Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup repair loop, can not boot from recovery files


  • This topic is locked This topic is locked
29 replies to this topic

#1 RKollas

RKollas

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 10 October 2012 - 01:47 AM

Here's a fun one for you, I recently picked up a google redirect on my netbook. while trying to get to rkill or an eset online scan, I decided to reboot the machine into safe mode with networking to see if it would make the downloading and searhing process more efficient. I was using both internet explorer and google chrome in my attmpts to repair the system with no luck, hence the move to safe mode. However, on reboot, the system went into system recovery mode.

Once in revoery mode, I tried the traditional startup repair, however, it finally came back saying that kdcom.dll was corrupted and could not be repaired. after some google searching from another computer, I came to the following sites:
http://www.geekstogo.com/forum/topic/308510-kdcomdll-is-corrupted-cant-access-normal-or-safe-mode/
http://forums.techguy.org/windows-7/1024998-kdcom-dll-windows-7-corrupt.html
http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html

Following the directions on those sites, I've still had no luck being able to boot into safe mode or anything else. In the case of copying kdcom.dll, I used a copy from my working machine to copy over, keeping a copy of the original in the open directory of the troubled computer. Furthermore, I attempted to us one of my Windows 7 upgrade disks, however I could not manage to boot from those either to get to a recovery console. The computer itself has a recovery partition, but I'm unable to reach that as well. I'm out of ideas on what I can do to get this machine working. Thanks for the assistance.

BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 11 October 2012 - 06:20 PM

Hello RKollas :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Posted Image Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach or post this log to your next reply.


#3 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 11 October 2012 - 11:40 PM

ok, here is the Farbar log, in line and attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 11-10-2012 23:36:29
Running from H:\repair
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9398888 2010-10-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-10-31] (Synaptics Incorporated)
HKLM\...\Run: [SmartWiHelper] "C:\Program Files\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM\...\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [233472 2008-03-14] (PowerISO Computing, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2009-08-25] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124224 2010-10-22] (McAfee, Inc.)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [x]
HKLM\...\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [x]
HKLM\...\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\" [155648 2010-01-26] (Silanis Technology Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047656 2011-07-06] (Malwarebytes Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-07-12] (RealNetworks, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [NWTRAY] NWTRAY.EXE [x]
HKU\Robert\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Robert\...\Run: [Facebook Update] "C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Robert\...\Run: [AMD] rundll32.exe "C:\Users\Robert\AppData\Local\ArcSoft\AMD\hmufisxl.dll",DllRegisterServerW [361984 2012-10-02] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Robert\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

==================== Services (Whitelisted) ===================

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [284160 2011-01-06] (Advanced Micro Devices, Inc.)
2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [140224 2010-06-17] (Advanced Micro Devices)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-07-06] (Malwarebytes Corporation)
2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [22816 2010-10-22] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
2 McShield; "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" [147984 2010-10-22] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-10-22] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [69192 2010-10-22] (McAfee, Inc.)
2 Oasis2Service; "C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe" [53248 2012-02-09] (Digital Delivery Networks, Inc.)
2 RosettaStoneLtdController; "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" [352312 2008-09-16] (Rosetta Stone Ltd.)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [189048 2011-01-29] (Sony Corporation)
3 SOHCImp; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-09-10] (Sony Corporation)
3 SOHDms; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe" [423280 2010-10-12] (Sony Corporation)
3 SOHDs; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-09-10] (Sony Corporation)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe" [222464 2010-09-27] (Sony Corporation)
2 stdiscover; "C:\Program Files\Sun\servicetag\stdiscoverer.exe" [71680 2008-01-25] ()
2 stlisten; "C:\Program Files\Sun\servicetag\stlisten.exe" [80384 2008-01-25] ()
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [864000 2010-09-27] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [549168 2010-10-25] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [387896 2010-10-25] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [44736 2011-02-14] (Sony Corporation)
2 vpnagent; "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [537592 2012-08-03] (Cisco Systems, Inc.)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [939624 2012-01-13] (Sony Corporation)
2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [16984 2011-05-04] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [63616 2010-11-05] (Advanced Micro Devices)
0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [32384 2010-11-05] (Advanced Micro Devices)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2010-12-03] (ATI Technologies, Inc.)
3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-10-31] (Broadcom Corporation.)
3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [76024 2010-10-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91896 2010-10-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43192 2010-10-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [344712 2010-10-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [66536 2010-10-22] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [64208 2010-10-22] (McAfee, Inc.)
3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [448896 2007-12-20] (DiBcom)
4 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [91224 2011-05-04] ()
2 NCFSD; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [88664 2011-05-04] ()
2 NCIOCTL; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [59992 2011-05-04] ()
4 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [110680 2011-05-04] ()
4 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [22616 2011-05-04] ()
1 NICM; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [27224 2011-05-04] (Novell, Inc.)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13312 2011-07-19] (June Fabrics Technology Inc.)
3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59136 2010-11-11] (SCM Microsystems Inc.)
3 catchme; \??\C:\Users\Robert\AppData\Local\Temp\catchme.sys [x]
2 IAStorDataMgrSvc; [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
2 MSSQL$DDNI; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-11 23:36 - 2012-10-11 23:36 - 00000000 ____D C:\FRST
2012-10-10 01:08 - 2012-10-10 01:08 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-10-03 20:33 - 2012-10-09 08:35 - 00000000 ____D C:\Users\Robert\AppData\Local\{64B5E500-10EB-4B02-ABF1-0C223F3B70CD}
2012-09-26 13:54 - 2012-09-29 13:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{5F397F37-B7EB-4A13-AAB2-8596409E0387}
2012-09-26 12:29 - 2012-09-26 12:29 - 00000000 ____D C:\Users\Robert\AppData\Local\{8D2DD6BA-1B9D-4507-8738-66AEAE67FCE7}
2012-09-26 10:51 - 2012-09-26 10:51 - 00232592 ____A C:\Windows\Minidump\092612-69498-01.dmp
2012-09-25 17:40 - 2012-08-21 12:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-24 17:31 - 2012-09-25 17:27 - 00000000 ____D C:\Users\Robert\AppData\Local\{3029FFBE-4F50-4F5A-BDF2-E69F21160BE2}
2012-09-24 10:57 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-24 10:57 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-24 10:57 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-24 10:57 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-24 10:57 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-24 10:57 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-24 10:57 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-24 10:57 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-24 10:57 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-24 10:57 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-24 10:57 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-24 10:57 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-24 10:57 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-24 10:57 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-24 10:57 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-24 10:57 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-14 09:27 - 2012-09-17 10:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{DB6F4513-D3EE-40AC-AAAC-72A128BA0A2D}
2012-09-13 19:24 - 2012-09-13 19:24 - 00000000 ____D C:\Users\Robert\AppData\Local\{3A417E83-FC24-4233-9CA9-C798105256C2}
2012-09-12 07:19 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 07:19 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 07:19 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 07:19 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 07:19 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 07:19 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-12 07:06 - 2012-09-12 07:06 - 00000000 ____D C:\Users\Robert\AppData\Local\{8552AA0F-92CF-4754-B7D3-DFACDF2DEFFB}
2012-09-11 11:16 - 2012-09-11 11:16 - 00000000 ____D C:\Users\Robert\AppData\Local\{777B6B19-5FA1-40E5-82AF-30D404BBD7B4}

==================== 3 Months Modified Files ==================

2012-10-05 01:50 - 2011-03-16 20:40 - 01539970 ____A C:\Windows\WindowsUpdate.log
2012-10-05 01:47 - 2012-08-23 06:18 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-05 01:15 - 2011-11-25 20:04 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3395484017-3835033656-2980198702-1001UA.job
2012-10-05 01:14 - 2012-04-06 20:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-04 19:15 - 2011-11-25 20:04 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3395484017-3835033656-2980198702-1001Core.job
2012-10-04 10:47 - 2012-08-23 06:18 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-03 20:40 - 2009-07-13 20:34 - 00014144 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-03 20:40 - 2009-07-13 20:34 - 00014144 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-03 20:39 - 2010-09-24 12:49 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-03 20:31 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-03 20:31 - 2009-07-13 20:39 - 00079840 ____A C:\Windows\setupact.log
2012-09-26 10:51 - 2012-09-26 10:51 - 00232592 ____A C:\Windows\Minidump\092612-69498-01.dmp
2012-09-26 10:50 - 2012-09-10 17:13 - 392510607 ____A C:\Windows\MEMORY.DMP
2012-09-25 17:33 - 2012-08-23 06:20 - 00002324 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-24 09:21 - 2012-04-06 20:46 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-24 09:21 - 2011-07-13 03:31 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-13 19:32 - 2011-06-05 20:38 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-10 17:13 - 2012-09-10 17:13 - 00313072 ____A C:\Windows\Minidump\091012-25911-01.dmp
2012-09-10 14:59 - 2012-09-10 14:54 - 00000633 ____A C:\Users\All Users\NCIDebug.log
2012-09-10 14:53 - 2012-09-10 14:52 - 22401024 ____A C:\Users\Robert\Downloads\NC211172.exe
2012-09-04 19:29 - 2011-08-09 21:35 - 00005170 ____A C:\Windows\IE9_main.log
2012-09-04 19:28 - 2012-09-04 19:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-04 19:28 - 2012-09-04 19:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-04 19:28 - 2012-09-04 19:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-04 19:28 - 2012-09-04 19:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-04 19:28 - 2012-09-04 19:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-04 19:28 - 2012-09-04 19:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-29 14:12 - 2012-08-29 14:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
2012-08-29 12:32 - 2011-03-16 22:21 - 00312848 ____A C:\Windows\PFRO.log
2012-08-23 23:27 - 2012-09-24 10:57 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-24 10:57 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-24 10:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-24 10:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-24 10:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-24 10:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-24 10:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-24 10:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-24 10:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-24 10:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-24 10:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-24 10:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-24 10:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:44 - 2012-09-24 10:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:43 - 2012-09-24 10:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-24 10:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 06:39 - 2012-08-23 06:40 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-23 06:39 - 2012-08-23 06:40 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-23 06:39 - 2012-08-23 06:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-23 06:39 - 2012-08-23 06:39 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-23 06:39 - 2012-08-23 06:39 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-08-22 21:43 - 2011-06-05 19:29 - 00000021 ____A C:\Windows\Model.txt
2012-08-22 21:43 - 2011-06-05 19:29 - 00000000 ____A C:\Windows\Model.log
2012-08-22 09:16 - 2012-09-12 07:19 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 09:16 - 2012-09-12 07:19 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 09:16 - 2012-09-12 07:19 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 09:16 - 2012-09-12 07:19 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 12:12 - 2012-09-25 17:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-15 00:29 - 2009-07-13 20:33 - 00431528 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-03 11:52 - 2012-08-03 11:52 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\System32\vpnevents.dll
2012-08-03 11:52 - 2012-08-03 11:52 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\System32\vpncategories.dll
2012-08-03 11:38 - 2012-08-03 11:38 - 00087976 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock.sys
2012-08-03 11:38 - 2012-08-03 11:38 - 00023976 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\vpnva.sys
2012-08-03 10:53 - 2012-08-03 10:53 - 00145912 ____A (Cisco Systems, Inc.) C:\Windows\System32\vpnweb.ocx
2012-08-02 08:57 - 2012-09-12 07:19 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-18 09:47 - 2012-08-14 19:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-10 14:54:23
Restore point made on: 2012-09-10 14:54:58
Restore point made on: 2012-09-10 14:58:02
Restore point made on: 2012-09-13 19:29:39
Restore point made on: 2012-09-18 10:20:54
Restore point made on: 2012-09-24 09:30:10
Restore point made on: 2012-09-24 10:57:01
Restore point made on: 2012-09-26 00:00:43
Restore point made on: 2012-09-29 13:20:40
Restore point made on: 2012-10-05 01:51:25
Restore point made on: 2012-10-09 01:51:13

