Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Issues-Possible Viruses


  • This topic is locked This topic is locked
13 replies to this topic

#1 LauraSmith

LauraSmith

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 October 2012 - 09:53 AM

Hi,

I am still unsure as to whether I have removed malware/virus issues associated with My Incredibar and the VirTool:Win32/DelfInject.gen Virus as my computer is still running slow after running several viral removal software scans.

I have posted ComboFix Log Report Below.

PS: Please note I have already been instructed by one of your moderators to post a ComboFix Log in a previous topic post, however I was unable to give a report back at the time as I had major Internet connectivity issues. I apologise for this inconvenience.

------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 12-10-11.03 - Thind 11/10/2012 15:09:12.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1087 [GMT 1:00]
Running from: c:\users\Thind\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thind\GoToAssistDownloadHelper.exe
c:\windows\desktop
c:\windows\desktop\tomb3.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 14:33 . 2012-10-11 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 13:44 . 2012-10-11 13:44 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12CE1F8E-F131-4A3C-8C0A-968EC24AA8AA}\offreg.dll
2012-10-10 23:50 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12CE1F8E-F131-4A3C-8C0A-968EC24AA8AA}\mpengine.dll
2012-10-10 20:17 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 15:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 15:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 20:17 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-10 20:17 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 20:17 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 20:17 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 20:17 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 20:16 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 20:16 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 20:16 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 20:16 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 20:16 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 20:16 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 20:16 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 20:16 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 21:54 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 11:47 . 2012-10-01 17:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD474681-2E04-4EA5-BFDC-9D58E59AB218}\gapaengine.dll
2012-10-01 17:17 . 2012-10-01 17:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-26 10:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:04 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:04 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:04 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:04 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:04 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:44 . 2012-09-01 19:23 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 15:02 . 2012-08-16 01:46 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:02 . 2012-08-16 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 20:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-01 20:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2012-03-20 19:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 15:02 . 2012-08-29 15:01 388096 ----a-r- c:\users\Thind\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-23 08:26 . 2012-08-28 22:40 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{592A422D-F9AE-409C-8346-BC026A964FBE}\mpengine.dll
2012-08-20 17:38 . 2012-10-10 20:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-29 19:52 . 2012-07-06 23:30 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-18 18:15 . 2012-08-15 13:30 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2012-03-02 67968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-27 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:02]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560224713-1747127086-1684988848-1001Core.job
- c:\users\Thind\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 15:25]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560224713-1747127086-1684988848-1001UA.job
- c:\users\Thind\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 15:25]
.
2012-10-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-08-29 15:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-64289385.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-11 15:41:58
ComboFix-quarantined-files.txt 2012-10-11 14:41
.
Pre-Run: 43,240,824,832 bytes free
Post-Run: 44,532,862,976 bytes free
.
- - End Of File - - E87BFCF04508D6BF1F54EF3803B54099

BC AdBot (Login to Remove)

 


#2 LauraSmith

LauraSmith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 11 October 2012 - 10:07 AM

Sorry,
I was also instructed by one of your moderators (Nasdaq), to post log files for AdwCleaner and Security Check both are now posted below.

For what was instructed the original forum post can be found here: http://www.bleepingcomputer.com/forums/topic467288.html/page__p__2827794#entry2827794.

-------------------------------------------------------------------------------------------------------------------------------------
Security Check:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

-----------------------------------------------------------------------------------------------------------------------------------
AdwCleaner Log:

# AdwCleaner v2.004 - Logfile created 10/11/2012 at 16:00:25
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Thind - THIND-PC
# Boot Mode : Normal
# Running from : C:\Users\Thind\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Funmoods

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1768 octets] - [11/10/2012 16:00:25]

########## EOF - C:\AdwCleaner[R1].txt - [1828 octets] ##########

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 12 October 2012 - 08:44 AM

Greetings LauraSmith and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 12 October 2012 - 09:15 AM

Greetings LauraSmith,

Thank you for allowing me some time to review the information already posted. We need to address a few cautionary issues then I will have you run 2 programs for me.

Please consider and perform the following, if you would.


===================================================


BACKDOOR WARNING!

--------------------

This warning is based on the information your provided, specifically:

I have removed malware/virus issues associated with My Incredibar and the VirTool:Win32/DelfInject.gen Virus

I have not verified the infection myself but have no reason to doubt it was present on your system. As a result, it is prudent for me to advise you of the following.

----------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Use of Registry Cleaner Not Recommended

--------------------

I notice you have RegistryBooster installed on your computer.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

If you persist in using a registry cleaner you should always backup the registry before doing so.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 LauraSmith

LauraSmith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 12 October 2012 - 09:42 AM

Hi Gary,

Thank you for your reply and assistance.

Its unfortunate to hear that the VirTool:Win32/DelfInject.gen Virus is a Dangerous Backdoor Virus, however I removed it a month ago via installing Microsoft Security Essentials and I have had no unusual behaviour reported on my computer, even using Internet Banking.

Nevertheless I am willing to reboot and reinstall Windows should the Logs record something malicious.

In regards to how my computer is running, it runs very slow even with just two programs running such as the internet. I looked at the CPU Performance from the Start Task Manager and it is very erratic, shooting to 100%-90% usage when ever I run program or is on the Internet.


Here are the requested logs:

TDSS Killer Log:

