848 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:34:11.0303 0848 mpio - ok
21:34:11.0578 0848 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:34:11.0578 0848 mpsdrv - ok
21:34:11.0658 0848 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:34:11.0668 0848 MpsSvc - ok
21:34:11.0713 0848 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:34:11.0718 0848 MRxDAV - ok
21:34:11.0753 0848 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:34:11.0753 0848 mrxsmb - ok
21:34:11.0778 0848 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:34:11.0783 0848 mrxsmb10 - ok
21:34:11.0803 0848 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:34:11.0803 0848 mrxsmb20 - ok
21:34:11.0953 0848 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:34:11.0953 0848 msahci - ok
21:34:12.0048 0848 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:34:12.0053 0848 msdsm - ok
21:34:12.0128 0848 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:34:12.0128 0848 MSDTC - ok
21:34:12.0548 0848 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:34:12.0553 0848 Msfs - ok
21:34:12.0719 0848 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:34:12.0721 0848 mshidkmdf - ok
21:34:13.0008 0848 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:34:13.0010 0848 msisadrv - ok
21:34:13.0813 0848 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:34:14.0023 0848 MSiSCSI - ok
21:34:14.0038 0848 msiserver - ok
21:34:14.0333 0848 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:34:14.0338 0848 MSKSSRV - ok
21:34:14.0768 0848 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:34:14.0768 0848 MsMpSvc - ok
21:34:14.0968 0848 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:34:14.0973 0848 MSPCLOCK - ok
21:34:15.0073 0848 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:34:15.0073 0848 MSPQM - ok
21:34:15.0153 0848 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:34:15.0163 0848 MsRPC - ok
21:34:15.0403 0848 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:34:15.0403 0848 mssmbios - ok
21:34:15.0778 0848 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:34:15.0778 0848 MSTEE - ok
21:34:15.0883 0848 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:34:15.0883 0848 MTConfig - ok
21:34:15.0938 0848 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:34:15.0938 0848 Mup - ok
21:34:16.0708 0848 mysql - ok
21:34:16.0753 0848 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:34:16.0763 0848 napagent - ok
21:34:16.0953 0848 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:34:16.0958 0848 NativeWifiP - ok
21:34:17.0263 0848 [ 277133AAF997474CA218F686B17B997C ] ndasbus C:\Windows\system32\DRIVERS\ndasbus.sys
21:34:17.0268 0848 ndasbus - ok
21:34:17.0423 0848 [ 742F32034AF7AAFCCB6EF1FEA194FCEF ] ndasfat C:\Windows\system32\DRIVERS\ndasfat.sys
21:34:17.0433 0848 ndasfat - ok
21:34:18.0334 0848 [ 2B2678EE7F15B0F9DBBDF32C6EADC30A ] ndasfs C:\Windows\system32\DRIVERS\ndasfs.sys
21:34:18.0344 0848 ndasfs - ok
21:34:18.0634 0848 [ A485A1764C4F92961E548C19C25EBB84 ] ndasrofs C:\Windows\system32\DRIVERS\ndasrofs.sys
21:34:18.0644 0848 ndasrofs - ok
21:34:18.0819 0848 [ EBED72803B6959EED610513C4DBDB2DB ] ndasscsi C:\Windows\system32\DRIVERS\ndasscsi.sys
21:34:18.0824 0848 ndasscsi - ok
21:34:19.0484 0848 [ 4B5A4CAED7A3FEDBE1BA57707D8C7F74 ] ndassvc C:\Program Files\NDAS\System\ndassvc.exe
21:34:19.0484 0848 ndassvc - ok
21:34:19.0829 0848 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:34:19.0864 0848 NDIS - ok
21:34:20.0019 0848 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:34:20.0019 0848 NdisCap - ok
21:34:20.0214 0848 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:34:20.0214 0848 NdisTapi - ok
21:34:20.0409 0848 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:34:20.0409 0848 Ndisuio - ok
21:34:20.0469 0848 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:34:20.0474 0848 NdisWan - ok
21:34:20.0499 0848 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:34:20.0499 0848 NDProxy - ok
21:34:20.0999 0848 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:34:21.0009 0848 Nero BackItUp Scheduler 4.0 - ok
21:34:21.0184 0848 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:34:21.0184 0848 Net Driver HPZ12 - ok
21:34:21.0429 0848 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:34:21.0434 0848 NetBIOS - ok
21:34:21.0474 0848 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:34:21.0479 0848 NetBT - ok
21:34:21.0509 0848 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:34:21.0509 0848 Netlogon - ok
21:34:22.0359 0848 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:34:22.0364 0848 Netman - ok
21:34:22.0754 0848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:34:23.0044 0848 NetMsmqActivator - ok
21:34:23.0234 0848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:34:23.0234 0848 NetPipeActivator - ok
21:34:23.0825 0848 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:34:23.0829 0848 netprofm - ok