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3690.9 MB
Available physical RAM: 3210.23 MB
Total Pagefile: 3689.18 MB
Available Pagefile: 3217.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.48 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:456.66 GB) (Free:386.76 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:9.01 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:7.45 GB) (Free:2.08 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 7638 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 456 GB 9 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Recovery NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 456 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 4032 KB

=========================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7634 MB Healthy

=========================================================

Last Boot: 2012-10-05 21:02

==================== End Of Log ============================

Attached Files



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 11 October 2012 - 11:59 PM

  • Download ListParts to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:\listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

#5 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 12:57 AM

Here is the listparts log file. I'm posting from another machine as the infected machine can not boot into normal mode, it will only boot to the recovery options.

ListParts by Farbar Version: 02-10-2012
Ran by SYSTEM (administrator) on 12-10-2012 at 00:54:44
Windows 7 (X86)
Running From: H:\repair
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 3690.9 MB
Available physical RAM: 3308.96 MB
Total Pagefile: 3689.18 MB
Available Pagefile: 3307.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.54 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:456.66 GB) (Free:386.76 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:9.01 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: () (Removable) (Total:7.45 GB) (Free:2.08 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 7638 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 456 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Recovery NTFS Partition 9 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 456 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7634 MB Healthy

======================================================================================================

****** End Of Log ******

Attached Files



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 12 October 2012 - 01:07 AM

Download:
Save it to the flash drive where ListParts.exe is located.


Next

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:\listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Fix button.
  • ListParts will process the script in Fix.txt
  • When finished please press the Scan button.
  • A log Result.txt will be saved to the flash drive.
[*]Close the command window.
[*]Now try to boot the computer normally and post the Result.txt log please.
[/list]

Edited by thisisu, 12 October 2012 - 01:10 AM.


#7 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 01:14 AM

Here is the new result file. Rebooted the system and it is currently logging in under normal mode (Still sending from other computer.)

ListParts by Farbar Version: 02-10-2012
Ran by SYSTEM (administrator) on 12-10-2012 at 00:54:44
Windows 7 (X86)
Running From: H:\repair
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 3690.9 MB
Available physical RAM: 3308.96 MB
Total Pagefile: 3689.18 MB
Available Pagefile: 3307.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.54 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:456.66 GB) (Free:386.76 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:9.01 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: () (Removable) (Total:7.45 GB) (Free:2.08 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 7638 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 456 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Recovery NTFS Partition 9 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 456 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7634 MB Healthy

======================================================================================================

****** End Of Log ******

Attached Files



#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 12 October 2012 - 01:27 AM

Hi,

It does not seem that the log was updated.
You're able to boot normally now?

If so:

Please perform the following scan (from Normal Mode):

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Edited by thisisu, 12 October 2012 - 01:28 AM.


#9 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 01:42 AM

here is the DDS log file, let me know if you need the attach file as well. This is being posted from the subject computer.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Robert at 1:32:37 on 2012-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3579.2267 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Sun\servicetag\stdiscoverer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sun\servicetag\stlisten.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\robert\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AMD] rundll32.exe "c:\users\robert\appdata\local\arcsoft\amd\hmufisxl.dll",DllRegisterServerW
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [AprvRemoveLegacyExcelKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\excel\addins\OfficeAddIn.OfficeAddIn
mRun: [AprvRemoveLegacyWordKeys] "c:\program files\approveit\support\tools\aprvclean.exe" -k hkcu software\microsoft\office\word\addins\OfficeAddIn.OfficeAddIn
mRun: [ApproveItForOfficeSetup] "c:\program files\approveit\support\tools\approveitforofficesetup.exe " /1 /p "c:\program files\approveit\"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [NWTRAY] NWTRAY.EXE
StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\approv~1.lnk - c:\windows\installer\{4e01b649-0023-4eb5-9263-57de317c3418}\Icon9557F1BC1.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://secure.niu.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3}\45865602357716D607 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3}\742716E646D616 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3}\A457E6364796F6E6 : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3}\E4945577962756C6563737 : DhcpNameServer = 131.156.1.11 131.156.126.2
TCP: Interfaces\{FDD542F5-8E5E-415D-BCA2-C254B251AA0B} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 ncv1_0
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-3-17 63616]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-3-17 32384]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-7 344712]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-16 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-30 6575104]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-30 229888]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-3-17 17408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-5 102416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-1 68208]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-7 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-7 43192]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-8-3 87976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-3-17 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-17 33320]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-4 39272]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-7 66536]
.
=============== Created Last 30 ================
.
2012-10-12 07:36:23 -------- d-----w- C:\FRST
2012-10-12 06:16:15 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9cb383b5-8502-4983-a7ba-e7c65cbb199f}\mpengine.dll
2012-10-10 02:39:41 120320 ----a-w- c:\programdata\microsoft\windows\drm\69E9.tmp
2012-10-04 04:33:20 -------- d-----w- c:\users\robert\appdata\local\{64B5E500-10EB-4B02-ABF1-0C223F3B70CD}
2012-09-26 21:54:34 -------- d-----w- c:\users\robert\appdata\local\{5F397F37-B7EB-4A13-AAB2-8596409E0387}
2012-09-26 20:29:10 -------- d-----w- c:\users\robert\appdata\local\{8D2DD6BA-1B9D-4507-8738-66AEAE67FCE7}
2012-09-26 01:40:37 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 01:31:59 -------- d-----w- c:\users\robert\appdata\local\{3029FFBE-4F50-4F5A-BDF2-E69F21160BE2}
2012-09-14 17:27:27 -------- d-----w- c:\users\robert\appdata\local\{DB6F4513-D3EE-40AC-AAAC-72A128BA0A2D}
2012-09-14 03:24:45 -------- d-----w- c:\users\robert\appdata\local\{3A417E83-FC24-4233-9CA9-C798105256C2}
2012-09-12 15:19:44 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:19:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:19:40 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:19:40 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:19:39 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:19:30 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:06:28 -------- d-----w- c:\users\robert\appdata\local\{8552AA0F-92CF-4754-B7D3-DFACDF2DEFFB}
.
==================== Find3M ====================
.
2012-09-24 17:21:41 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 17:21:41 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-23 14:39:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-23 14:39:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-03 19:52:59 10744 ----a-w- c:\windows\system32\vpncategories.dll
2012-08-03 19:52:54 33784 ----a-w- c:\windows\system32\vpnevents.dll
2012-08-03 19:38:55 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys
2012-08-03 19:38:05 87976 ----a-r- c:\windows\system32\drivers\acsock.sys
2012-08-03 18:53:10 145912 ----a-w- c:\windows\system32\vpnweb.ocx
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:35:32.82 ===============

#10 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 01:45 AM

I Should further note, that under my original attempts to repair, I had attempted a system restore which completed after running the listparts fix. Currently the computer is tyring to restart for updates, but I have it postponed for four hours unless you tell me to go ahead and reset.

#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 12 October 2012 - 01:49 AM

Currently the computer is tyring to restart for updates, but I have it postponed for four hours unless you tell me to go ahead and reset.

You can restart it now if you'd like. Just don't shutdown the computer while the updates are being applied ;)

I am going to sleep now. Do attach the ATTACH.txt file and also let me know what current problems you are experiencing.

#12 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 01:53 AM

Ok, I'll go ahead and reboot the system. It's time for me to do the same here, just about 0200 local. below is the Attach file. The system seems to be running ok, but I haven't actually done much with it yet. I just attempted a quick google search, and it appears to be working as well,even from the address bar, however, when I was having redirect issues, it was intermittent.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/5/2011 10:00:39 PM
System Uptime: 10/12/2012 1:12:21 AM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD E-350 Processor | N/A | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 386.985 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP157: 9/13/2012 10:28:58 PM - Windows Update
RP158: 9/18/2012 1:20:19 PM - Windows Update
RP159: 9/24/2012 12:29:19 PM - Windows Update
RP160: 9/24/2012 1:56:39 PM - Windows Update
RP161: 9/26/2012 3:00:18 AM - Windows Update
RP162: 9/29/2012 4:20:05 PM - Windows Update
RP163: 10/5/2012 4:50:56 AM - Windows Update
RP164: 10/9/2012 4:50:44 AM - Windows Update
RP164: 10/12/2012 1:18:11 AM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ActivClient CAC x86
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AMD Fuel
ApproveIt Desktop
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
ClosetMaid v1.5.2
Connector for Microsoft Outlook for Oracle Communications Unified Communications Suite 7
D3DX10
EPSON NX300 Series Printer Uninstall
ESET Online Scanner v3
Evernote
Facebook Video Calling 1.2.0.159
Google Chrome
Google Update Helper
Guitar Pro 5.2
IBM Lotus Forms Viewer 3.5.1
Java 7 Update 6
Java Auto Updater
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Agent
McAfee VirusScan Enterprise
Media Gallery
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
NMAS Challenge Response Method
NMAS Client
Norton Internet Security
Novell Client for Windows
Oasis2Service
OOBE
Pandora
PdaNet for Android 3.02
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PowerISO
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Remote Keyboard
Remote Play with PlayStation 3
Rosetta Stone Ltd Services
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype™ 5.10
SmartWi Connection Utility
Sun Service Tags
swMSM
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Transfer Support
VAIO Update
VAIO Update Merge Module x86
Viewer_armyifx
VU5x86
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Yahoo! Detect
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 9:42:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the System Event Notification Service service to connect.
10/9/2012 9:42:52 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/9/2012 9:42:52 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/9/2012 9:42:52 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Management Instrumentation service to connect.
10/9/2012 9:42:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Certificate Propagation service to connect.
10/9/2012 9:42:49 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Extensible Authentication Protocol service to connect.
10/9/2012 9:42:48 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.
10/9/2012 9:42:46 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect.
10/9/2012 9:42:44 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:42:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/9/2012 9:42:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Update service to connect.
10/9/2012 9:42:17 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:41:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Shell Hardware Detection service to connect.
10/9/2012 9:41:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Task Scheduler service to connect.
10/9/2012 9:41:49 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:41:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
10/9/2012 9:41:47 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:41:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
10/9/2012 9:41:46 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:41:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Background Intelligent Transfer Service service to connect.
10/9/2012 9:41:44 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:41:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.
10/9/2012 9:41:43 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 9:40:44 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 9:40:41 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2012 7:12:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/9/2012 10:17:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
10/9/2012 10:17:28 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 10:15:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.
10/9/2012 10:15:59 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2012 10:15:59 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2012 1:32:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2749655).
10/12/2012 1:32:11 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/12/2012 1:31:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2756822).
10/12/2012 1:30:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2731771).
10/12/2012 1:30:08 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2661254).
10/12/2012 1:29:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2739159).
10/12/2012 1:22:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2743555).
10/12/2012 1:22:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2724197).
10/12/2012 1:15:26 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
10/12/2012 1:15:26 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
10/12/2012 1:13:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
.
==== End Of File ===========================

#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:01 AM

Posted 12 October 2012 - 01:00 PM

Posted Image From Programs and Features (via Control Panel), please uninstall the below:
  • Java 7 Update 6

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Post the contents of this log in your next message.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Very important that you run the tool in this manner:
  • Right-mouse click JRT.exe and select Run as administrator
  • Do not just double-click it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.
    activex
    netsvcs
    %windir%\system32\drivers\*.sys /lockedfiles
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt

Edited by thisisu, 12 October 2012 - 01:01 PM.