Result: No Threats Found

15:28:41.0544 4432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:28:41.0699 4432 ============================================================
15:28:41.0699 4432 Current date / time: 2012/10/12 15:28:41.0699
15:28:41.0699 4432 SystemInfo:
15:28:41.0699 4432
15:28:41.0699 4432 OS Version: 6.1.7601 ServicePack: 1.0
15:28:41.0699 4432 Product type: Workstation
15:28:41.0699 4432 ComputerName: THIND-PC
15:28:41.0700 4432 UserName: Thind
15:28:41.0700 4432 Windows directory: C:\Windows
15:28:41.0700 4432 System windows directory: C:\Windows
15:28:41.0700 4432 Running under WOW64
15:28:41.0700 4432 Processor architecture: Intel x64
15:28:41.0700 4432 Number of processors: 1
15:28:41.0700 4432 Page size: 0x1000
15:28:41.0700 4432 Boot type: Normal boot
15:28:41.0700 4432 ============================================================
15:28:43.0494 4432 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:43.0567 4432 ============================================================
15:28:43.0567 4432 \Device\Harddisk0\DR0:
15:28:43.0568 4432 MBR partitions:
15:28:43.0568 4432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:28:43.0568 4432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x110C3800
15:28:43.0568 4432 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11127800, BlocksNum 0x18F1800
15:28:43.0568 4432 ============================================================
15:28:43.0602 4432 C: <-> \Device\Harddisk0\DR0\Partition2
15:28:43.0679 4432 D: <-> \Device\Harddisk0\DR0\Partition3
15:28:43.0679 4432 ============================================================
15:28:43.0679 4432 Initialize success
15:28:43.0679 4432 ============================================================
15:28:45.0627 4228 ============================================================
15:28:45.0627 4228 Scan started
15:28:45.0627 4228 Mode: Manual;
15:28:45.0627 4228 ============================================================
15:28:46.0215 4228 ================ Scan system memory ========================
15:28:46.0215 4228 System memory - ok
15:28:46.0218 4228 ================ Scan services =============================
15:28:46.0329 4228 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:28:46.0332 4228 1394ohci - ok
15:28:46.0358 4228 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:28:46.0362 4228 ACPI - ok
15:28:46.0388 4228 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:28:46.0389 4228 AcpiPmi - ok
15:28:46.0612 4228 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:46.0615 4228 AdobeFlashPlayerUpdateSvc - ok
15:28:46.0658 4228 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:28:46.0664 4228 adp94xx - ok
15:28:46.0697 4228 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:28:46.0701 4228 adpahci - ok
15:28:46.0714 4228 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:28:46.0717 4228 adpu320 - ok
15:28:46.0759 4228 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:28:46.0761 4228 AeLookupSvc - ok
15:28:46.0851 4228 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
15:28:46.0853 4228 AESTFilters - ok
15:28:46.0916 4228 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:28:46.0924 4228 AFD - ok
15:28:46.0974 4228 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:28:46.0987 4228 AgereSoftModem - ok
15:28:47.0028 4228 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:28:47.0029 4228 agp440 - ok
15:28:47.0073 4228 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:28:47.0075 4228 ALG - ok
15:28:47.0101 4228 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:28:47.0102 4228 aliide - ok
15:28:47.0116 4228 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:28:47.0117 4228 amdide - ok
15:28:47.0159 4228 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:28:47.0160 4228 AmdK8 - ok
15:28:47.0170 4228 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:28:47.0173 4228 AmdPPM - ok
15:28:47.0203 4228 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:28:47.0204 4228 amdsata - ok
15:28:47.0228 4228 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:28:47.0230 4228 amdsbs - ok
15:28:47.0246 4228 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:28:47.0247 4228 amdxata - ok
15:28:47.0295 4228 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:28:47.0296 4228 AppID - ok
15:28:47.0330 4228 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:28:47.0331 4228 AppIDSvc - ok
15:28:47.0403 4228 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:28:47.0405 4228 Appinfo - ok
15:28:47.0474 4228 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:28:47.0475 4228 arc - ok
15:28:47.0486 4228 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:28:47.0487 4228 arcsas - ok
15:28:47.0539 4228 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:47.0540 4228 AsyncMac - ok
15:28:47.0574 4228 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:28:47.0575 4228 atapi - ok
15:28:47.0641 4228 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:28:47.0656 4228 athr - ok
15:28:47.0719 4228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:47.0727 4228 AudioEndpointBuilder - ok
15:28:47.0744 4228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:28:47.0748 4228 AudioSrv - ok
15:28:47.0801 4228 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:28:47.0803 4228 AxInstSV - ok
15:28:47.0844 4228 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:28:47.0850 4228 b06bdrv - ok
15:28:47.0883 4228 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:47.0887 4228 b57nd60a - ok
15:28:48.0002 4228 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:28:48.0005 4228 BBSvc - ok
15:28:48.0049 4228 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:28:48.0053 4228 BBUpdate - ok
15:28:48.0083 4228 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:28:48.0085 4228 BDESVC - ok
15:28:48.0116 4228 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:28:48.0117 4228 Beep - ok
15:28:48.0183 4228 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:28:48.0191 4228 BFE - ok
15:28:48.0252 4228 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:28:48.0262 4228 BITS - ok
15:28:48.0309 4228 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:48.0310 4228 blbdrive - ok
15:28:48.0353 4228 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:28:48.0354 4228 bowser - ok
15:28:48.0387 4228 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:28:48.0388 4228 BrFiltLo - ok
15:28:48.0399 4228 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:28:48.0400 4228 BrFiltUp - ok
15:28:48.0432 4228 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:28:48.0434 4228 BridgeMP - ok
15:28:48.0463 4228 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:28:48.0465 4228 Browser - ok
15:28:48.0497 4228 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:28:48.0501 4228 Brserid - ok
15:28:48.0522 4228 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:48.0523 4228 BrSerWdm - ok
15:28:48.0536 4228 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:48.0537 4228 BrUsbMdm - ok
15:28:48.0548 4228 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:48.0550 4228 BrUsbSer - ok
15:28:48.0561 4228 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:28:48.0564 4228 BTHMODEM - ok
15:28:48.0596 4228 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:28:48.0598 4228 bthserv - ok
15:28:48.0632 4228 catchme - ok
15:28:48.0660 4228 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:28:48.0664 4228 cdfs - ok
15:28:48.0713 4228 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:28:48.0716 4228 cdrom - ok
15:28:48.0768 4228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:28:48.0770 4228 CertPropSvc - ok
15:28:48.0799 4228 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:28:48.0800 4228 circlass - ok
15:28:48.0836 4228 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:28:48.0841 4228 CLFS - ok
15:28:48.0904 4228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:48.0906 4228 clr_optimization_v2.0.50727_32 - ok
15:28:48.0953 4228 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:48.0956 4228 clr_optimization_v2.0.50727_64 - ok
15:28:49.0009 4228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:49.0011 4228 clr_optimization_v4.0.30319_32 - ok
15:28:49.0035 4228 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:49.0038 4228 clr_optimization_v4.0.30319_64 - ok
15:28:49.0078 4228 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:49.0079 4228 CmBatt - ok
15:28:49.0095 4228 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:28:49.0095 4228 cmdide - ok
15:28:49.0149 4228 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:28:49.0154 4228 CNG - ok
15:28:49.0256 4228 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:28:49.0274 4228 Com4QLBEx - ok
15:28:49.0300 4228 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:28:49.0301 4228 Compbatt - ok
15:28:49.0342 4228 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:28:49.0344 4228 CompositeBus - ok
15:28:49.0374 4228 COMSysApp - ok
15:28:49.0396 4228 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:28:49.0399 4228 crcdisk - ok
15:28:49.0460 4228 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:28:49.0463 4228 CryptSvc - ok
15:28:49.0518 4228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:28:49.0526 4228 DcomLaunch - ok
15:28:49.0587 4228 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:28:49.0591 4228 defragsvc - ok
15:28:49.0636 4228 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:28:49.0638 4228 DfsC - ok
15:28:49.0676 4228 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:28:49.0680 4228 Dhcp - ok
15:28:49.0706 4228 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:28:49.0708 4228 discache - ok
15:28:49.0725 4228 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:28:49.0726 4228 Disk - ok
15:28:49.0769 4228 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:28:49.0772 4228 Dnscache - ok
15:28:49.0820 4228 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:28:49.0823 4228 dot3svc - ok
15:28:49.0886 4228 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:28:49.0889 4228 Dot4 - ok