21:34:25.0499 0848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:34:25.0499 0848 NetTcpActivator - ok
21:34:25.0514 0848 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:34:25.0514 0848 NetTcpPortSharing - ok
21:34:25.0804 0848 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:25.0809 0848 nfrd960 - ok
21:34:26.0216 0848 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:34:26.0218 0848 NisDrv - ok
21:34:27.0272 0848 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:34:27.0327 0848 NisSrv - ok
21:34:27.0535 0848 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:34:27.0539 0848 NlaSvc - ok
21:34:27.0795 0848 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:34:27.0796 0848 Npfs - ok
21:34:28.0055 0848 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:34:28.0057 0848 nsi - ok
21:34:28.0126 0848 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:34:28.0127 0848 nsiproxy - ok
21:34:28.0295 0848 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:34:28.0353 0848 Ntfs - ok
21:34:28.0477 0848 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:34:28.0477 0848 Null - ok
21:34:28.0592 0848 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:34:28.0597 0848 nvraid - ok
21:34:28.0617 0848 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:34:28.0617 0848 nvstor - ok
21:34:28.0737 0848 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:34:28.0737 0848 nv_agp - ok
21:34:29.0049 0848 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:34:29.0057 0848 odserv - ok
21:34:29.0308 0848 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:34:29.0310 0848 ohci1394 - ok
21:34:29.0600 0848 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:34:29.0603 0848 ose - ok
21:34:29.0823 0848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:34:29.0829 0848 p2pimsvc - ok
21:34:29.0978 0848 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:34:29.0986 0848 p2psvc - ok
21:34:30.0184 0848 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:34:30.0187 0848 Parport - ok
21:34:30.0459 0848 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:34:30.0461 0848 partmgr - ok
21:34:30.0998 0848 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:34:31.0001 0848 PcaSvc - ok
21:34:31.0019 0848 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:34:31.0022 0848 pci - ok
21:34:31.0301 0848 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:34:31.0502 0848 pciide - ok
21:34:31.0644 0848 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:31.0648 0848 pcmcia - ok
21:34:31.0690 0848 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:34:31.0693 0848 pcw - ok
21:34:32.0439 0848 [ 6674663315CBD028E4E762A717820A88 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
21:34:32.0444 0848 PDFProFiltSrv - ok
21:34:32.0619 0848 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:34:32.0624 0848 PEAUTH - ok
21:34:33.0266 0848 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:34:33.0300 0848 PeerDistSvc - ok
21:34:33.0854 0848 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:34:33.0857 0848 PerfHost - ok
21:34:34.0119 0848 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:34:34.0164 0848 pla - ok
21:34:34.0312 0848 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:34:34.0317 0848 PlugPlay - ok
21:34:34.0474 0848 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:34:34.0476 0848 Pml Driver HPZ12 - ok
21:34:34.0612 0848 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:34:34.0616 0848 PNRPAutoReg - ok
21:34:34.0670 0848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:34:34.0674 0848 PNRPsvc - ok
21:34:35.0143 0848 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:34:35.0145 0848 Point64 - ok
21:34:35.0217 0848 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:34:35.0222 0848 PolicyAgent - ok
21:34:35.0305 0848 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:34:35.0308 0848 Power - ok
21:34:35.0555 0848 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:34:35.0556 0848 PptpMiniport - ok
21:34:35.0780 0848 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:34:35.0782 0848 Processor - ok
21:34:36.0104 0848 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:34:36.0107 0848 ProfSvc - ok
21:34:36.0131 0848 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:34:36.0133 0848 ProtectedStorage - ok
21:34:36.0341 0848 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:34:36.0341 0848 Psched - ok
21:34:36.0635 0848 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:34:36.0639 0848 PxHlpa64 - ok
21:34:36.0790 0848 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:34:36.0859 0848 ql2300 - ok
21:34:36.0941 0848 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:36.0944 0848 ql40xx - ok
21:34:37.0341 0848 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:34:37.0346 0848 QWAVE - ok
21:34:37.0361 0848 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:34:37.0361 0848 QWAVEdrv - ok
21:34:37.0571 0848 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:34:37.0571 0848 RasAcd - ok