#14 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 07:33 PM

16:37:54.0185 11272 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:37:54.0965 11272 ============================================================
16:37:54.0965 11272 Current date / time: 2012/10/12 16:37:54.0965
16:37:54.0965 11272 SystemInfo:
16:37:54.0965 11272
16:37:54.0965 11272 OS Version: 6.1.7601 ServicePack: 1.0
16:37:54.0965 11272 Product type: Workstation
16:37:54.0965 11272 ComputerName: ROBERT-MICRO
16:37:54.0965 11272 UserName: Robert
16:37:54.0965 11272 Windows directory: C:\Windows
16:37:54.0965 11272 System windows directory: C:\Windows
16:37:54.0965 11272 Processor architecture: Intel x86
16:37:54.0965 11272 Number of processors: 2
16:37:54.0965 11272 Page size: 0x1000
16:37:54.0965 11272 Boot type: Normal boot
16:37:54.0965 11272 ============================================================
16:38:03.0467 11272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:38:03.0483 11272 ============================================================
16:38:03.0483 11272 \Device\Harddisk0\DR0:
16:38:03.0483 11272 MBR partitions:
16:38:03.0483 11272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1203800, BlocksNum 0x32000
16:38:03.0483 11272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1235800, BlocksNum 0x39150030
16:38:03.0483 11272 ============================================================
16:38:03.0654 11272 C: <-> \Device\Harddisk0\DR0\Partition2
16:38:03.0654 11272 ============================================================
16:38:03.0654 11272 Initialize success
16:38:03.0654 11272 ============================================================
16:38:25.0276 11492 ============================================================
16:38:25.0276 11492 Scan started
16:38:25.0276 11492 Mode: Manual;
16:38:25.0276 11492 ============================================================
16:38:27.0865 11492 ================ Scan system memory ========================
16:38:27.0865 11492 System memory - ok
16:38:27.0865 11492 ================ Scan services =============================
16:38:28.0162 11492 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:38:28.0318 11492 1394ohci - ok
16:38:28.0411 11492 [ 00659E56339389469473AEC41587E706 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:38:28.0536 11492 ac.sharedstore - ok
16:38:29.0098 11492 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:38:29.0410 11492 ACDaemon - ok
16:38:29.0488 11492 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:38:30.0143 11492 ACPI - ok
16:38:30.0221 11492 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:38:30.0377 11492 AcpiPmi - ok
16:38:30.0424 11492 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
16:38:30.0642 11492 acsock - ok
16:38:30.0720 11492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:38:30.0829 11492 AdobeARMservice - ok
16:38:31.0017 11492 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:31.0188 11492 AdobeFlashPlayerUpdateSvc - ok
16:38:31.0235 11492 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:38:31.0266 11492 adp94xx - ok
16:38:31.0329 11492 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:38:31.0360 11492 adpahci - ok
16:38:31.0453 11492 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:38:31.0672 11492 adpu320 - ok
16:38:31.0781 11492 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:38:31.0797 11492 AeLookupSvc - ok
16:38:31.0968 11492 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:38:32.0265 11492 AFD - ok
16:38:32.0343 11492 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:38:32.0358 11492 agp440 - ok
16:38:32.0436 11492 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:38:32.0452 11492 aic78xx - ok
16:38:32.0514 11492 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:38:32.0545 11492 ALG - ok
16:38:32.0592 11492 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:38:32.0608 11492 aliide - ok
16:38:32.0655 11492 [ 58A67B025F5D6936D4657921A3139B92 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:38:32.0826 11492 AMD External Events Utility - ok
16:38:32.0982 11492 AMD FUEL Service - ok
16:38:33.0091 11492 [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
16:38:33.0232 11492 AMD Reservation Manager - ok
16:38:33.0279 11492 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:38:33.0388 11492 amdagp - ok
16:38:33.0435 11492 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:38:33.0450 11492 amdide - ok
16:38:33.0559 11492 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
16:38:33.0840 11492 amdiox86 - ok
16:38:33.0918 11492 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:38:33.0934 11492 AmdK8 - ok
16:38:34.0183 11492 [ B036C3BC49CD60942955B01527005680 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:38:34.0542 11492 amdkmdag - ok
16:38:34.0589 11492 [ 5BBA187F48CB2A6C935E1FAB062795B3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:38:34.0885 11492 amdkmdap - ok
16:38:35.0026 11492 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:38:35.0057 11492 AmdPPM - ok
16:38:35.0151 11492 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:38:35.0369 11492 amdsata - ok
16:38:35.0603 11492 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:38:35.0619 11492 amdsbs - ok
16:38:35.0743 11492 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:38:36.0149 11492 amdxata - ok
16:38:36.0211 11492 [ C67ABECD78888B58BFFA1F9C60C3153B ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
16:38:36.0211 11492 amd_sata - ok
16:38:36.0321 11492 [ ACF7E74A5A813364D0C0BB101E1AC0D5 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
16:38:36.0586 11492 amd_xata - ok
16:38:36.0664 11492 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:38:36.0898 11492 AppID - ok
16:38:36.0960 11492 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:38:36.0976 11492 AppIDSvc - ok
16:38:37.0007 11492 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:38:37.0085 11492 Appinfo - ok
16:38:37.0194 11492 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:38:37.0225 11492 arc - ok
16:38:37.0257 11492 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:38:37.0272 11492 arcsas - ok
16:38:37.0350 11492 [ DFD07F0A36BD4F7E7AD2BC5548213694 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:38:37.0444 11492 ArcSoftKsUFilter - ok
16:38:37.0491 11492 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:38:37.0522 11492 AsyncMac - ok
16:38:37.0600 11492 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:38:37.0615 11492 atapi - ok
16:38:37.0818 11492 [ 92CE48A7B48D2F836A9706AE215A8CAA ] athr C:\Windows\system32\DRIVERS\athr.sys
16:38:38.0068 11492 athr - ok
16:38:38.0130 11492 [ C8B17AC82AD2EE9E0E58E3461008C5F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
16:38:38.0395 11492 AtiHDAudioService - ok
16:38:38.0442 11492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:38:38.0442 11492 AudioEndpointBuilder - ok
16:38:38.0458 11492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:38:38.0473 11492 Audiosrv - ok
16:38:38.0551 11492 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:38:38.0645 11492 AxInstSV - ok
16:38:38.0707 11492 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:38:38.0739 11492 b06bdrv - ok
16:38:38.0801 11492 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:38:38.0817 11492 b57nd60x - ok
16:38:38.0863 11492 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:38:38.0879 11492 BDESVC - ok
16:38:38.0926 11492 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:38:38.0926 11492 Beep - ok
16:38:38.0988 11492 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:38:39.0097 11492 BFE - ok
16:38:39.0160 11492 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:38:39.0253 11492 BITS - ok
16:38:39.0300 11492 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:38:39.0316 11492 blbdrive - ok
16:38:39.0378 11492 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:38:39.0487 11492 bowser - ok
16:38:39.0597 11492 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:38:39.0628 11492 BrFiltLo - ok
16:38:39.0659 11492 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:38:39.0690 11492 BrFiltUp - ok
16:38:39.0799 11492 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:38:39.0877 11492 Browser - ok
16:38:39.0955 11492 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:38:39.0987 11492 Brserid - ok
16:38:40.0018 11492 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:38:40.0033 11492 BrSerWdm - ok
16:38:40.0065 11492 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:38:40.0096 11492 BrUsbMdm - ok
16:38:40.0158 11492 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:38:40.0174 11492 BrUsbSer - ok
16:38:40.0236 11492 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:38:40.0252 11492 BthEnum - ok
16:38:40.0299 11492 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:38:40.0314 11492 BTHMODEM - ok
16:38:40.0345 11492 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:38:40.0377 11492 BthPan - ok
16:38:40.0439 11492 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:38:40.0548 11492 BTHPORT - ok
16:38:40.0673 11492 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:38:40.0704 11492 bthserv - ok
16:38:40.0798 11492 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:38:41.0063 11492 BTHUSB - ok
16:38:41.0172 11492 [ 525432CFD6D8C004860AF7ECD0A84234 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
16:38:41.0469 11492 btwampfl - ok
16:38:41.0531 11492 [ CF8799A563F734984D4E053CACEC1426 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:38:41.0671 11492 btwaudio - ok
16:38:41.0749 11492 [ 9ED9932043D599AEA04F6EA2D86964A1 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:38:41.0890 11492 btwavdt - ok
16:38:42.0030 11492 [ 110496CF8143FEA63B7A31DAD175829B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:38:42.0217 11492 btwdins - ok
16:38:42.0264 11492 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:38:42.0529 11492 btwl2cap - ok
16:38:42.0576 11492 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:38:42.0857 11492 btwrchid - ok
16:38:43.0169 11492 catchme - ok
16:38:43.0231 11492 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:38:43.0247 11492 cdfs - ok
16:38:43.0325 11492 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:38:43.0481 11492 cdrom - ok
16:38:43.0543 11492 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:38:43.0637 11492 CertPropSvc - ok
16:38:43.0699 11492 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:38:43.0731 11492 circlass - ok
16:38:43.0777 11492 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:38:43.0793 11492 CLFS - ok
16:38:43.0902 11492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:43.0933 11492 clr_optimization_v2.0.50727_32 - ok
16:38:44.0058 11492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:44.0199 11492 clr_optimization_v4.0.30319_32 - ok
16:38:44.0245 11492 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:38:44.0245 11492 CmBatt - ok
16:38:44.0292 11492 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:38:44.0308 11492 cmdide - ok
16:38:44.0401 11492 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:38:44.0651 11492 CNG - ok
16:38:44.0713 11492 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:38:44.0713 11492 Compbatt - ok
16:38:44.0791 11492 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:38:44.0916 11492 CompositeBus - ok
16:38:44.0932 11492 COMSysApp - ok
16:38:44.0979 11492 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:38:44.0979 11492 crcdisk - ok
16:38:45.0072 11492 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:38:45.0150 11492 CryptSvc - ok
16:38:45.0213 11492 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:38:45.0228 11492 DcomLaunch - ok
16:38:45.0291 11492 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:38:45.0322 11492 defragsvc - ok
16:38:45.0400 11492 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:38:45.0587 11492 DfsC - ok
16:38:45.0727 11492 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:38:45.0837 11492 Dhcp - ok
16:38:45.0899 11492 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:38:45.0915 11492 discache - ok
16:38:45.0993 11492 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:38:46.0008 11492 Disk - ok
16:38:46.0071 11492 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:38:46.0164 11492 Dnscache - ok
16:38:46.0211 11492 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:38:46.0351 11492 dot3svc - ok
16:38:46.0445 11492 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:38:46.0461 11492 Dot4 - ok
16:38:46.0492 11492 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:38:46.0726 11492 Dot4Print - ok
16:38:46.0788 11492 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:38:46.0804 11492 dot4usb - ok
16:38:46.0851 11492 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:38:46.0929 11492 DPS - ok
16:38:47.0053 11492 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:38:47.0053 11492 drmkaud - ok
16:38:47.0147 11492 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:38:47.0319 11492 DXGKrnl - ok
16:38:47.0365 11492 [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
16:38:47.0381 11492 e1yexpress - ok
16:38:47.0443 11492 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:38:47.0459 11492 EapHost - ok
16:38:47.0568 11492 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:38:47.0693 11492 ebdrv - ok
16:38:47.0771 11492 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:38:47.0911 11492 EFS - ok
16:38:47.0989 11492 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:38:48.0161 11492 ehRecvr - ok
16:38:48.0208 11492 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:38:48.0223 11492 ehSched - ok