15:28:49.0931 4228 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:28:49.0933 4228 Dot4Print - ok
15:28:49.0968 4228 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:28:49.0969 4228 dot4usb - ok
15:28:50.0015 4228 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:28:50.0018 4228 DPS - ok
15:28:50.0047 4228 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:28:50.0048 4228 drmkaud - ok
15:28:50.0115 4228 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:28:50.0127 4228 DXGKrnl - ok
15:28:50.0156 4228 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:28:50.0158 4228 EapHost - ok
15:28:50.0240 4228 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:28:50.0278 4228 ebdrv - ok
15:28:50.0302 4228 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:28:50.0305 4228 EFS - ok
15:28:50.0387 4228 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:28:50.0395 4228 ehRecvr - ok
15:28:50.0429 4228 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:28:50.0431 4228 ehSched - ok
15:28:50.0467 4228 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:28:50.0473 4228 elxstor - ok
15:28:50.0503 4228 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:28:50.0505 4228 ErrDev - ok
15:28:50.0572 4228 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:28:50.0578 4228 EventSystem - ok
15:28:50.0602 4228 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:28:50.0606 4228 exfat - ok
15:28:50.0629 4228 ezSharedSvc - ok
15:28:50.0651 4228 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:28:50.0656 4228 fastfat - ok
15:28:50.0723 4228 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:28:50.0732 4228 Fax - ok
15:28:50.0745 4228 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:28:50.0746 4228 fdc - ok
15:28:50.0767 4228 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:28:50.0769 4228 fdPHost - ok
15:28:50.0789 4228 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:28:50.0791 4228 FDResPub - ok
15:28:50.0807 4228 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:28:50.0810 4228 FileInfo - ok
15:28:50.0841 4228 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:28:50.0842 4228 Filetrace - ok
15:28:50.0859 4228 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:50.0860 4228 flpydisk - ok
15:28:50.0917 4228 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:28:50.0922 4228 FltMgr - ok
15:28:50.0979 4228 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:28:50.0993 4228 FontCache - ok
15:28:51.0048 4228 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:51.0049 4228 FontCache3.0.0.0 - ok
15:28:51.0077 4228 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:28:51.0079 4228 FsDepends - ok
15:28:51.0110 4228 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:28:51.0112 4228 Fs_Rec - ok
15:28:51.0166 4228 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:28:51.0169 4228 fvevol - ok
15:28:51.0191 4228 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:28:51.0193 4228 gagp30kx - ok
15:28:51.0281 4228 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:28:51.0285 4228 GameConsoleService - ok
15:28:51.0332 4228 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe
15:28:51.0333 4228 GoToAssist - ok
15:28:51.0389 4228 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:28:51.0398 4228 gpsvc - ok
15:28:51.0426 4228 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:28:51.0428 4228 hcw85cir - ok
15:28:51.0471 4228 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:51.0476 4228 HdAudAddService - ok
15:28:51.0518 4228 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:28:51.0520 4228 HDAudBus - ok
15:28:51.0533 4228 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:28:51.0534 4228 HidBatt - ok
15:28:51.0559 4228 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:28:51.0584 4228 HidBth - ok
15:28:51.0612 4228 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:28:51.0613 4228 HidIr - ok
15:28:51.0637 4228 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:28:51.0638 4228 hidserv - ok
15:28:51.0657 4228 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:28:51.0659 4228 HidUsb - ok
15:28:51.0708 4228 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:28:51.0711 4228 hkmsvc - ok
15:28:51.0753 4228 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:28:51.0758 4228 HomeGroupListener - ok
15:28:51.0824 4228 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:28:51.0828 4228 HomeGroupProvider - ok
15:28:51.0917 4228 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:28:51.0921 4228 hpqcxs08 - ok
15:28:51.0983 4228 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:28:51.0985 4228 HpqKbFiltr - ok
15:28:52.0023 4228 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:28:52.0028 4228 hpqwmiex - ok
15:28:52.0063 4228 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:28:52.0064 4228 HpSAMD - ok
15:28:52.0134 4228 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:28:52.0142 4228 HTTP - ok
15:28:52.0184 4228 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:28:52.0185 4228 hwpolicy - ok
15:28:52.0234 4228 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:28:52.0236 4228 i8042prt - ok
15:28:52.0295 4228 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:28:52.0300 4228 iaStorV - ok
15:28:52.0371 4228 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:52.0381 4228 idsvc - ok
15:28:52.0598 4228 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:28:52.0677 4228 igfx - ok
15:28:52.0713 4228 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:28:52.0714 4228 iirsp - ok
15:28:52.0780 4228 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:28:52.0790 4228 IKEEXT - ok
15:28:52.0832 4228 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:28:52.0835 4228 IntcHdmiAddService - ok
15:28:52.0863 4228 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:28:52.0864 4228 intelide - ok
15:28:52.0882 4228 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:28:52.0884 4228 intelppm - ok
15:28:52.0920 4228 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:28:52.0923 4228 IPBusEnum - ok
15:28:52.0972 4228 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:52.0974 4228 IpFilterDriver - ok
15:28:53.0025 4228 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:28:53.0032 4228 iphlpsvc - ok
15:28:53.0057 4228 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:28:53.0059 4228 IPMIDRV - ok
15:28:53.0091 4228 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:28:53.0093 4228 IPNAT - ok
15:28:53.0122 4228 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:28:53.0123 4228 IRENUM - ok
15:28:53.0150 4228 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:28:53.0151 4228 isapnp - ok
15:28:53.0177 4228 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:28:53.0181 4228 iScsiPrt - ok
15:28:53.0210 4228 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:28:53.0212 4228 kbdclass - ok
15:28:53.0248 4228 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:28:53.0249 4228 kbdhid - ok
15:28:53.0268 4228 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:28:53.0269 4228 KeyIso - ok
15:28:53.0297 4228 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:28:53.0299 4228 KSecDD - ok
15:28:53.0320 4228 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:28:53.0322 4228 KSecPkg - ok
15:28:53.0342 4228 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:28:53.0343 4228 ksthunk - ok
15:28:53.0384 4228 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:28:53.0390 4228 KtmRm - ok
15:28:53.0444 4228 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:28:53.0449 4228 LanmanServer - ok
15:28:53.0492 4228 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:53.0496 4228 LanmanWorkstation - ok
15:28:53.0540 4228 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:28:53.0541 4228 lltdio - ok
15:28:53.0582 4228 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:28:53.0587 4228 lltdsvc - ok
15:28:53.0611 4228 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:28:53.0614 4228 lmhosts - ok
15:28:53.0642 4228 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:28:53.0644 4228 LSI_FC - ok
15:28:53.0668 4228 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:28:53.0670 4228 LSI_SAS - ok
15:28:53.0682 4228 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:28:53.0684 4228 LSI_SAS2 - ok
15:28:53.0696 4228 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:28:53.0699 4228 LSI_SCSI - ok
15:28:53.0711 4228 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:28:53.0712 4228 luafv - ok
15:28:53.0756 4228 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
15:28:53.0763 4228 mcdbus - ok
15:28:53.0820 4228 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:28:53.0823 4228 Mcx2Svc - ok
15:28:53.0847 4228 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:28:53.0848 4228 megasas - ok
15:28:53.0862 4228 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:28:53.0867 4228 MegaSR - ok
15:28:53.0896 4228 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:28:53.0899 4228 MMCSS - ok
15:28:53.0917 4228 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:28:53.0918 4228 Modem - ok
15:28:53.0937 4228 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:28:53.0938 4228 monitor - ok
15:28:53.0957 4228 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:28:53.0959 4228 mouclass - ok
15:28:53.0972 4228 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:28:53.0973 4228 mouhid - ok
15:28:54.0021 4228 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:28:54.0023 4228 mountmgr - ok
15:28:54.0059 4228 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:28:54.0061 4228 MpFilter - ok
15:28:54.0083 4228 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:28:54.0086 4228 mpio - ok
15:28:54.0118 4228 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:28:54.0120 4228 mpsdrv - ok
15:28:54.0176 4228 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:28:54.0186 4228 MpsSvc - ok
15:28:54.0229 4228 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:28:54.0232 4228 MRxDAV - ok
15:28:54.0270 4228 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:54.0272 4228 mrxsmb - ok