21:34:37.0905 0848 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:37.0906 0848 RasAgileVpn - ok
21:34:37.0992 0848 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:34:37.0996 0848 RasAuto - ok
21:34:38.0277 0848 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:38.0278 0848 Rasl2tp - ok
21:34:38.0321 0848 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:34:38.0325 0848 RasMan - ok
21:34:38.0664 0848 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:38.0666 0848 RasPppoe - ok
21:34:38.0780 0848 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:34:38.0785 0848 RasSstp - ok
21:34:38.0880 0848 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:34:38.0885 0848 rdbss - ok
21:34:39.0395 0848 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:39.0395 0848 rdpbus - ok
21:34:39.0410 0848 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:39.0410 0848 RDPCDD - ok
21:34:39.0475 0848 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:34:39.0475 0848 RDPDR - ok
21:34:39.0565 0848 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:34:39.0565 0848 RDPENCDD - ok
21:34:39.0730 0848 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:34:39.0730 0848 RDPREFMP - ok
21:34:39.0910 0848 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:34:39.0913 0848 RDPWD - ok
21:34:40.0252 0848 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:34:40.0256 0848 rdyboost - ok
21:34:40.0421 0848 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:34:40.0424 0848 RemoteAccess - ok
21:34:40.0560 0848 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:34:41.0391 0848 RemoteRegistry - ok
21:34:42.0049 0848 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
21:34:42.0084 0848 RoxMediaDB12 - ok
21:34:42.0251 0848 [ 71B38B8DF1A9B55FC0FB64958CC7B9DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
21:34:42.0254 0848 RoxWatch12 - ok
21:34:42.0502 0848 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:34:42.0505 0848 RpcEptMapper - ok
21:34:42.0644 0848 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:34:42.0646 0848 RpcLocator - ok
21:34:42.0787 0848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:34:42.0792 0848 RpcSs - ok
21:34:42.0967 0848 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:34:42.0972 0848 rspndr - ok
21:34:43.0342 0848 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:34:43.0342 0848 RTL8167 - ok
21:34:43.0546 0848 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:34:43.0548 0848 s3cap - ok
21:34:43.0833 0848 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\Windows\system32\Drivers\Sahdad64.sys
21:34:43.0835 0848 Sahdad64 - ok
21:34:43.0850 0848 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\Windows\system32\Drivers\Saibad64.sys
21:34:43.0852 0848 Saibad64 - ok
21:34:44.0180 0848 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\Windows\system32\Drivers\SaibVdAd64.sys
21:34:44.0180 0848 SaibVdAd64 - ok
21:34:44.0225 0848 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:34:44.0227 0848 SamSs - ok
21:34:44.0653 0848 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:34:44.0657 0848 sbp2port - ok
21:34:44.0808 0848 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:34:44.0812 0848 SCardSvr - ok
21:34:44.0927 0848 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:34:44.0929 0848 scfilter - ok
21:34:45.0035 0848 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:34:45.0044 0848 Schedule - ok
21:34:45.0185 0848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:34:45.0186 0848 SCPolicySvc - ok
21:34:45.0242 0848 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:34:45.0247 0848 SDRSVC - ok
21:34:45.0490 0848 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:34:45.0490 0848 secdrv - ok
21:34:45.0606 0848 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:34:45.0720 0848 seclogon - ok
21:34:45.0823 0848 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:34:45.0827 0848 SENS - ok
21:34:46.0268 0848 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:34:46.0388 0848 SensrSvc - ok
21:34:46.0623 0848 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:34:46.0688 0848 Serenum - ok
21:34:46.0827 0848 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:34:46.0943 0848 Serial - ok
21:34:47.0228 0848 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:34:47.0230 0848 sermouse - ok
21:34:47.0485 0848 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:34:47.0510 0848 SessionEnv - ok
21:34:47.0855 0848 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:34:47.0855 0848 sffdisk - ok
21:34:47.0910 0848 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:34:47.0910 0848 sffp_mmc - ok
21:34:48.0000 0848 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:34:48.0000 0848 sffp_sd - ok
21:34:48.0497 0848 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:48.0499 0848 sfloppy - ok
21:34:48.0666 0848 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:34:48.0670 0848 SharedAccess - ok