16:38:48.0270 11492 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:38:48.0301 11492 elxstor - ok
16:38:48.0395 11492 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:38:48.0395 11492 ErrDev - ok
16:38:48.0535 11492 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:38:48.0551 11492 EventSystem - ok
16:38:48.0645 11492 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:38:48.0676 11492 exfat - ok
16:38:48.0707 11492 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:38:48.0723 11492 fastfat - ok
16:38:48.0832 11492 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:38:49.0003 11492 Fax - ok
16:38:49.0050 11492 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:38:49.0066 11492 fdc - ok
16:38:49.0113 11492 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:38:49.0144 11492 fdPHost - ok
16:38:49.0191 11492 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:38:49.0206 11492 FDResPub - ok
16:38:49.0237 11492 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:38:49.0269 11492 FileInfo - ok
16:38:49.0300 11492 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:38:49.0315 11492 Filetrace - ok
16:38:49.0425 11492 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:38:49.0596 11492 FLEXnet Licensing Service - ok
16:38:49.0674 11492 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:38:49.0690 11492 flpydisk - ok
16:38:49.0768 11492 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:38:49.0783 11492 FltMgr - ok
16:38:49.0846 11492 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:38:49.0955 11492 FontCache - ok
16:38:50.0049 11492 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:50.0049 11492 FontCache3.0.0.0 - ok
16:38:50.0064 11492 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:38:50.0080 11492 FsDepends - ok
16:38:50.0158 11492 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:38:50.0407 11492 fssfltr - ok
16:38:50.0532 11492 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:38:50.0688 11492 fsssvc - ok
16:38:50.0766 11492 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:38:50.0969 11492 Fs_Rec - ok
16:38:51.0047 11492 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:38:51.0297 11492 fvevol - ok
16:38:51.0359 11492 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:38:51.0406 11492 gagp30kx - ok
16:38:51.0468 11492 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:38:51.0593 11492 gpsvc - ok
16:38:51.0843 11492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:51.0999 11492 gupdate - ok
16:38:52.0201 11492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:52.0217 11492 gupdatem - ok
16:38:52.0295 11492 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:38:52.0311 11492 hcw85cir - ok
16:38:52.0404 11492 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:38:52.0560 11492 HdAudAddService - ok
16:38:52.0654 11492 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:38:52.0841 11492 HDAudBus - ok
16:38:52.0903 11492 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:38:52.0903 11492 HidBatt - ok
16:38:52.0935 11492 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:38:52.0966 11492 HidBth - ok
16:38:53.0013 11492 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:38:53.0013 11492 HidIr - ok
16:38:53.0059 11492 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:38:53.0075 11492 hidserv - ok
16:38:53.0137 11492 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:38:53.0403 11492 HidUsb - ok
16:38:53.0496 11492 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:38:53.0621 11492 hkmsvc - ok
16:38:53.0668 11492 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:38:53.0777 11492 HomeGroupListener - ok
16:38:53.0855 11492 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:38:53.0933 11492 HomeGroupProvider - ok
16:38:54.0011 11492 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:38:54.0027 11492 HpSAMD - ok
16:38:54.0105 11492 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:38:54.0261 11492 HTTP - ok
16:38:54.0307 11492 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:38:54.0401 11492 hwpolicy - ok
16:38:54.0510 11492 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:38:54.0526 11492 i8042prt - ok
16:38:54.0651 11492 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:38:54.0916 11492 iaStorV - ok
16:38:55.0025 11492 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:55.0165 11492 idsvc - ok
16:38:55.0415 11492 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:38:55.0602 11492 igfx - ok
16:38:55.0680 11492 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:38:55.0696 11492 iirsp - ok
16:38:55.0789 11492 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:38:55.0899 11492 IKEEXT - ok
16:38:56.0242 11492 [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:38:56.0523 11492 IntcAzAudAddService - ok
16:38:56.0616 11492 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:38:56.0632 11492 intelide - ok
16:38:56.0757 11492 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:38:56.0772 11492 intelppm - ok
16:38:56.0866 11492 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:38:56.0882 11492 IPBusEnum - ok
16:38:56.0913 11492 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:38:57.0006 11492 IpFilterDriver - ok
16:38:57.0194 11492 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:38:57.0318 11492 iphlpsvc - ok
16:38:57.0365 11492 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:38:57.0474 11492 IPMIDRV - ok
16:38:57.0537 11492 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:38:57.0537 11492 IPNAT - ok
16:38:57.0630 11492 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:38:57.0646 11492 IRENUM - ok
16:38:57.0693 11492 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:38:57.0708 11492 isapnp - ok
16:38:57.0755 11492 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:38:57.0958 11492 iScsiPrt - ok
16:38:58.0052 11492 [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
16:38:58.0161 11492 ivusb - ok
16:38:58.0208 11492 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:38:58.0223 11492 kbdclass - ok
16:38:58.0301 11492 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:38:58.0738 11492 kbdhid - ok
16:38:58.0769 11492 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:38:58.0769 11492 KeyIso - ok
16:38:58.0847 11492 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:38:59.0066 11492 KSecDD - ok
16:38:59.0128 11492 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:38:59.0378 11492 KSecPkg - ok
16:38:59.0518 11492 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:38:59.0549 11492 KtmRm - ok
16:38:59.0674 11492 [ C8FA09049E640B0A27E4B4446D958FE5 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
16:38:59.0908 11492 L1C - ok
16:38:59.0955 11492 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:39:00.0064 11492 LanmanServer - ok
16:39:00.0142 11492 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:39:00.0251 11492 LanmanWorkstation - ok
16:39:00.0345 11492 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:39:00.0360 11492 lltdio - ok
16:39:00.0423 11492 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:39:00.0438 11492 lltdsvc - ok
16:39:00.0470 11492 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:39:00.0485 11492 lmhosts - ok
16:39:00.0548 11492 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:39:00.0579 11492 LSI_FC - ok
16:39:00.0641 11492 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:39:00.0657 11492 LSI_SAS - ok
16:39:00.0672 11492 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:39:00.0704 11492 LSI_SAS2 - ok
16:39:00.0719 11492 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:39:00.0735 11492 LSI_SCSI - ok
16:39:00.0782 11492 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:39:00.0813 11492 luafv - ok
16:39:00.0891 11492 MBAMProtector - ok
16:39:00.0953 11492 [ 37036C07983EF1024B2FF3C28AAE5700 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:39:01.0125 11492 MBAMService - ok
16:39:01.0234 11492 [ 02D0EFABB5B71005143C320DAF7A0515 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
16:39:01.0250 11492 McAfeeEngineService - ok
16:39:01.0452 11492 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
16:39:01.0608 11492 McAfeeFramework - ok
16:39:01.0655 11492 [ A88C0E2B549734349DC6152B4FE07397 ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
16:39:01.0811 11492 McShield - ok
16:39:01.0920 11492 [ D4E92375308343358A50BFED5D800A76 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
16:39:02.0170 11492 McTaskManager - ok
16:39:02.0357 11492 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:39:02.0544 11492 Mcx2Svc - ok
16:39:02.0591 11492 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:39:02.0607 11492 megasas - ok
16:39:02.0638 11492 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:39:02.0669 11492 MegaSR - ok
16:39:02.0747 11492 [ A8D2C54C2F71F5CBA7CA2734341E57E6 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
16:39:02.0872 11492 mfeapfk - ok
16:39:02.0950 11492 [ 28BB783D85DF19E9E007E81DAF40ADCC ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:39:03.0106 11492 mfeavfk - ok
16:39:03.0153 11492 [ 8E43E242073E9DB5AA165EBE273FFD09 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
16:39:03.0309 11492 mfebopk - ok
16:39:03.0371 11492 [ E94D35A2A9B175B34B995AB37216C73E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:39:03.0496 11492 mfehidk - ok
16:39:03.0543 11492 [ F68C9CDA15114B360727FE622E4AEC6F ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
16:39:03.0668 11492 mferkdet - ok
16:39:03.0730 11492 [ 78EFA6FD2A486C476045EAA1D2F218B7 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
16:39:03.0855 11492 mfetdik - ok
16:39:03.0870 11492 [ 4A736798C76E6BB2CF8224DCE34AA480 ] mfevtp C:\Windows\system32\mfevtps.exe
16:39:03.0995 11492 mfevtp - ok
16:39:04.0011 11492 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:39:04.0026 11492 MMCSS - ok
16:39:04.0151 11492 [ 85D5C849E88AFBF27915FA90ACF1ABEB ] mod7700 C:\Windows\system32\Drivers\dvb7700all.sys
16:39:04.0354 11492 mod7700 - ok
16:39:04.0385 11492 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:39:04.0463 11492 Modem - ok
16:39:04.0572 11492 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:39:04.0588 11492 monitor - ok
16:39:04.0635 11492 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:39:04.0650 11492 mouclass - ok
16:39:04.0728 11492 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:39:04.0744 11492 mouhid - ok
16:39:04.0806 11492 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:39:04.0931 11492 mountmgr - ok
16:39:04.0978 11492 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:39:05.0243 11492 mpio - ok
16:39:05.0290 11492 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:39:05.0306 11492 mpsdrv - ok
16:39:05.0384 11492 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:39:05.0571 11492 MpsSvc - ok
16:39:05.0633 11492 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:39:05.0976 11492 MRxDAV - ok
16:39:06.0054 11492 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:06.0288 11492 mrxsmb - ok
16:39:06.0320 11492 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:06.0632 11492 mrxsmb10 - ok
16:39:06.0663 11492 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:06.0881 11492 mrxsmb20 - ok
16:39:06.0975 11492 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:39:07.0209 11492 msahci - ok
16:39:07.0240 11492 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:39:07.0552 11492 msdsm - ok
16:39:07.0583 11492 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:39:07.0599 11492 MSDTC - ok
16:39:07.0661 11492 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:39:07.0661 11492 Msfs - ok
16:39:07.0677 11492 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:39:07.0692 11492 mshidkmdf - ok
16:39:07.0755 11492 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:39:07.0770 11492 msisadrv - ok
16:39:07.0864 11492 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:39:07.0880 11492 MSiSCSI - ok
16:39:07.0895 11492 msiserver - ok
16:39:07.0973 11492 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:39:08.0004 11492 MSKSSRV - ok
16:39:08.0036 11492 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:08.0051 11492 MSPCLOCK - ok
16:39:08.0098 11492 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:39:08.0114 11492 MSPQM - ok
16:39:08.0145 11492 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:39:08.0160 11492 MsRPC - ok
16:39:08.0192 11492 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:39:08.0207 11492 mssmbios - ok
16:39:08.0301 11492 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:39:08.0379 11492 MSTEE - ok
16:39:08.0410 11492 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:39:08.0426 11492 MTConfig - ok
16:39:08.0472 11492 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:39:08.0488 11492 Mup - ok
16:39:08.0613 11492 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:39:08.0628 11492 napagent - ok
16:39:08.0753 11492 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:39:08.0800 11492 NativeWifiP - ok
16:39:08.0894 11492 [ 574A7BD9741E9A3E3282ED4D1BC7F588 ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys
16:39:09.0159 11492 NCFilter - ok
16:39:09.0268 11492 [ D69FB10BF04BEC3BF7FD919721AA51DB ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
16:39:09.0533 11492 NCFSD - ok
16:39:09.0580 11492 [ 598FD72A8B47FAED223C751E23FF17DB ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
16:39:09.0720 11492 NCIOCTL - ok
16:39:09.0752 11492 [ 7EECE6EDDDF854581BCE68CE7B218DC4 ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys
16:39:10.0017 11492 NCRecognizer - ok