15:28:54.0295 4228 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:54.0299 4228 mrxsmb10 - ok
15:28:54.0321 4228 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:54.0323 4228 mrxsmb20 - ok
15:28:54.0356 4228 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:28:54.0357 4228 msahci - ok
15:28:54.0396 4228 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:28:54.0398 4228 msdsm - ok
15:28:54.0422 4228 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:28:54.0426 4228 MSDTC - ok
15:28:54.0473 4228 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:28:54.0474 4228 Msfs - ok
15:28:54.0497 4228 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:28:54.0498 4228 mshidkmdf - ok
15:28:54.0527 4228 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:28:54.0528 4228 msisadrv - ok
15:28:54.0558 4228 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:28:54.0561 4228 MSiSCSI - ok
15:28:54.0574 4228 msiserver - ok
15:28:54.0609 4228 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:28:54.0610 4228 MSKSSRV - ok
15:28:54.0696 4228 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:28:54.0697 4228 MsMpSvc - ok
15:28:54.0709 4228 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:54.0710 4228 MSPCLOCK - ok
15:28:54.0723 4228 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:28:54.0724 4228 MSPQM - ok
15:28:54.0773 4228 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:28:54.0780 4228 MsRPC - ok
15:28:54.0820 4228 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:28:54.0821 4228 mssmbios - ok
15:28:54.0863 4228 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:28:54.0864 4228 MSTEE - ok
15:28:54.0875 4228 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:28:54.0876 4228 MTConfig - ok
15:28:54.0900 4228 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:28:54.0903 4228 Mup - ok
15:28:54.0950 4228 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:28:54.0957 4228 napagent - ok
15:28:55.0005 4228 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:28:55.0010 4228 NativeWifiP - ok
15:28:55.0064 4228 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:28:55.0088 4228 NDIS - ok
15:28:55.0122 4228 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:28:55.0123 4228 NdisCap - ok
15:28:55.0155 4228 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:55.0156 4228 NdisTapi - ok
15:28:55.0207 4228 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:55.0209 4228 Ndisuio - ok
15:28:55.0250 4228 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:55.0252 4228 NdisWan - ok
15:28:55.0292 4228 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:28:55.0293 4228 NDProxy - ok
15:28:55.0323 4228 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:28:55.0324 4228 NetBIOS - ok
15:28:55.0367 4228 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:28:55.0370 4228 NetBT - ok
15:28:55.0393 4228 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:28:55.0394 4228 Netlogon - ok
15:28:55.0462 4228 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:28:55.0468 4228 Netman - ok
15:28:55.0499 4228 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:28:55.0507 4228 netprofm - ok
15:28:55.0543 4228 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:55.0549 4228 NetTcpPortSharing - ok
15:28:55.0738 4228 [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
15:28:55.0818 4228 NETw1v64 - ok
15:28:56.0006 4228 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:28:56.0089 4228 NETw5s64 - ok
15:28:56.0228 4228 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:28:56.0283 4228 netw5v64 - ok
15:28:56.0305 4228 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:28:56.0306 4228 nfrd960 - ok
15:28:56.0342 4228 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:28:56.0344 4228 NisDrv - ok
15:28:56.0386 4228 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:28:56.0392 4228 NisSrv - ok
15:28:56.0455 4228 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:28:56.0460 4228 NlaSvc - ok
15:28:56.0485 4228 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:28:56.0486 4228 Npfs - ok
15:28:56.0518 4228 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:28:56.0521 4228 nsi - ok
15:28:56.0538 4228 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:28:56.0540 4228 nsiproxy - ok
15:28:56.0616 4228 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:28:56.0635 4228 Ntfs - ok
15:28:56.0656 4228 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:28:56.0657 4228 Null - ok
15:28:56.0688 4228 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:28:56.0690 4228 nvraid - ok
15:28:56.0710 4228 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:28:56.0713 4228 nvstor - ok
15:28:56.0749 4228 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:28:56.0751 4228 nv_agp - ok
15:28:56.0838 4228 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:28:56.0843 4228 odserv - ok
15:28:56.0865 4228 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:28:56.0867 4228 ohci1394 - ok
15:28:56.0909 4228 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:28:56.0912 4228 ose - ok
15:28:56.0945 4228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:28:56.0952 4228 p2pimsvc - ok
15:28:56.0973 4228 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:28:56.0980 4228 p2psvc - ok
15:28:57.0013 4228 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:28:57.0015 4228 Parport - ok
15:28:57.0050 4228 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:28:57.0051 4228 partmgr - ok
15:28:57.0064 4228 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:28:57.0068 4228 PcaSvc - ok
15:28:57.0112 4228 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:28:57.0119 4228 pci - ok
15:28:57.0157 4228 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:28:57.0158 4228 pciide - ok
15:28:57.0195 4228 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:28:57.0198 4228 pcmcia - ok
15:28:57.0223 4228 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:28:57.0224 4228 pcw - ok
15:28:57.0260 4228 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:28:57.0268 4228 PEAUTH - ok
15:28:57.0355 4228 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:28:57.0357 4228 PerfHost - ok
15:28:57.0445 4228 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:28:57.0462 4228 pla - ok
15:28:57.0502 4228 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:28:57.0508 4228 PlugPlay - ok
15:28:57.0548 4228 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:28:57.0551 4228 PNRPAutoReg - ok
15:28:57.0586 4228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:28:57.0590 4228 PNRPsvc - ok
15:28:57.0607 4228 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:28:57.0616 4228 PolicyAgent - ok
15:28:57.0657 4228 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:28:57.0661 4228 Power - ok
15:28:57.0711 4228 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:28:57.0713 4228 PptpMiniport - ok
15:28:57.0745 4228 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:28:57.0748 4228 Processor - ok
15:28:57.0802 4228 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:28:57.0807 4228 ProfSvc - ok
15:28:57.0826 4228 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:57.0828 4228 ProtectedStorage - ok
15:28:57.0896 4228 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:28:57.0898 4228 Psched - ok
15:28:57.0939 4228 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:28:57.0955 4228 ql2300 - ok
15:28:57.0993 4228 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:28:57.0995 4228 ql40xx - ok
15:28:58.0033 4228 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:28:58.0037 4228 QWAVE - ok
15:28:58.0057 4228 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:28:58.0059 4228 QWAVEdrv - ok
15:28:58.0188 4228 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
15:28:58.0194 4228 RapportCerberus_43926 - ok
15:28:58.0243 4228 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:28:58.0244 4228 RapportEI64 - ok
15:28:58.0291 4228 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
15:28:58.0293 4228 RapportKE64 - ok
15:28:58.0329 4228 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:28:58.0340 4228 RapportMgmtService - ok
15:28:58.0367 4228 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:28:58.0371 4228 RapportPG64 - ok
15:28:58.0403 4228 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:28:58.0405 4228 RasAcd - ok
15:28:58.0447 4228 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:28:58.0450 4228 RasAgileVpn - ok
15:28:58.0480 4228 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:28:58.0485 4228 RasAuto - ok
15:28:58.0534 4228 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:58.0536 4228 Rasl2tp - ok
15:28:58.0561 4228 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:28:58.0568 4228 RasMan - ok
15:28:58.0585 4228 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:58.0587 4228 RasPppoe - ok
15:28:58.0601 4228 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:28:58.0603 4228 RasSstp - ok
15:28:58.0650 4228 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:28:58.0654 4228 rdbss - ok
15:28:58.0681 4228 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:28:58.0684 4228 rdpbus - ok
15:28:58.0708 4228 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:58.0710 4228 RDPCDD - ok
15:28:58.0734 4228 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:28:58.0736 4228 RDPENCDD - ok
15:28:58.0767 4228 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:28:58.0769 4228 RDPREFMP - ok
15:28:58.0802 4228 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:28:58.0806 4228 RDPWD - ok
15:28:58.0868 4228 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:28:58.0871 4228 rdyboost - ok
15:28:58.0911 4228 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:28:58.0914 4228 RemoteAccess - ok
15:28:58.0956 4228 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:28:58.0961 4228 RemoteRegistry - ok
15:28:59.0045 4228 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:28:59.0049 4228 RichVideo - ok
15:28:59.0074 4228 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:28:59.0076 4228 RpcEptMapper - ok