21:34:48.0812 0848 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:34:48.0817 0848 ShellHWDetection - ok
21:34:49.0061 0848 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:49.0063 0848 SiSRaid2 - ok
21:34:49.0161 0848 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:49.0163 0848 SiSRaid4 - ok
21:34:49.0468 0848 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:34:49.0469 0848 SkypeUpdate - ok
21:34:49.0702 0848 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:34:49.0705 0848 Smb - ok
21:34:49.0910 0848 [ B84440E7554FC85E900EEF0A7AABA228 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:34:49.0915 0848 snapman - ok
21:34:50.0129 0848 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:34:50.0131 0848 SNMPTRAP - ok
21:34:50.0381 0848 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:34:50.0382 0848 spldr - ok
21:34:50.0683 0848 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:34:50.0692 0848 Spooler - ok
21:34:50.0917 0848 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:34:50.0942 0848 sppsvc - ok
21:34:51.0189 0848 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:34:51.0192 0848 sppuinotify - ok
21:34:51.0332 0848 sptd - ok
21:34:51.0532 0848 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:34:51.0535 0848 srv - ok
21:34:51.0547 0848 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:34:51.0549 0848 srv2 - ok
21:34:51.0608 0848 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:34:51.0610 0848 srvnet - ok
21:34:51.0769 0848 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:34:51.0774 0848 SSDPSRV - ok
21:34:51.0799 0848 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:34:51.0802 0848 SstpSvc - ok
21:34:54.0639 0848 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
21:34:54.0642 0848 STacSV - ok
21:34:55.0057 0848 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
21:34:55.0062 0848 StarWindServiceAE - ok
21:34:55.0272 0848 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:34:55.0274 0848 stexstor - ok
21:34:55.0433 0848 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:34:55.0438 0848 STHDA - ok
21:34:55.0532 0848 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:34:55.0539 0848 stisvc - ok
21:34:55.0598 0848 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:34:55.0599 0848 storflt - ok
21:34:55.0678 0848 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:34:55.0682 0848 StorSvc - ok
21:34:55.0722 0848 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:34:55.0724 0848 storvsc - ok
21:34:56.0342 0848 [ 3B75C6F37B35F911B094D86C80BE5724 ] Stuffit Archive Name Service C:\Program Files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe
21:34:56.0346 0848 Stuffit Archive Name Service - ok
21:34:56.0926 0848 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:34:56.0980 0848 swenum - ok
21:34:57.0625 0848 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:34:57.0691 0848 SwitchBoard - ok
21:34:57.0806 0848 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:34:57.0827 0848 swprv - ok
21:34:58.0005 0848 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:34:58.0095 0848 SynTP - ok
21:34:58.0197 0848 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:34:58.0210 0848 SysMain - ok
21:34:58.0252 0848 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:34:58.0255 0848 TabletInputService - ok
21:34:58.0372 0848 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:34:58.0379 0848 TapiSrv - ok
21:34:58.0475 0848 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:34:58.0478 0848 TBS - ok
21:34:58.0635 0848 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:34:58.0772 0848 Tcpip - ok
21:34:58.0904 0848 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:34:58.0920 0848 TCPIP6 - ok
21:34:59.0001 0848 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:34:59.0002 0848 tcpipreg - ok
21:34:59.0213 0848 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:34:59.0213 0848 TDPIPE - ok
21:34:59.0248 0848 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:34:59.0248 0848 TDTCP - ok
21:34:59.0288 0848 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:34:59.0288 0848 tdx - ok
21:34:59.0358 0848 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:34:59.0358 0848 TermDD - ok
21:34:59.0443 0848 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:34:59.0503 0848 TermService - ok
21:34:59.0798 0848 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:34:59.0798 0848 Themes - ok
21:34:59.0928 0848 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:34:59.0933 0848 THREADORDER - ok
21:35:00.0058 0848 [ FE95379561B6554611F47E29F48EE931 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
21:35:00.0060 0848 tifsfilter - ok
21:35:00.0095 0848 [ 2D0DC8F1578CF9C1434FD41DE46FA00A ] timounter C:\Windows\system32\DRIVERS\timntr.sys
21:35:00.0113 0848 timounter - ok
21:35:00.0202 0848 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:35:00.0205 0848 TrkWks - ok