16:39:10.0079 11492 [ 07E2BC676F1BBDC8AFAD7C6F38847688 ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys
16:39:10.0329 11492 NCUncFilter - ok
16:39:10.0407 11492 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:39:10.0672 11492 NDIS - ok
16:39:10.0734 11492 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:10.0766 11492 NdisCap - ok
16:39:10.0875 11492 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:10.0906 11492 NdisTapi - ok
16:39:10.0968 11492 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:11.0109 11492 Ndisuio - ok
16:39:11.0171 11492 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:11.0483 11492 NdisWan - ok
16:39:11.0592 11492 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:39:11.0764 11492 NDProxy - ok
16:39:11.0826 11492 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:39:11.0842 11492 NetBIOS - ok
16:39:11.0936 11492 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:39:12.0263 11492 NetBT - ok
16:39:12.0294 11492 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:39:12.0310 11492 Netlogon - ok
16:39:12.0450 11492 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:39:12.0466 11492 Netman - ok
16:39:12.0560 11492 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:39:12.0575 11492 netprofm - ok
16:39:12.0669 11492 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:39:12.0794 11492 NetTcpPortSharing - ok
16:39:13.0199 11492 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
16:39:13.0386 11492 netw5v32 - ok
16:39:13.0433 11492 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:39:13.0449 11492 nfrd960 - ok
16:39:13.0480 11492 [ 7AE8BA627D2DF84793E292ABB7763DF9 ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
16:39:13.0620 11492 NICM - ok
16:39:13.0714 11492 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:39:13.0823 11492 NlaSvc - ok
16:39:13.0854 11492 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:39:13.0870 11492 Npfs - ok
16:39:13.0917 11492 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:39:13.0932 11492 nsi - ok
16:39:13.0964 11492 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:39:13.0979 11492 nsiproxy - ok
16:39:14.0088 11492 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:39:14.0213 11492 Ntfs - ok
16:39:14.0260 11492 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:39:14.0276 11492 Null - ok
16:39:14.0354 11492 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:39:14.0478 11492 nvraid - ok
16:39:14.0494 11492 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:39:14.0775 11492 nvstor - ok
16:39:14.0822 11492 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:39:14.0837 11492 nv_agp - ok
16:39:14.0978 11492 [ 07571684567859DA796A566CC78FFA74 ] Oasis2Service C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe
16:39:15.0118 11492 Oasis2Service - ok
16:39:15.0305 11492 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:39:15.0461 11492 odserv - ok
16:39:15.0524 11492 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:39:15.0539 11492 ohci1394 - ok
16:39:15.0633 11492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:15.0804 11492 ose - ok
16:39:15.0867 11492 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:39:15.0898 11492 p2pimsvc - ok
16:39:15.0945 11492 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:39:15.0976 11492 p2psvc - ok
16:39:16.0023 11492 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:39:16.0038 11492 Parport - ok
16:39:16.0116 11492 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:39:16.0428 11492 partmgr - ok
16:39:16.0460 11492 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:39:16.0475 11492 Parvdm - ok
16:39:16.0522 11492 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:39:16.0538 11492 PcaSvc - ok
16:39:16.0569 11492 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:39:16.0678 11492 pci - ok
16:39:16.0709 11492 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:39:16.0740 11492 pciide - ok
16:39:16.0787 11492 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:39:16.0834 11492 pcmcia - ok
16:39:16.0896 11492 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:39:16.0912 11492 pcw - ok
16:39:16.0974 11492 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:39:17.0006 11492 PEAUTH - ok
16:39:17.0162 11492 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:39:17.0505 11492 pla - ok
16:39:17.0567 11492 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:39:17.0692 11492 PlugPlay - ok
16:39:17.0879 11492 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
16:39:18.0035 11492 PMBDeviceInfoProvider - ok
16:39:18.0098 11492 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:39:18.0113 11492 Pml Driver HPZ12 - ok
16:39:18.0176 11492 [ 28460E94FFDF40BB28EFDB3D97E959E8 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
16:39:18.0316 11492 pneteth - ok
16:39:18.0347 11492 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:39:18.0363 11492 PNRPAutoReg - ok
16:39:18.0410 11492 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:39:18.0425 11492 PNRPsvc - ok
16:39:18.0519 11492 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:39:18.0659 11492 PolicyAgent - ok
16:39:18.0722 11492 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:39:18.0831 11492 Power - ok
16:39:18.0878 11492 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:39:18.0893 11492 PptpMiniport - ok
16:39:18.0940 11492 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:39:18.0940 11492 Processor - ok
16:39:19.0002 11492 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:39:19.0127 11492 ProfSvc - ok
16:39:19.0143 11492 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:39:19.0143 11492 ProtectedStorage - ok
16:39:19.0236 11492 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:39:19.0252 11492 Psched - ok
16:39:19.0361 11492 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:39:19.0424 11492 ql2300 - ok
16:39:19.0455 11492 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:39:19.0470 11492 ql40xx - ok
16:39:19.0502 11492 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:39:19.0517 11492 QWAVE - ok
16:39:19.0564 11492 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:39:19.0580 11492 QWAVEdrv - ok
16:39:19.0595 11492 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:39:19.0611 11492 RasAcd - ok
16:39:19.0689 11492 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:39:19.0704 11492 RasAgileVpn - ok
16:39:19.0720 11492 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:39:19.0736 11492 RasAuto - ok
16:39:19.0782 11492 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:19.0798 11492 Rasl2tp - ok
16:39:19.0860 11492 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:39:19.0970 11492 RasMan - ok
16:39:20.0032 11492 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:20.0063 11492 RasPppoe - ok
16:39:20.0141 11492 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:39:20.0157 11492 RasSstp - ok
16:39:20.0204 11492 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:39:20.0469 11492 rdbss - ok
16:39:20.0516 11492 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:39:20.0531 11492 rdpbus - ok
16:39:20.0594 11492 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:20.0734 11492 RDPCDD - ok
16:39:20.0781 11492 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:39:20.0796 11492 RDPENCDD - ok
16:39:20.0812 11492 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:39:20.0828 11492 RDPREFMP - ok
16:39:20.0890 11492 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:39:21.0155 11492 RDPWD - ok
16:39:21.0311 11492 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:39:21.0545 11492 rdyboost - ok
16:39:21.0608 11492 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:39:21.0623 11492 RemoteAccess - ok
16:39:21.0686 11492 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:39:21.0717 11492 RemoteRegistry - ok
16:39:21.0795 11492 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:39:21.0810 11492 RFCOMM - ok
16:39:21.0888 11492 [ 7F7EBF43F4789DDC044098D696149391 ] RosettaStoneLtdController C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
16:39:22.0029 11492 RosettaStoneLtdController - ok
16:39:22.0138 11492 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:39:22.0185 11492 RpcEptMapper - ok
16:39:22.0263 11492 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:39:22.0325 11492 RpcLocator - ok
16:39:22.0450 11492 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:39:22.0466 11492 RpcSs - ok
16:39:22.0544 11492 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:39:22.0559 11492 rspndr - ok
16:39:22.0622 11492 [ 867BEB23207BA425C85293BB0D3EA971 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:39:22.0887 11492 RSUSBSTOR - ok
16:39:22.0918 11492 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:39:22.0934 11492 SamSs - ok
16:39:22.0980 11492 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:39:23.0230 11492 sbp2port - ok
16:39:23.0277 11492 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:39:23.0308 11492 SCardSvr - ok
16:39:23.0355 11492 [ E9BBD87AFD80DC1212ECD762858B45C7 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
16:39:23.0526 11492 SCDEmu - ok
16:39:23.0573 11492 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:39:23.0729 11492 scfilter - ok
16:39:23.0792 11492 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:39:23.0916 11492 Schedule - ok
16:39:23.0932 11492 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:39:23.0948 11492 SCPolicySvc - ok
16:39:23.0994 11492 [ 21ABB8D3D85E33C206B10F7629D7433C ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys
16:39:24.0260 11492 SCR3XX2K - ok
16:39:24.0353 11492 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:39:24.0572 11492 sdbus - ok
16:39:24.0665 11492 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:39:24.0806 11492 SDRSVC - ok
16:39:24.0884 11492 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:39:24.0899 11492 secdrv - ok
16:39:24.0930 11492 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:39:24.0946 11492 seclogon - ok
16:39:24.0946 11492 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:39:24.0962 11492 SENS - ok
16:39:25.0024 11492 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:39:25.0040 11492 SensrSvc - ok
16:39:25.0055 11492 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:39:25.0071 11492 Serenum - ok
16:39:25.0133 11492 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:39:25.0149 11492 Serial - ok
16:39:25.0180 11492 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:39:25.0211 11492 sermouse - ok
16:39:25.0274 11492 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:39:25.0398 11492 SessionEnv - ok
16:39:25.0461 11492 [ DCAFF7089185E6461B92D3D3A17BA295 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
16:39:25.0710 11492 SFEP - ok
16:39:25.0757 11492 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:39:25.0773 11492 sffdisk - ok
16:39:25.0820 11492 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:39:25.0835 11492 sffp_mmc - ok
16:39:25.0866 11492 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:39:25.0991 11492 sffp_sd - ok
16:39:26.0022 11492 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:39:26.0038 11492 sfloppy - ok
16:39:26.0116 11492 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:39:26.0132 11492 SharedAccess - ok
16:39:26.0241 11492 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:39:26.0397 11492 ShellHWDetection - ok
16:39:26.0459 11492 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:39:26.0506 11492 sisagp - ok
16:39:26.0584 11492 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:39:26.0600 11492 SiSRaid2 - ok
16:39:26.0646 11492 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:39:26.0662 11492 SiSRaid4 - ok
16:39:26.0740 11492 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:39:39.0454 11492 SkypeUpdate - ok
16:39:39.0532 11492 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:39:39.0548 11492 Smb - ok
16:39:39.0688 11492 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:39:39.0704 11492 SNMPTRAP - ok
16:39:39.0891 11492 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:39:40.0016 11492 SOHCImp - ok
16:39:40.0140 11492 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:39:40.0640 11492 SOHDms - ok
16:39:40.0718 11492 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:39:40.0874 11492 SOHDs - ok
16:39:40.0983 11492 [ B91C063FE1D572DFB3FD8C3898E0D0C1 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
16:39:41.0154 11492 SpfService - ok
16:39:41.0248 11492 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:39:41.0264 11492 spldr - ok
16:39:41.0685 11492 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:39:41.0810 11492 Spooler - ok
16:39:42.0137 11492 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:39:42.0574 11492 sppsvc - ok
16:39:42.0652 11492 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:39:42.0761 11492 sppuinotify - ok
16:39:42.0808 11492 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:39:43.0214 11492 srv - ok
16:39:43.0245 11492 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:39:43.0370 11492 srv2 - ok
16:39:43.0432 11492 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:39:43.0463 11492 SrvHsfHDA - ok
16:39:43.0572 11492 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:39:43.0650 11492 SrvHsfV92 - ok
16:39:43.0697 11492 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:39:43.0728 11492 SrvHsfWinac - ok
16:39:43.0791 11492 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:39:44.0072 11492 srvnet - ok
16:39:44.0150 11492 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:39:44.0165 11492 SSDPSRV - ok
16:39:44.0212 11492 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:39:44.0228 11492 SstpSvc - ok