15:28:59.0108 4228 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:28:59.0110 4228 RpcLocator - ok
15:28:59.0162 4228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:28:59.0168 4228 RpcSs - ok
15:28:59.0210 4228 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:28:59.0212 4228 rspndr - ok
15:28:59.0247 4228 RSUSBSTOR - ok
15:28:59.0282 4228 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:28:59.0287 4228 RTL8167 - ok
15:28:59.0309 4228 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:28:59.0312 4228 SamSs - ok
15:28:59.0344 4228 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:28:59.0345 4228 sbp2port - ok
15:28:59.0385 4228 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:28:59.0392 4228 SCardSvr - ok
15:28:59.0438 4228 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:28:59.0439 4228 scfilter - ok
15:28:59.0512 4228 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:28:59.0531 4228 Schedule - ok
15:28:59.0585 4228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:28:59.0588 4228 SCPolicySvc - ok
15:28:59.0645 4228 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:28:59.0647 4228 sdbus - ok
15:28:59.0688 4228 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:28:59.0692 4228 SDRSVC - ok
15:28:59.0737 4228 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:28:59.0739 4228 secdrv - ok
15:28:59.0755 4228 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:28:59.0758 4228 seclogon - ok
15:28:59.0788 4228 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:28:59.0791 4228 SENS - ok
15:28:59.0822 4228 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:28:59.0825 4228 SensrSvc - ok
15:28:59.0840 4228 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:28:59.0841 4228 Serenum - ok
15:28:59.0854 4228 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:28:59.0857 4228 Serial - ok
15:28:59.0880 4228 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:28:59.0881 4228 sermouse - ok
15:28:59.0948 4228 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:28:59.0952 4228 SessionEnv - ok
15:28:59.0983 4228 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:28:59.0984 4228 sffdisk - ok
15:28:59.0996 4228 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:28:59.0998 4228 sffp_mmc - ok
15:29:00.0011 4228 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:29:00.0012 4228 sffp_sd - ok
15:29:00.0036 4228 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:00.0037 4228 sfloppy - ok
15:29:00.0075 4228 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:29:00.0080 4228 SharedAccess - ok
15:29:00.0134 4228 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:00.0140 4228 ShellHWDetection - ok
15:29:00.0171 4228 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:00.0173 4228 SiSRaid2 - ok
15:29:00.0185 4228 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:00.0187 4228 SiSRaid4 - ok
15:29:00.0233 4228 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:00.0235 4228 Smb - ok
15:29:00.0278 4228 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:00.0280 4228 SNMPTRAP - ok
15:29:00.0301 4228 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:00.0302 4228 spldr - ok
15:29:00.0348 4228 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:29:00.0356 4228 Spooler - ok
15:29:00.0467 4228 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:29:00.0510 4228 sppsvc - ok
15:29:00.0546 4228 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:29:00.0549 4228 sppuinotify - ok
15:29:00.0594 4228 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:00.0599 4228 srv - ok
15:29:00.0629 4228 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:00.0634 4228 srv2 - ok
15:29:00.0671 4228 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:29:00.0676 4228 SrvHsfHDA - ok
15:29:00.0716 4228 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:29:00.0733 4228 SrvHsfV92 - ok
15:29:00.0770 4228 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:29:00.0780 4228 SrvHsfWinac - ok
15:29:00.0846 4228 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:00.0849 4228 srvnet - ok
15:29:00.0896 4228 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:00.0900 4228 SSDPSRV - ok
15:29:00.0922 4228 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:00.0926 4228 SstpSvc - ok
15:29:01.0023 4228 [ 2185595C6663660FDC90F5A2A79E2155 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
15:29:01.0026 4228 STacSV - ok
15:29:01.0052 4228 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:29:01.0053 4228 stexstor - ok
15:29:01.0094 4228 [ 8D1CE4322A35F840711B87927CB57C05 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:29:01.0100 4228 STHDA - ok
15:29:01.0174 4228 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:01.0182 4228 stisvc - ok
15:29:01.0213 4228 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:29:01.0214 4228 swenum - ok
15:29:01.0270 4228 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:29:01.0277 4228 swprv - ok
15:29:01.0322 4228 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:29:01.0327 4228 SynTP - ok
15:29:01.0459 4228 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:29:01.0484 4228 SysMain - ok
15:29:01.0528 4228 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:01.0531 4228 TabletInputService - ok
15:29:01.0555 4228 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:01.0562 4228 TapiSrv - ok
15:29:01.0592 4228 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:29:01.0597 4228 TBS - ok
15:29:01.0681 4228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:01.0702 4228 Tcpip - ok
15:29:01.0754 4228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:01.0774 4228 TCPIP6 - ok
15:29:01.0828 4228 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:01.0833 4228 tcpipreg - ok
15:29:01.0882 4228 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:01.0883 4228 TDPIPE - ok
15:29:01.0919 4228 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:01.0921 4228 TDTCP - ok
15:29:02.0006 4228 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:02.0026 4228 tdx - ok
15:29:02.0085 4228 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:29:02.0087 4228 TermDD - ok
15:29:02.0137 4228 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:29:02.0147 4228 TermService - ok
15:29:02.0172 4228 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:29:02.0174 4228 Themes - ok
15:29:02.0204 4228 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:02.0206 4228 THREADORDER - ok
15:29:02.0224 4228 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:29:02.0227 4228 TrkWks - ok
15:29:02.0293 4228 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:02.0297 4228 TrustedInstaller - ok
15:29:02.0350 4228 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:02.0351 4228 tssecsrv - ok
15:29:02.0403 4228 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:29:02.0404 4228 TsUsbFlt - ok
15:29:02.0471 4228 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:02.0477 4228 tunnel - ok
15:29:02.0508 4228 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:29:02.0510 4228 uagp35 - ok
15:29:02.0562 4228 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:02.0566 4228 udfs - ok
15:29:02.0613 4228 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:02.0617 4228 UI0Detect - ok
15:29:02.0636 4228 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:02.0638 4228 uliagpkx - ok
15:29:02.0679 4228 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:29:02.0682 4228 umbus - ok
15:29:02.0701 4228 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:29:02.0702 4228 UmPass - ok
15:29:02.0734 4228 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:29:02.0740 4228 upnphost - ok
15:29:02.0759 4228 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:02.0761 4228 usbccgp - ok
15:29:02.0806 4228 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:29:02.0808 4228 usbcir - ok
15:29:02.0842 4228 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:29:02.0843 4228 usbehci - ok
15:29:02.0879 4228 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:02.0884 4228 usbhub - ok
15:29:02.0912 4228 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:02.0913 4228 usbohci - ok
15:29:02.0954 4228 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:29:02.0956 4228 usbprint - ok
15:29:02.0994 4228 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:29:02.0996 4228 usbscan - ok
15:29:03.0039 4228 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:03.0041 4228 USBSTOR - ok
15:29:03.0054 4228 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:29:03.0056 4228 usbuhci - ok
15:29:03.0100 4228 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:29:03.0103 4228 usbvideo - ok
15:29:03.0132 4228 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:29:03.0136 4228 UxSms - ok
15:29:03.0152 4228 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:29:03.0154 4228 VaultSvc - ok
15:29:03.0181 4228 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:29:03.0184 4228 vdrvroot - ok
15:29:03.0250 4228 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:29:03.0258 4228 vds - ok
15:29:03.0301 4228 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:03.0302 4228 vga - ok
15:29:03.0321 4228 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:03.0322 4228 VgaSave - ok
15:29:03.0369 4228 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:29:03.0372 4228 vhdmp - ok
15:29:03.0399 4228 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:03.0401 4228 viaide - ok
15:29:03.0435 4228 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:03.0436 4228 volmgr - ok
15:29:03.0516 4228 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:03.0535 4228 volmgrx - ok
15:29:03.0560 4228 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:03.0563 4228 volsnap - ok
15:29:03.0586 4228 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:03.0588 4228 vsmraid - ok
15:29:03.0667 4228 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:29:03.0686 4228 VSS - ok
15:29:03.0719 4228 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:29:03.0721 4228 vwifibus - ok
15:29:03.0749 4228 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:03.0750 4228 vwififlt - ok