21:35:00.0628 0848 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:35:00.0633 0848 TrustedInstaller - ok
21:35:00.0716 0848 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:00.0718 0848 tssecsrv - ok
21:35:00.0862 0848 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:35:00.0864 0848 TsUsbFlt - ok
21:35:00.0951 0848 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:35:00.0952 0848 tunnel - ok
21:35:01.0014 0848 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:35:01.0016 0848 uagp35 - ok
21:35:01.0080 0848 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:35:01.0085 0848 udfs - ok
21:35:01.0161 0848 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:35:01.0164 0848 UI0Detect - ok
21:35:01.0227 0848 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:35:01.0229 0848 uliagpkx - ok
21:35:01.0339 0848 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:35:01.0339 0848 umbus - ok
21:35:01.0399 0848 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:35:01.0399 0848 UmPass - ok
21:35:01.0454 0848 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:35:01.0459 0848 UmRdpService - ok
21:35:01.0534 0848 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:35:01.0539 0848 upnphost - ok
21:35:01.0614 0848 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:35:01.0614 0848 USBAAPL64 - ok
21:35:01.0754 0848 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:01.0754 0848 usbccgp - ok
21:35:01.0819 0848 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:35:01.0824 0848 usbcir - ok
21:35:01.0869 0848 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:35:01.0874 0848 usbehci - ok
21:35:01.0949 0848 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:35:01.0954 0848 usbhub - ok
21:35:02.0009 0848 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:35:02.0009 0848 usbohci - ok
21:35:02.0099 0848 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:35:02.0099 0848 usbprint - ok
21:35:02.0194 0848 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:35:02.0194 0848 usbscan - ok
21:35:02.0224 0848 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:02.0224 0848 USBSTOR - ok
21:35:02.0402 0848 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:02.0403 0848 usbuhci - ok
21:35:02.0543 0848 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:35:02.0544 0848 usbvideo - ok
21:35:02.0625 0848 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:35:02.0627 0848 UxSms - ok
21:35:02.0682 0848 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:35:02.0684 0848 VaultSvc - ok
21:35:02.0770 0848 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:35:02.0771 0848 vdrvroot - ok
21:35:02.0927 0848 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:35:02.0948 0848 vds - ok
21:35:03.0032 0848 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:03.0033 0848 vga - ok
21:35:03.0140 0848 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:35:03.0141 0848 VgaSave - ok
21:35:03.0382 0848 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:35:03.0386 0848 vhdmp - ok
21:35:03.0450 0848 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:35:03.0451 0848 viaide - ok
21:35:03.0555 0848 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:35:03.0559 0848 vmbus - ok
21:35:03.0611 0848 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:35:03.0613 0848 VMBusHID - ok
21:35:03.0636 0848 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:35:03.0639 0848 volmgr - ok
21:35:03.0707 0848 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:35:03.0715 0848 volmgrx - ok
21:35:03.0763 0848 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:35:03.0769 0848 volsnap - ok
21:35:03.0877 0848 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:03.0882 0848 vsmraid - ok
21:35:03.0987 0848 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:35:04.0057 0848 VSS - ok
21:35:04.0072 0848 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:04.0072 0848 vwifibus - ok
21:35:04.0222 0848 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:04.0222 0848 vwififlt - ok
21:35:04.0307 0848 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:35:04.0327 0848 W32Time - ok
21:35:04.0357 0848 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:35:04.0357 0848 WacomPen - ok
21:35:04.0447 0848 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:35:04.0447 0848 WANARP - ok
21:35:04.0492 0848 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:35:04.0497 0848 Wanarpv6 - ok
21:35:04.0572 0848 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:35:04.0617 0848 WatAdminSvc - ok
21:35:04.0701 0848 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:35:04.0780 0848 wbengine - ok
21:35:04.0832 0848 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:35:04.0839 0848 WbioSrvc - ok
21:35:04.0937 0848 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:35:04.0946 0848 wcncsvc - ok
21:35:04.0987 0848 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:35:04.0991 0848 WcsPlugInService - ok