16:39:44.0337 11492 [ 55D681EA95F6C3186B4F950C2EA3BAAE ] stdiscover C:\Program Files\Sun\servicetag\stdiscoverer.exe
16:39:44.0462 11492 stdiscover - ok
16:39:44.0540 11492 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:39:44.0571 11492 stexstor - ok
16:39:44.0992 11492 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:39:45.0366 11492 StiSvc - ok
16:39:45.0444 11492 [ 91C1AA884F2D1B4371D95463CEA8E7DC ] stlisten C:\Program Files\Sun\servicetag\stlisten.exe
16:39:45.0600 11492 stlisten - ok
16:39:45.0632 11492 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:39:45.0647 11492 swenum - ok
16:39:45.0710 11492 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:39:45.0725 11492 swprv - ok
16:39:45.0834 11492 [ 7DDDF7B78BF4F67AFF691E6EA15E24C0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:39:45.0990 11492 SynTP - ok
16:39:46.0100 11492 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:39:46.0115 11492 SysMain - ok
16:39:46.0178 11492 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:39:46.0302 11492 TabletInputService - ok
16:39:46.0380 11492 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:39:46.0474 11492 TapiSrv - ok
16:39:46.0552 11492 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:39:46.0646 11492 TBS - ok
16:39:47.0036 11492 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:39:47.0285 11492 Tcpip - ok
16:39:47.0348 11492 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:39:47.0363 11492 TCPIP6 - ok
16:39:47.0457 11492 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:39:47.0706 11492 tcpipreg - ok
16:39:47.0862 11492 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:39:48.0128 11492 TDPIPE - ok
16:39:48.0174 11492 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:39:48.0440 11492 TDTCP - ok
16:39:48.0502 11492 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:39:48.0798 11492 tdx - ok
16:39:48.0845 11492 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:39:49.0064 11492 TermDD - ok
16:39:49.0204 11492 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:39:49.0313 11492 TermService - ok
16:39:49.0391 11492 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:39:49.0407 11492 Themes - ok
16:39:49.0454 11492 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:39:49.0454 11492 THREADORDER - ok
16:39:49.0578 11492 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
16:39:49.0594 11492 TPM - ok
16:39:49.0641 11492 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:39:49.0641 11492 TrkWks - ok
16:39:49.0859 11492 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:39:50.0031 11492 TrustedInstaller - ok
16:39:50.0124 11492 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:39:50.0390 11492 tssecsrv - ok
16:39:50.0468 11492 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:39:50.0592 11492 TsUsbFlt - ok
16:39:50.0702 11492 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:39:50.0811 11492 tunnel - ok
16:39:50.0873 11492 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:39:50.0889 11492 uagp35 - ok
16:39:51.0029 11492 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:39:51.0185 11492 uCamMonitor - ok
16:39:51.0341 11492 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:39:51.0513 11492 udfs - ok
16:39:51.0669 11492 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:39:51.0684 11492 UI0Detect - ok
16:39:51.0762 11492 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:39:51.0794 11492 uliagpkx - ok
16:39:51.0856 11492 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:39:51.0965 11492 umbus - ok
16:39:52.0028 11492 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:39:52.0043 11492 UmPass - ok
16:39:52.0418 11492 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:39:52.0449 11492 upnphost - ok
16:39:52.0527 11492 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:39:52.0698 11492 usbccgp - ok
16:39:52.0808 11492 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:39:52.0823 11492 usbcir - ok
16:39:52.0886 11492 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:39:53.0291 11492 usbehci - ok
16:39:53.0354 11492 [ 56E89C8E05A987A49FFA595428FB9767 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:39:53.0556 11492 usbfilter - ok
16:39:53.0712 11492 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:39:54.0227 11492 usbhub - ok
16:39:54.0290 11492 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:39:54.0664 11492 usbohci - ok
16:39:54.0789 11492 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:39:54.0820 11492 usbprint - ok
16:39:54.0929 11492 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:39:54.0960 11492 usbscan - ok
16:39:55.0070 11492 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:39:55.0444 11492 USBSTOR - ok
16:39:55.0538 11492 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:39:55.0787 11492 usbuhci - ok
16:39:56.0052 11492 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:39:56.0302 11492 usbvideo - ok
16:39:56.0396 11492 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:39:56.0411 11492 UxSms - ok
16:39:56.0536 11492 [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
16:39:56.0661 11492 VAIO Event Service - ok
16:39:56.0692 11492 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:39:56.0692 11492 VaultSvc - ok
16:39:56.0832 11492 [ 6888526AEB8DDABDE6F778FD40FC0693 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:39:57.0010 11492 VCFw - ok
16:39:57.0120 11492 [ F0672B2368E859284A4C44AE2CCA4C72 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:39:57.0270 11492 VcmIAlzMgr - ok
16:39:57.0522 11492 [ CBB9F0D1017E0BED4CB5BBC0EBF26DC1 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
16:39:57.0764 11492 VcmINSMgr - ok
16:39:58.0046 11492 [ A9AEAA21FC7B30E48A682F43DEB389FC ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
16:39:58.0197 11492 VcmXmlIfHelper - ok
16:39:58.0569 11492 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
16:39:58.0710 11492 VCService - ok
16:39:58.0788 11492 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:39:58.0819 11492 vdrvroot - ok
16:39:58.0944 11492 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:39:59.0068 11492 vds - ok
16:39:59.0100 11492 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:39:59.0115 11492 vga - ok
16:39:59.0131 11492 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:39:59.0146 11492 VgaSave - ok
16:39:59.0193 11492 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:39:59.0302 11492 vhdmp - ok
16:39:59.0365 11492 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:39:59.0380 11492 viaagp - ok
16:39:59.0412 11492 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:39:59.0427 11492 ViaC7 - ok
16:39:59.0443 11492 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:39:59.0458 11492 viaide - ok
16:39:59.0490 11492 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:39:59.0630 11492 volmgr - ok
16:39:59.0692 11492 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:39:59.0708 11492 volmgrx - ok
16:39:59.0739 11492 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:39:59.0864 11492 volsnap - ok
16:39:59.0942 11492 [ 80E63B86C40C5E067475DC98F845A6DD ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:40:00.0129 11492 vpnagent - ok
16:40:00.0192 11492 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
16:40:00.0332 11492 vpnva - ok
16:40:00.0472 11492 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:40:00.0488 11492 vsmraid - ok
16:40:00.0956 11492 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:40:01.0128 11492 VSS - ok
16:40:01.0627 11492 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
16:40:01.0861 11492 VUAgent - ok
16:40:02.0017 11492 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:40:02.0095 11492 vwifibus - ok
16:40:02.0204 11492 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:40:02.0204 11492 vwififlt - ok
16:40:02.0282 11492 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:40:02.0344 11492 vwifimp - ok
16:40:02.0422 11492 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:40:02.0454 11492 W32Time - ok
16:40:02.0516 11492 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:40:02.0547 11492 WacomPen - ok
16:40:02.0610 11492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:40:02.0859 11492 WANARP - ok
16:40:02.0875 11492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:40:02.0875 11492 Wanarpv6 - ok
16:40:02.0968 11492 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:40:03.0093 11492 WatAdminSvc - ok
16:40:03.0218 11492 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:40:03.0421 11492 wbengine - ok
16:40:03.0499 11492 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:40:03.0561 11492 WbioSrvc - ok
16:40:03.0670 11492 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:40:03.0998 11492 wcncsvc - ok
16:40:04.0076 11492 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:40:04.0092 11492 WcsPlugInService - ok
16:40:04.0232 11492 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:40:04.0248 11492 Wd - ok
16:40:04.0450 11492 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:40:04.0497 11492 Wdf01000 - ok
16:40:04.0544 11492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:40:04.0560 11492 WdiServiceHost - ok
16:40:04.0575 11492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:40:04.0591 11492 WdiSystemHost - ok
16:40:04.0653 11492 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:40:04.0778 11492 WebClient - ok
16:40:04.0809 11492 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:40:04.0840 11492 Wecsvc - ok
16:40:04.0872 11492 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:40:04.0903 11492 wercplsupport - ok
16:40:04.0996 11492 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:40:05.0012 11492 WerSvc - ok
16:40:05.0106 11492 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:05.0106 11492 WfpLwf - ok
16:40:05.0137 11492 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:40:05.0152 11492 WIMMount - ok
16:40:05.0215 11492 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:40:05.0246 11492 WinDefend - ok
16:40:05.0262 11492 WinHttpAutoProxySvc - ok
16:40:05.0340 11492 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:40:05.0355 11492 Winmgmt - ok
16:40:05.0480 11492 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:40:05.0605 11492 WinRM - ok
16:40:05.0823 11492 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
16:40:05.0979 11492 WinUsb - ok
16:40:06.0276 11492 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:40:06.0291 11492 Wlansvc - ok
16:40:06.0338 11492 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:40:06.0478 11492 wlcrasvc - ok
16:40:06.0681 11492 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:40:06.0822 11492 wlidsvc - ok
16:40:06.0931 11492 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:40:06.0946 11492 WmiAcpi - ok
16:40:07.0009 11492 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:40:07.0024 11492 wmiApSrv - ok
16:40:07.0149 11492 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:40:07.0336 11492 WMPNetworkSvc - ok
16:40:07.0399 11492 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:40:07.0414 11492 WPCSvc - ok
16:40:07.0461 11492 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:40:07.0555 11492 WPDBusEnum - ok
16:40:07.0617 11492 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:40:07.0617 11492 ws2ifsl - ok
16:40:07.0664 11492 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:40:07.0680 11492 wscsvc - ok
16:40:07.0789 11492 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:40:07.0804 11492 WSDPrintDevice - ok
16:40:07.0804 11492 WSearch - ok
16:40:08.0038 11492 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:40:08.0210 11492 wuauserv - ok
16:40:08.0288 11492 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:40:08.0522 11492 WudfPf - ok
16:40:08.0584 11492 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:08.0865 11492 WUDFRd - ok
16:40:08.0928 11492 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:40:08.0943 11492 wudfsvc - ok
16:40:09.0099 11492 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:40:09.0130 11492 WwanSvc - ok
16:40:09.0224 11492 [ 7F7CDB8C28E0078579A616A3AEDC6059 ] XTSvcMgr C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
16:40:09.0364 11492 XTSvcMgr - ok
16:40:09.0505 11492 ================ Scan global ===============================
16:40:09.0754 11492 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:40:10.0472 11492 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
16:40:10.0706 11492 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
16:40:10.0737 11492 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:40:10.0815 11492 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:40:10.0846 11492 [Global] - ok
16:40:10.0846 11492 ================ Scan MBR ==================================
16:40:10.0878 11492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:40:11.0533 11492 \Device\Harddisk0\DR0 - ok
16:40:11.0533 11492 ================ Scan VBR ==================================
16:40:11.0564 11492 [ 08D60F4EB41D0FA3AF152969A908F70A ] \Device\Harddisk0\DR0\Partition1
16:40:11.0580 11492 \Device\Harddisk0\DR0\Partition1 - ok
16:40:11.0626 11492 [ 0C0CE489E0498EC6829A92F1742FE2D8 ] \Device\Harddisk0\DR0\Partition2
16:40:11.0642 11492 \Device\Harddisk0\DR0\Partition2 - ok
16:40:11.0642 11492 ============================================================
16:40:11.0642 11492 Scan finished
16:40:11.0642 11492 ============================================================
16:40:11.0673 11484 Detected object count: 0
16:40:11.0673 11484 Actual detected object count: 0
16:40:19.0832 11260 Deinitialize success