15:29:03.0790 4228 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:29:03.0797 4228 W32Time - ok
15:29:03.0823 4228 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:29:03.0824 4228 WacomPen - ok
15:29:03.0899 4228 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:03.0905 4228 WANARP - ok
15:29:03.0924 4228 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:03.0925 4228 Wanarpv6 - ok
15:29:04.0011 4228 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:04.0031 4228 WatAdminSvc - ok
15:29:04.0106 4228 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:29:04.0127 4228 wbengine - ok
15:29:04.0167 4228 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:04.0172 4228 WbioSrvc - ok
15:29:04.0224 4228 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:04.0230 4228 wcncsvc - ok
15:29:04.0250 4228 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:04.0258 4228 WcsPlugInService - ok
15:29:04.0288 4228 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:29:04.0289 4228 Wd - ok
15:29:04.0314 4228 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:04.0323 4228 Wdf01000 - ok
15:29:04.0351 4228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:04.0355 4228 WdiServiceHost - ok
15:29:04.0367 4228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:04.0370 4228 WdiSystemHost - ok
15:29:04.0415 4228 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:29:04.0420 4228 WebClient - ok
15:29:04.0503 4228 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:04.0511 4228 Wecsvc - ok
15:29:04.0532 4228 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:04.0535 4228 wercplsupport - ok
15:29:04.0573 4228 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:04.0577 4228 WerSvc - ok
15:29:04.0614 4228 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:04.0615 4228 WfpLwf - ok
15:29:04.0642 4228 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:04.0644 4228 WIMMount - ok
15:29:04.0667 4228 WinDefend - ok
15:29:04.0685 4228 WinHttpAutoProxySvc - ok
15:29:04.0741 4228 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:04.0745 4228 Winmgmt - ok
15:29:04.0828 4228 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:04.0852 4228 WinRM - ok
15:29:04.0899 4228 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:04.0900 4228 WinUsb - ok
15:29:04.0951 4228 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:04.0963 4228 Wlansvc - ok
15:29:05.0017 4228 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:29:05.0019 4228 WmiAcpi - ok
15:29:05.0066 4228 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:05.0069 4228 wmiApSrv - ok
15:29:05.0102 4228 WMPNetworkSvc - ok
15:29:05.0133 4228 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:05.0136 4228 WPCSvc - ok
15:29:05.0179 4228 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:05.0183 4228 WPDBusEnum - ok
15:29:05.0212 4228 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:05.0213 4228 ws2ifsl - ok
15:29:05.0234 4228 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:29:05.0237 4228 wscsvc - ok
15:29:05.0250 4228 WSearch - ok
15:29:05.0334 4228 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:05.0363 4228 wuauserv - ok
15:29:05.0413 4228 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:05.0415 4228 WudfPf - ok
15:29:05.0464 4228 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:05.0467 4228 WUDFRd - ok
15:29:05.0530 4228 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:05.0533 4228 wudfsvc - ok
15:29:05.0573 4228 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:05.0578 4228 WwanSvc - ok
15:29:05.0624 4228 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:29:05.0629 4228 yukonw7 - ok
15:29:05.0660 4228 ================ Scan global ===============================
15:29:05.0681 4228 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:05.0730 4228 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:29:05.0742 4228 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:29:05.0773 4228 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:05.0800 4228 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:05.0805 4228 [Global] - ok
15:29:05.0811 4228 ================ Scan MBR ==================================
15:29:05.0822 4228 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
15:29:05.0989 4228 \Device\Harddisk0\DR0 - ok
15:29:05.0992 4228 ================ Scan VBR ==================================
15:29:05.0996 4228 [ EA23AC729F0DE48E0D711DF4A5070AA9 ] \Device\Harddisk0\DR0\Partition1
15:29:05.0998 4228 \Device\Harddisk0\DR0\Partition1 - ok
15:29:06.0013 4228 [ 0D516DEAA7373654F8BEF355E815E107 ] \Device\Harddisk0\DR0\Partition2
15:29:06.0014 4228 \Device\Harddisk0\DR0\Partition2 - ok
15:29:06.0045 4228 [ 29B437E4B20BE665BCBC9E61D12436C7 ] \Device\Harddisk0\DR0\Partition3
15:29:06.0046 4228 \Device\Harddisk0\DR0\Partition3 - ok
15:29:06.0050 4228 ============================================================
15:29:06.0050 4228 Scan finished
15:29:06.0050 4228 ============================================================
15:29:06.0066 3136 Detected object count: 0
15:29:06.0066 3136 Actual detected object count: 0
15:29:21.0714 4760 ============================================================
15:29:21.0714 4760 Scan started
15:29:21.0714 4760 Mode: Manual;
15:29:21.0714 4760 ============================================================
15:29:21.0890 4760 ================ Scan system memory ========================
15:29:21.0890 4760 System memory - ok
15:29:21.0893 4760 ================ Scan services =============================
15:29:22.0040 4760 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:29:22.0043 4760 1394ohci - ok
15:29:22.0077 4760 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:29:22.0081 4760 ACPI - ok
15:29:22.0101 4760 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:29:22.0102 4760 AcpiPmi - ok
15:29:22.0181 4760 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:29:22.0184 4760 AdobeFlashPlayerUpdateSvc - ok
15:29:22.0224 4760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:29:22.0230 4760 adp94xx - ok
15:29:22.0257 4760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:29:22.0260 4760 adpahci - ok
15:29:22.0272 4760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:29:22.0275 4760 adpu320 - ok
15:29:22.0303 4760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:29:22.0305 4760 AeLookupSvc - ok
15:29:22.0386 4760 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
15:29:22.0388 4760 AESTFilters - ok
15:29:22.0435 4760 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:29:22.0441 4760 AFD - ok
15:29:22.0484 4760 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:29:22.0492 4760 AgereSoftModem - ok
15:29:22.0522 4760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:29:22.0524 4760 agp440 - ok
15:29:22.0558 4760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:29:22.0560 4760 ALG - ok
15:29:22.0578 4760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:29:22.0579 4760 aliide - ok
15:29:22.0593 4760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:29:22.0594 4760 amdide - ok
15:29:22.0627 4760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:29:22.0629 4760 AmdK8 - ok
15:29:22.0640 4760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:29:22.0642 4760 AmdPPM - ok
15:29:22.0663 4760 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:29:22.0664 4760 amdsata - ok
15:29:22.0688 4760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:29:22.0691 4760 amdsbs - ok
15:29:22.0707 4760 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:29:22.0708 4760 amdxata - ok
15:29:22.0755 4760 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:29:22.0758 4760 AppID - ok
15:29:22.0782 4760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:29:22.0783 4760 AppIDSvc - ok
15:29:22.0822 4760 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:29:22.0824 4760 Appinfo - ok
15:29:22.0840 4760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:29:22.0842 4760 arc - ok
15:29:22.0853 4760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:29:22.0855 4760 arcsas - ok
15:29:22.0874 4760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:22.0876 4760 AsyncMac - ok
15:29:22.0909 4760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:29:22.0910 4760 atapi - ok
15:29:22.0969 4760 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:29:22.0978 4760 athr - ok
15:29:23.0030 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:29:23.0038 4760 AudioEndpointBuilder - ok
15:29:23.0053 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:29:23.0058 4760 AudioSrv - ok
15:29:23.0096 4760 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:29:23.0098 4760 AxInstSV - ok
15:29:23.0138 4760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:29:23.0141 4760 b06bdrv - ok
15:29:23.0161 4760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:29:23.0163 4760 b57nd60a - ok
15:29:23.0248 4760 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:29:23.0250 4760 BBSvc - ok
15:29:23.0293 4760 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:29:23.0295 4760 BBUpdate - ok
15:29:23.0327 4760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:29:23.0329 4760 BDESVC - ok
15:29:23.0351 4760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:29:23.0352 4760 Beep - ok
15:29:23.0411 4760 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:29:23.0419 4760 BFE - ok
15:29:23.0479 4760 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:29:23.0489 4760 BITS - ok
15:29:23.0519 4760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:23.0520 4760 blbdrive - ok
15:29:23.0547 4760 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:29:23.0548 4760 bowser - ok
15:29:23.0572 4760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:29:23.0573 4760 BrFiltLo - ok
15:29:23.0584 4760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:29:23.0585 4760 BrFiltUp - ok
15:29:23.0597 4760 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:29:23.0598 4760 BridgeMP - ok
15:29:23.0628 4760 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:29:23.0631 4760 Browser - ok