21:35:05.0083 0848 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:35:05.0320 0848 Wd - ok
21:35:05.0450 0848 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:35:05.0514 0848 Wdf01000 - ok
21:35:05.0657 0848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:35:05.0661 0848 WdiServiceHost - ok
21:35:05.0666 0848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:35:05.0666 0848 WdiSystemHost - ok
21:35:05.0706 0848 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:35:05.0711 0848 WebClient - ok
21:35:05.0790 0848 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:35:05.0797 0848 Wecsvc - ok
21:35:05.0874 0848 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:35:05.0878 0848 wercplsupport - ok
21:35:05.0954 0848 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:35:05.0956 0848 WerSvc - ok
21:35:06.0043 0848 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:06.0044 0848 WfpLwf - ok
21:35:06.0074 0848 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:35:06.0075 0848 WIMMount - ok
21:35:06.0105 0848 WinDefend - ok
21:35:06.0166 0848 WinHttpAutoProxySvc - ok
21:35:06.0369 0848 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:35:06.0372 0848 Winmgmt - ok
21:35:06.0489 0848 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:35:06.0547 0848 WinRM - ok
21:35:06.0649 0848 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:35:06.0651 0848 WinUsb - ok
21:35:06.0799 0848 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:35:06.0809 0848 Wlansvc - ok
21:35:07.0329 0848 [ A8E1DC28DC49C0C0AD59969B87049602 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:35:07.0354 0848 wlidsvc - ok
21:35:07.0489 0848 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:35:07.0489 0848 WmiAcpi - ok
21:35:07.0604 0848 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:35:07.0609 0848 wmiApSrv - ok
21:35:07.0704 0848 WMPNetworkSvc - ok
21:35:07.0809 0848 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:35:07.0809 0848 WPCSvc - ok
21:35:07.0864 0848 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:35:07.0869 0848 WPDBusEnum - ok
21:35:07.0929 0848 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:35:07.0929 0848 ws2ifsl - ok
21:35:08.0009 0848 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:35:08.0009 0848 wscsvc - ok
21:35:08.0069 0848 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:35:08.0074 0848 WSDPrintDevice - ok
21:35:08.0079 0848 WSearch - ok
21:35:08.0169 0848 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:35:08.0194 0848 wuauserv - ok
21:35:08.0249 0848 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:35:08.0249 0848 WudfPf - ok
21:35:08.0354 0848 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:08.0354 0848 WUDFRd - ok
21:35:08.0379 0848 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:35:08.0384 0848 wudfsvc - ok
21:35:08.0464 0848 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:35:08.0474 0848 WwanSvc - ok
21:35:08.0514 0848 ================ Scan global ===============================
21:35:08.0594 0848 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:35:08.0634 0848 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:35:08.0689 0848 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:35:08.0759 0848 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:35:08.0834 0848 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:35:08.0839 0848 [Global] - ok
21:35:08.0839 0848 ================ Scan MBR ==================================
21:35:08.0874 0848 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
21:35:09.0380 0848 \Device\Harddisk0\DR0 - ok
21:35:09.0418 0848 [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk2\DR2
21:35:12.0322 0848 \Device\Harddisk2\DR2 - ok
21:35:12.0322 0848 ================ Scan VBR ==================================
21:35:12.0347 0848 [ 2C140E6075C154E73C14814CAB7C5CE7 ] \Device\Harddisk0\DR0\Partition1
21:35:12.0347 0848 \Device\Harddisk0\DR0\Partition1 - ok
21:35:12.0392 0848 [ 15E05C0A36B74088DB7B8AC3186075E1 ] \Device\Harddisk0\DR0\Partition2
21:35:12.0397 0848 \Device\Harddisk0\DR0\Partition2 - ok
21:35:12.0413 0848 [ C7FCDFA175E7FA9485D3021EFFBA5F7E ] \Device\Harddisk0\DR0\Partition3
21:35:12.0414 0848 \Device\Harddisk0\DR0\Partition3 - ok
21:35:12.0429 0848 [ 0C9A0F2F16E69D094A7199E82643DBDC ] \Device\Harddisk2\DR2\Partition1
21:35:12.0441 0848 \Device\Harddisk2\DR2\Partition1 - ok
21:35:12.0483 0848 [ 1E4FB1AFB0937CF3BA41A40E6B9B2004 ] \Device\Harddisk2\DR2\Partition2
21:35:12.0486 0848 \Device\Harddisk2\DR2\Partition2 - ok
21:35:12.0490 0848 ============================================================
21:35:12.0490 0848 Scan finished
21:35:12.0490 0848 ============================================================
21:35:12.0546 5068 Detected object count: 0
21:35:12.0546 5068 Actual detected object count: 0
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Raymond.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:44 AM

Posted 04 October 2012 - 09:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users