#15 RKollas

RKollas
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 October 2012 - 07:34 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.1 (10.12.2012)
OS: Windows 7 Home Premium x86
Ran by Robert on Fri 10/12/2012 at 16:40:33.11
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/12/2012 at 16:51:52.38
End of Report

OTL logfile created on: 10/12/2012 4:56:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 62.96% Memory free
6.99 Gb Paging File | 5.35 Gb Available in Paging File | 76.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.66 Gb Total Space | 387.17 Gb Free Space | 84.78% Space Free | Partition Type: NTFS

Computer Name: ROBERT-MICRO | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 16:37:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2012/08/20 12:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/03 14:52:33 | 000,685,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/08/03 14:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/12 23:12:24 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/07 23:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNi\Oasis\VAIO Messenger.exe
PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/01/17 11:36:08 | 001,015,912 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2012/01/13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
PRC - [2011/11/15 11:27:18 | 000,088,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCAgent.exe
PRC - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2011/05/04 20:12:02 | 000,035,928 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2011/05/04 20:12:02 | 000,016,984 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2011/03/30 03:45:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/30 03:45:36 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/16 15:08:52 | 001,166,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/14 14:23:50 | 000,013,504 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\Admload.exe
PRC - [2011/01/29 06:36:18 | 000,189,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/01/06 14:18:54 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010/11/27 02:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/16 20:34:12 | 001,473,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
PRC - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/10/22 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/09/27 17:13:22 | 000,222,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
PRC - [2010/09/27 17:12:36 | 000,864,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/07/29 20:45:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/07/29 20:45:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/07/15 13:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/07/15 13:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/07/15 13:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/07/15 13:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 21:18:28 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 19:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 11:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/16 11:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2008/03/14 18:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/01/25 17:02:36 | 000,080,384 | ---- | M] () -- C:\Program Files\Sun\servicetag\stlisten.exe
PRC - [2008/01/25 17:00:50 | 000,071,680 | ---- | M] () -- C:\Program Files\Sun\servicetag\stdiscoverer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 14:53:25 | 000,062,968 | ---- | M] () -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2012/06/13 03:31:12 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/13 03:24:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 03:23:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 03:23:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:22:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 03:22:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/15 03:56:04 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2012/05/15 03:55:51 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/15 03:55:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/15 03:55:39 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll
MOD - [2012/05/15 03:53:20 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 03:50:48 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/15 03:50:46 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/15 03:50:41 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/15 03:50:39 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/15 03:46:48 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
MOD - [2012/05/15 03:46:47 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll
MOD - [2012/05/15 03:46:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 03:45:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/15 03:45:38 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/15 03:45:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/15 03:45:35 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/15 03:43:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 03:43:42 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/15 03:43:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 03:43:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 03:43:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 03:43:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/23 17:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 17:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 21:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/11/04 22:14:55 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2011/05/04 20:12:02 | 000,920,152 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll
MOD - [2011/05/04 20:12:02 | 000,240,216 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll
MOD - [2011/05/04 20:12:02 | 000,166,488 | ---- | M] () -- C:\Windows\System32\mapbase.dll
MOD - [2011/05/04 20:12:02 | 000,113,240 | ---- | M] () -- C:\Windows\System32\nclangid.dll
MOD - [2011/05/04 20:12:02 | 000,035,928 | ---- | M] () -- C:\Windows\System32\nwtray.exe
MOD - [2011/05/04 19:42:32 | 000,495,616 | ---- | M] () -- C:\Windows\System32\nls\english\ncnetproviderr.dll
MOD - [2011/05/04 19:41:10 | 000,110,592 | ---- | M] () -- C:\Windows\System32\nls\english\nwshlxntr.dll
MOD - [2011/05/04 19:40:22 | 000,094,208 | ---- | M] () -- C:\Windows\System32\nls\english\mapbaser.dll
MOD - [2011/05/04 19:35:58 | 000,016,384 | ---- | M] () -- C:\Windows\System32\nls\english\nclangidr.dll
MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 20:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 20:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/15 13:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/07/15 13:07:40 | 000,131,072 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/07/15 13:07:40 | 000,109,568 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/07/15 13:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/07/15 13:07:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/07/15 13:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/07/15 13:07:40 | 000,023,040 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/07/15 13:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/07/15 13:07:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/07/15 13:07:40 | 000,015,872 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/07/15 13:07:40 | 000,015,360 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/07/15 13:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/07/15 13:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/07/15 13:07:40 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/07/15 13:07:40 | 000,007,680 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/07/15 13:07:40 | 000,006,656 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/07/15 13:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/07/15 13:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2010/07/15 13:07:40 | 000,004,608 | ---- | M] () -- C:\Program Files\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2010/01/26 10:17:24 | 000,081,920 | ---- | M] () -- C:\Windows\System32\erainp32.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (All) ==========

SRV - [2012/10/12 03:14:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 09:18:31 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2012/08/23 09:18:31 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2012/08/03 14:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/04 16:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/30 23:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2012/03/08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012/02/11 00:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (EFS)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 16:42:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 09:29:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/24 05:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011/05/04 20:12:02 | 000,016,984 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2011/05/03 23:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2011/03/30 03:45:36 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/03/03 00:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011/02/19 01:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011/01/29 06:36:18 | 000,189,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2011/01/06 14:18:54 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/11/27 02:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/20 07:21:40 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2010/11/20 07:21:39 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV - [2010/11/20 07:21:37 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 07:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2010/11/20 07:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 07:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 07:21:35 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 07:21:35 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2010/11/20 07:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 07:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2010/11/20 07:21:27 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2010/11/20 07:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 07:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2010/11/20 07:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2010/11/20 07:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 07:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 07:20:57 | 000,330,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2010/11/20 07:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 07:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2010/11/20 07:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2010/11/20 07:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 07:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/11/20 07:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 07:19:26 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2010/11/20 07:19:23 | 000,499,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2010/11/20 07:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2010/11/20 07:19:21 | 000,674,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2010/11/20 07:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2010/11/20 07:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2010/11/20 07:18:34 | 000,144,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:12 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2010/11/20 07:18:12 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2010/11/20 07:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2010/11/20 07:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 07:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2010/11/20 07:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/20 07:17:52 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV - [2010/11/20 07:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 07:17:49 | 000,453,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2010/11/20 07:17:48 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 07:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:11 | 000,523,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/11/20 07:17:07 | 000,556,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/04 20:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/11/04 20:52:36 | 000,878,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/10/25 19:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010/10/25 19:26:32 | 000,084,256 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2010/10/25 19:12:24 | 000,549,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/10/22 20:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/10/12 17:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 17:13:22 | 000,222,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV - [2010/09/27 17:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/22 18:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/10 10:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 10:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/07/29 20:45:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/05/31 21:18:28 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 20:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/13 20:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/13 20:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/07/13 20:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/13 20:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/13 20:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/07/13 20:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009/07/13 20:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 20:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/07/13 20:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 20:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 20:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009/07/13 20:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2009/07/13 20:16:15 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2009/07/13 20:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/07/13 20:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/07/13 20:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/07/13 20:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/13 20:16:12 | 000,154,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2009/07/13 20:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 20:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 20:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009/07/13 20:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009/07/13 20:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009/07/13 20:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/13 20:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009/07/13 20:15:25 | 000,054,272 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009/07/13 20:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/07/13 20:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009/07/13 20:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009/07/13 20:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009/07/13 20:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator)
SRV - [2009/07/13 20:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 20:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 11:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2008/01/25 17:02:36 | 000,080,384 | ---- | M] () [Auto | Running] -- C:\Program Files\Sun\servicetag\stlisten.exe -- (stlisten)
SRV - [2008/01/25 17:00:50 | 000,071,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Sun\servicetag\stdiscoverer.exe -- (stdiscover)