15:29:23.0657 4760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:29:23.0660 4760 Brserid - ok
15:29:23.0682 4760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:23.0683 4760 BrSerWdm - ok
15:29:23.0693 4760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:23.0694 4760 BrUsbMdm - ok
15:29:23.0706 4760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:23.0707 4760 BrUsbSer - ok
15:29:23.0719 4760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:29:23.0720 4760 BTHMODEM - ok
15:29:23.0757 4760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:29:23.0759 4760 bthserv - ok
15:29:23.0785 4760 catchme - ok
15:29:23.0804 4760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:29:23.0806 4760 cdfs - ok
15:29:23.0839 4760 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:29:23.0841 4760 cdrom - ok
15:29:23.0887 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:29:23.0889 4760 CertPropSvc - ok
15:29:23.0918 4760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:29:23.0918 4760 circlass - ok
15:29:23.0955 4760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:29:23.0960 4760 CLFS - ok
15:29:24.0032 4760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:24.0033 4760 clr_optimization_v2.0.50727_32 - ok
15:29:24.0081 4760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:24.0082 4760 clr_optimization_v2.0.50727_64 - ok
15:29:24.0136 4760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:24.0138 4760 clr_optimization_v4.0.30319_32 - ok
15:29:24.0162 4760 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:29:24.0166 4760 clr_optimization_v4.0.30319_64 - ok
15:29:24.0197 4760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:24.0198 4760 CmBatt - ok
15:29:24.0213 4760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:29:24.0214 4760 cmdide - ok
15:29:24.0251 4760 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:29:24.0268 4760 CNG - ok
15:29:24.0333 4760 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:29:24.0336 4760 Com4QLBEx - ok
15:29:24.0352 4760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:29:24.0353 4760 Compbatt - ok
15:29:24.0386 4760 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:29:24.0387 4760 CompositeBus - ok
15:29:24.0399 4760 COMSysApp - ok
15:29:24.0415 4760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:29:24.0416 4760 crcdisk - ok
15:29:24.0471 4760 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:29:24.0473 4760 CryptSvc - ok
15:29:24.0545 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:29:24.0551 4760 DcomLaunch - ok
15:29:24.0589 4760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:29:24.0593 4760 defragsvc - ok
15:29:24.0638 4760 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:29:24.0640 4760 DfsC - ok
15:29:24.0694 4760 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:29:24.0699 4760 Dhcp - ok
15:29:24.0725 4760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:29:24.0726 4760 discache - ok
15:29:24.0744 4760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:29:24.0745 4760 Disk - ok
15:29:24.0788 4760 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:29:24.0791 4760 Dnscache - ok
15:29:24.0838 4760 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:29:24.0842 4760 dot3svc - ok
15:29:24.0880 4760 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:29:24.0883 4760 Dot4 - ok
15:29:24.0908 4760 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:29:24.0909 4760 Dot4Print - ok
15:29:24.0945 4760 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:29:24.0946 4760 dot4usb - ok
15:29:24.0992 4760 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:29:24.0995 4760 DPS - ok
15:29:25.0015 4760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:29:25.0017 4760 drmkaud - ok
15:29:25.0075 4760 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:29:25.0086 4760 DXGKrnl - ok
15:29:25.0117 4760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:29:25.0119 4760 EapHost - ok
15:29:25.0199 4760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:29:25.0219 4760 ebdrv - ok
15:29:25.0245 4760 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:29:25.0247 4760 EFS - ok
15:29:25.0323 4760 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:29:25.0331 4760 ehRecvr - ok
15:29:25.0364 4760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:29:25.0366 4760 ehSched - ok
15:29:25.0403 4760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:29:25.0407 4760 elxstor - ok
15:29:25.0439 4760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:29:25.0439 4760 ErrDev - ok
15:29:25.0491 4760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:29:25.0496 4760 EventSystem - ok
15:29:25.0520 4760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:29:25.0522 4760 exfat - ok
15:29:25.0533 4760 ezSharedSvc - ok
15:29:25.0552 4760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:29:25.0555 4760 fastfat - ok
15:29:25.0609 4760 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:29:25.0617 4760 Fax - ok
15:29:25.0628 4760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:29:25.0629 4760 fdc - ok
15:29:25.0653 4760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:29:25.0654 4760 fdPHost - ok
15:29:25.0675 4760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:29:25.0676 4760 FDResPub - ok
15:29:25.0701 4760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:29:25.0703 4760 FileInfo - ok
15:29:25.0718 4760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:29:25.0720 4760 Filetrace - ok
15:29:25.0736 4760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:29:25.0737 4760 flpydisk - ok
15:29:25.0785 4760 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:29:25.0789 4760 FltMgr - ok
15:29:25.0848 4760 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:29:25.0861 4760 FontCache - ok
15:29:25.0916 4760 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:25.0918 4760 FontCache3.0.0.0 - ok
15:29:25.0946 4760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:29:25.0948 4760 FsDepends - ok
15:29:25.0979 4760 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:29:25.0980 4760 Fs_Rec - ok
15:29:26.0026 4760 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:29:26.0029 4760 fvevol - ok
15:29:26.0051 4760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:29:26.0052 4760 gagp30kx - ok
15:29:26.0108 4760 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:29:26.0112 4760 GameConsoleService - ok
15:29:26.0151 4760 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe
15:29:26.0151 4760 GoToAssist - ok
15:29:26.0208 4760 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:29:26.0213 4760 gpsvc - ok
15:29:26.0245 4760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:29:26.0246 4760 hcw85cir - ok
15:29:26.0289 4760 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:26.0293 4760 HdAudAddService - ok
15:29:26.0322 4760 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:29:26.0324 4760 HDAudBus - ok
15:29:26.0334 4760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:29:26.0335 4760 HidBatt - ok
15:29:26.0361 4760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:29:26.0362 4760 HidBth - ok
15:29:26.0389 4760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:29:26.0390 4760 HidIr - ok
15:29:26.0414 4760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:29:26.0416 4760 hidserv - ok
15:29:26.0427 4760 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:29:26.0429 4760 HidUsb - ok
15:29:26.0477 4760 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:29:26.0479 4760 hkmsvc - ok
15:29:26.0523 4760 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:26.0534 4760 HomeGroupListener - ok
15:29:26.0585 4760 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:26.0589 4760 HomeGroupProvider - ok
15:29:26.0669 4760 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:29:26.0671 4760 hpqcxs08 - ok
15:29:26.0702 4760 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:29:26.0703 4760 HpqKbFiltr - ok
15:29:26.0734 4760 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:29:26.0736 4760 hpqwmiex - ok
15:29:26.0765 4760 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:29:26.0766 4760 HpSAMD - ok
15:29:26.0831 4760 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:29:26.0840 4760 HTTP - ok
15:29:26.0886 4760 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:29:26.0887 4760 hwpolicy - ok
15:29:26.0919 4760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:29:26.0921 4760 i8042prt - ok
15:29:26.0955 4760 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:29:26.0959 4760 iaStorV - ok
15:29:27.0023 4760 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:27.0029 4760 idsvc - ok
15:29:27.0212 4760 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:29:27.0262 4760 igfx - ok
15:29:27.0298 4760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:29:27.0299 4760 iirsp - ok
15:29:27.0365 4760 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:29:27.0375 4760 IKEEXT - ok
15:29:27.0412 4760 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:29:27.0413 4760 IntcHdmiAddService - ok
15:29:27.0456 4760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:29:27.0457 4760 intelide - ok
15:29:27.0478 4760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:29:27.0479 4760 intelppm - ok
15:29:27.0514 4760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:29:27.0517 4760 IPBusEnum - ok
15:29:27.0566 4760 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:27.0568 4760 IpFilterDriver - ok
15:29:27.0619 4760 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:29:27.0624 4760 iphlpsvc - ok
15:29:27.0651 4760 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:29:27.0652 4760 IPMIDRV - ok
15:29:27.0677 4760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:29:27.0679 4760 IPNAT - ok
15:29:27.0699 4760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:29:27.0700 4760 IRENUM - ok
15:29:27.0727 4760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:29:27.0728 4760 isapnp - ok
15:29:27.0754 4760 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:29:27.0758 4760 iScsiPrt - ok
15:29:27.0779 4760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:29:27.0780 4760 kbdclass - ok