========== Driver Services (All) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Robert\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/31 12:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2012/08/22 12:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2012/08/22 12:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2012/08/22 12:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2012/08/03 14:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/08/03 14:38:05 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/07/06 14:23:23 | 000,393,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2012/06/01 23:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2012/06/01 23:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2012/06/01 23:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2012/04/27 22:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/17 02:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/08 18:32:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2012/03/01 00:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/16 23:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2011/07/19 11:28:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/07/08 21:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/05/04 20:12:02 | 000,110,680 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV - [2011/05/04 20:12:02 | 000,096,344 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys -- (nds4)
DRV - [2011/05/04 20:12:02 | 000,091,224 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\ncfilter.sys -- (NCFilter)
DRV - [2011/05/04 20:12:02 | 000,088,664 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2011/05/04 20:12:02 | 000,068,184 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys -- (ncpfsp)
DRV - [2011/05/04 20:12:02 | 000,066,136 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV - [2011/05/04 20:12:02 | 000,064,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV - [2011/05/04 20:12:02 | 000,063,576 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV - [2011/05/04 20:12:02 | 000,059,992 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2011/05/04 20:12:02 | 000,045,656 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV - [2011/05/04 20:12:02 | 000,044,632 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV - [2011/05/04 20:12:02 | 000,040,536 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV - [2011/05/04 20:12:02 | 000,030,808 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV - [2011/05/04 20:12:02 | 000,028,760 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV - [2011/05/04 20:12:02 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV - [2011/05/04 20:12:02 | 000,027,224 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2011/05/04 20:12:02 | 000,026,712 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys -- (nccache)
DRV - [2011/05/04 20:12:02 | 000,022,616 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV - [2011/05/04 20:12:02 | 000,022,104 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV - [2011/05/04 20:12:02 | 000,018,008 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV - [2011/04/28 21:46:33 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/04/28 21:46:15 | 000,310,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/28 21:46:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/27 22:15:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2011/04/26 21:17:28 | 000,096,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/26 21:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/24 21:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2011/03/30 03:45:36 | 006,575,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/30 03:45:36 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/24 21:58:37 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011/03/24 21:58:06 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2011/03/24 21:57:58 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2011/03/24 21:57:58 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2011/03/24 21:57:56 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 00:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 00:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 00:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/10 23:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2011/02/22 23:47:33 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/01/07 03:33:30 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/12/03 03:53:30 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/11/20 07:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/20 07:30:16 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/20 07:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 07:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/20 07:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 07:30:10 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/20 07:30:06 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/20 07:30:05 | 000,233,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2010/11/20 07:30:04 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/20 07:30:01 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/20 07:30:01 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/20 07:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2010/11/20 07:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 07:29:47 | 000,728,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010/11/20 07:29:15 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/20 07:24:30 | 000,194,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:22:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2010/11/20 05:22:19 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/20 05:21:10 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/20 05:07:50 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/20 05:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/20 05:07:45 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/20 05:07:39 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/20 05:07:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2010/11/20 05:06:41 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/20 05:06:36 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/20 05:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 05:00:24 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/20 05:00:21 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/20 05:00:21 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:59:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/20 04:59:29 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010/11/20 04:59:20 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2010/11/20 04:58:59 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2010/11/20 04:50:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/20 04:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 04:50:10 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/20 04:50:05 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2010/11/20 04:29:49 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2010/11/20 04:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 04:19:15 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/20 03:54:02 | 000,084,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2010/11/20 03:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 03:44:05 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/20 03:42:43 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2010/11/20 03:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/11/20 03:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/20 03:40:21 | 000,513,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/11/20 03:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010/11/20 03:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/11/20 03:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2010/11/11 23:22:00 | 000,059,136 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2010/11/05 09:28:52 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/11/05 09:28:50 | 000,063,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/10/31 22:20:30 | 001,800,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/10/31 22:17:29 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/10/31 22:13:51 | 000,186,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/10/31 22:04:08 | 001,310,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/10/31 21:56:19 | 000,111,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2010/10/31 21:56:19 | 000,088,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2010/10/31 21:56:19 | 000,018,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2010/10/31 21:56:18 | 000,297,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwampfl.sys -- (btwampfl)
DRV - [2010/10/31 21:56:10 | 000,033,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2010/10/31 21:49:57 | 003,154,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2010/10/22 20:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/22 20:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/22 20:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/22 20:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/22 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/10/22 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/04/26 15:20:29 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2010/02/18 11:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/13 20:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/07/13 20:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/13 20:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/13 20:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 20:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2009/07/13 20:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 20:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 20:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/13 20:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 20:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2009/07/13 20:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2009/07/13 20:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 20:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 20:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2009/07/13 20:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 20:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2009/07/13 20:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2009/07/13 19:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 19:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 18:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009/07/13 18:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/13 18:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 18:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/13 18:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 18:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 18:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/13 18:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 18:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 18:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 18:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 18:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/13 18:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 18:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 18:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 18:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:51:43 | 000,093,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan)
DRV - [2009/07/13 18:51:41 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM)
DRV - [2009/07/13 18:51:36 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 18:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2009/07/13 18:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/07/13 18:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2009/07/13 18:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2009/07/13 18:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 18:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 18:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 18:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 18:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2009/07/13 18:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 18:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 18:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2009/07/13 18:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/13 18:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2009/07/13 18:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 18:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 18:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 18:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 18:45:05 | 000,131,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4)
DRV - [2009/07/13 18:45:03 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 18:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 18:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 18:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2009/07/13 18:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/13 18:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 18:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 18:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 18:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 18:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/13 18:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 18:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 18:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 18:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 18:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 18:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 18:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 17:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/13 15:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/10 16:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/26 16:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/03/14 01:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/12/20 12:49:26 | 000,448,896 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {DB795A69-FC7B-4403-A48E-BB418C7F4072}
IE - HKCU\..\SearchScopes\{46CCD341-1D74-4BE8-B987-1E6147451262}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{DB795A69-FC7B-4403-A48E-BB418C7F4072}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7AURU_enUS498
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Robert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 04:36:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Robert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/07/25 17:23:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn File not found
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AMD] C:\Users\Robert\AppData\Local\ArcSoft\AMD\hmufisxl.dll (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://secure.niu.edu/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8AF8E8A-1E64-4DAB-9763-73E75794FFB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDD542F5-8E5E-415D-BCA2-C254B251AA0B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 16:40:31 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/12 02:36:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/12 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B2527A7B-2BD8-4549-97B8-2D8BD36669BB}
[2012/10/12 01:41:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/12 01:39:29 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/12 01:39:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/12 01:39:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/12 01:39:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/12 01:39:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/12 01:39:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/12 01:39:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/12 01:39:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/12 01:39:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/12 01:39:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/12 01:39:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/12 01:39:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/12 01:39:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/12 01:39:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/12 01:39:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/12 01:39:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/12 01:39:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/12 01:39:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/12 01:39:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/12 01:39:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/12 01:39:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/12 01:39:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/12 01:39:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/12 01:39:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/12 01:39:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/12 01:39:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/12 01:39:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/12 01:39:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/12 01:39:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/12 01:38:57 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/12 01:35:10 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/12 01:35:09 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/03 23:33:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{64B5E500-10EB-4B02-ABF1-0C223F3B70CD}
[2012/09/26 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5F397F37-B7EB-4A13-AAB2-8596409E0387}
[2012/09/26 15:29:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{8D2DD6BA-1B9D-4507-8738-66AEAE67FCE7}
[2012/09/25 20:40:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/24 20:31:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3029FFBE-4F50-4F5A-BDF2-E69F21160BE2}
[2012/09/24 13:57:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/24 13:57:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/24 13:57:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/24 13:57:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/24 13:57:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/24 13:57:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/24 13:57:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/24 13:57:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/14 12:27:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DB6F4513-D3EE-40AC-AAAC-72A128BA0A2D}
[2012/09/13 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3A417E83-FC24-4233-9CA9-C798105256C2}

========== Files - Modified Within 30 Days ==========

[2012/10/12 16:47:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 16:38:01 | 000,628,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/12 16:38:01 | 000,108,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/12 16:15:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3395484017-3835033656-2980198702-1001UA.job
[2012/10/12 16:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 13:47:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 06:50:35 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/12 03:14:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/12 03:14:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/12 02:12:46 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 02:12:46 | 000,014,144 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 02:03:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 02:03:07 | 2814,562,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 22:15:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3395484017-3835033656-2980198702-1001Core.job
[2012/10/03 23:21:00 | 000,015,963 | ---- | M] () -- C:\Users\Robert\Desktop\Blister in the Sun.pdf
[2012/09/26 13:50:23 | 392,510,607 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/14 13:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files Created - No Company Name ==========

[2012/10/03 23:21:00 | 000,015,963 | ---- | C] () -- C:\Users\Robert\Desktop\Blister in the Sun.pdf
[2012/05/06 12:32:10 | 000,004,096 | -H-- | C] () -- C:\Users\Robert\AppData\Local\keyfile3.drm
[2011/07/14 18:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Robert\defogger_reenable
[2011/06/17 17:45:34 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2011/05/04 20:12:02 | 000,920,152 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2011/05/04 20:12:02 | 000,662,104 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2011/05/04 20:12:02 | 000,404,056 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2011/05/04 20:12:02 | 000,277,080 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2011/05/04 20:12:02 | 000,240,216 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2011/05/04 20:12:02 | 000,191,064 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll
[2011/05/04 20:12:02 | 000,166,488 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2011/05/04 20:12:02 | 000,113,240 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2011/05/04 20:12:02 | 000,110,680 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2011/05/04 20:12:02 | 000,091,224 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2011/05/04 20:12:02 | 000,035,928 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2011/05/04 20:12:02 | 000,026,712 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2011/05/04 20:12:02 | 000,026,200 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2011/05/04 20:12:02 | 000,022,616 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2011/05/04 20:12:02 | 000,014,424 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2011/03/17 00:04:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/05 23:23:48 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/12/05 23:23:48 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %windir%\system32\drivers\*.sys /lockedfiles >

< End of report >

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users