15:29:27.0796 4760 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:29:27.0798 4760 kbdhid - ok
15:29:27.0820 4760 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:29:27.0821 4760 KeyIso - ok
15:29:27.0858 4760 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:29:27.0859 4760 KSecDD - ok
15:29:27.0880 4760 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:29:27.0883 4760 KSecPkg - ok
15:29:27.0910 4760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:29:27.0911 4760 ksthunk - ok
15:29:27.0953 4760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:29:27.0959 4760 KtmRm - ok
15:29:28.0013 4760 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:29:28.0017 4760 LanmanServer - ok
15:29:28.0061 4760 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:28.0064 4760 LanmanWorkstation - ok
15:29:28.0084 4760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:29:28.0085 4760 lltdio - ok
15:29:28.0132 4760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:29:28.0138 4760 lltdsvc - ok
15:29:28.0163 4760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:29:28.0165 4760 lmhosts - ok
15:29:28.0182 4760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:29:28.0184 4760 LSI_FC - ok
15:29:28.0196 4760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:29:28.0197 4760 LSI_SAS - ok
15:29:28.0208 4760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:29:28.0210 4760 LSI_SAS2 - ok
15:29:28.0222 4760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:29:28.0223 4760 LSI_SCSI - ok
15:29:28.0236 4760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:29:28.0238 4760 luafv - ok
15:29:28.0283 4760 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
15:29:28.0285 4760 mcdbus - ok
15:29:28.0330 4760 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:29:28.0332 4760 Mcx2Svc - ok
15:29:28.0357 4760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:29:28.0358 4760 megasas - ok
15:29:28.0381 4760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:29:28.0383 4760 MegaSR - ok
15:29:28.0406 4760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:29:28.0408 4760 MMCSS - ok
15:29:28.0427 4760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:29:28.0428 4760 Modem - ok
15:29:28.0440 4760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:29:28.0442 4760 monitor - ok
15:29:28.0467 4760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:29:28.0469 4760 mouclass - ok
15:29:28.0482 4760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:29:28.0483 4760 mouhid - ok
15:29:28.0532 4760 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:29:28.0534 4760 mountmgr - ok
15:29:28.0569 4760 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:29:28.0571 4760 MpFilter - ok
15:29:28.0592 4760 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:29:28.0595 4760 mpio - ok
15:29:28.0620 4760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:29:28.0622 4760 mpsdrv - ok
15:29:28.0678 4760 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:29:28.0685 4760 MpsSvc - ok
15:29:28.0732 4760 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:29:28.0734 4760 MRxDAV - ok
15:29:28.0772 4760 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:28.0774 4760 mrxsmb - ok
15:29:28.0798 4760 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:28.0802 4760 mrxsmb10 - ok
15:29:28.0824 4760 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:28.0825 4760 mrxsmb20 - ok
15:29:28.0858 4760 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:29:28.0860 4760 msahci - ok
15:29:28.0890 4760 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:29:28.0892 4760 msdsm - ok
15:29:28.0916 4760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:29:28.0918 4760 MSDTC - ok
15:29:28.0966 4760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:29:28.0967 4760 Msfs - ok
15:29:28.0982 4760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:29:28.0983 4760 mshidkmdf - ok
15:29:29.0013 4760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:29:29.0014 4760 msisadrv - ok
15:29:29.0043 4760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:29:29.0047 4760 MSiSCSI - ok
15:29:29.0058 4760 msiserver - ok
15:29:29.0086 4760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:29:29.0087 4760 MSKSSRV - ok
15:29:29.0150 4760 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:29:29.0151 4760 MsMpSvc - ok
15:29:29.0161 4760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:29.0162 4760 MSPCLOCK - ok
15:29:29.0174 4760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:29:29.0175 4760 MSPQM - ok
15:29:29.0225 4760 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:29:29.0230 4760 MsRPC - ok
15:29:29.0272 4760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:29:29.0273 4760 mssmbios - ok
15:29:29.0306 4760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:29:29.0307 4760 MSTEE - ok
15:29:29.0320 4760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:29:29.0320 4760 MTConfig - ok
15:29:29.0344 4760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:29:29.0346 4760 Mup - ok
15:29:29.0412 4760 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:29:29.0417 4760 napagent - ok
15:29:29.0439 4760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:29:29.0443 4760 NativeWifiP - ok
15:29:29.0499 4760 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:29:29.0510 4760 NDIS - ok
15:29:29.0532 4760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:29.0535 4760 NdisCap - ok
15:29:29.0557 4760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:29.0558 4760 NdisTapi - ok
15:29:29.0601 4760 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:29.0603 4760 Ndisuio - ok
15:29:29.0652 4760 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:29.0655 4760 NdisWan - ok
15:29:29.0693 4760 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:29:29.0695 4760 NDProxy - ok
15:29:29.0725 4760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:29:29.0727 4760 NetBIOS - ok
15:29:29.0769 4760 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:29:29.0772 4760 NetBT - ok
15:29:29.0795 4760 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:29:29.0796 4760 Netlogon - ok
15:29:29.0831 4760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:29:29.0836 4760 Netman - ok
15:29:29.0860 4760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:29:29.0864 4760 netprofm - ok
15:29:29.0903 4760 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:29.0905 4760 NetTcpPortSharing - ok
15:29:30.0079 4760 [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
15:29:30.0125 4760 NETw1v64 - ok
15:29:30.0308 4760 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:29:30.0396 4760 NETw5s64 - ok
15:29:30.0530 4760 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:29:30.0585 4760 netw5v64 - ok
15:29:30.0607 4760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:29:30.0608 4760 nfrd960 - ok
15:29:30.0644 4760 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:29:30.0645 4760 NisDrv - ok
15:29:30.0680 4760 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:29:30.0685 4760 NisSrv - ok
15:29:30.0741 4760 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:29:30.0745 4760 NlaSvc - ok
15:29:30.0770 4760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:29:30.0773 4760 Npfs - ok
15:29:30.0804 4760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:29:30.0806 4760 nsi - ok
15:29:30.0824 4760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:29:30.0825 4760 nsiproxy - ok
15:29:30.0898 4760 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:29:30.0916 4760 Ntfs - ok
15:29:30.0941 4760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:29:30.0942 4760 Null - ok
15:29:30.0965 4760 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:29:30.0966 4760 nvraid - ok
15:29:30.0995 4760 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:29:30.0997 4760 nvstor - ok
15:29:31.0035 4760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:29:31.0037 4760 nv_agp - ok
15:29:31.0123 4760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:29:31.0128 4760 odserv - ok
15:29:31.0158 4760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:29:31.0160 4760 ohci1394 - ok
15:29:31.0227 4760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:31.0229 4760 ose - ok
15:29:31.0263 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:29:31.0267 4760 p2pimsvc - ok
15:29:31.0292 4760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:29:31.0298 4760 p2psvc - ok
15:29:31.0331 4760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:29:31.0333 4760 Parport - ok
15:29:31.0368 4760 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:29:31.0370 4760 partmgr - ok
15:29:31.0384 4760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:29:31.0388 4760 PcaSvc - ok
15:29:31.0421 4760 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:29:31.0425 4760 pci - ok
15:29:31.0484 4760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:29:31.0485 4760 pciide - ok
15:29:31.0505 4760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:31.0508 4760 pcmcia - ok
15:29:31.0534 4760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:29:31.0535 4760 pcw - ok
15:29:31.0562 4760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:29:31.0569 4760 PEAUTH - ok
15:29:31.0657 4760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:29:31.0659 4760 PerfHost - ok
15:29:31.0747 4760 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:29:31.0763 4760 pla - ok
15:29:31.0796 4760 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:29:31.0802 4760 PlugPlay - ok
15:29:31.0834 4760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:29:31.0836 4760 PNRPAutoReg - ok
15:29:31.0863 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:29:31.0867 4760 PNRPsvc - ok
15:29:31.0885 4760 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:29:31.0892 4760 PolicyAgent - ok
15:29:31.0934 4760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:29:31.0937 4760 Power - ok
15:29:31.0988 4760 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:29:31.0990 4760 PptpMiniport - ok
15:29:32.0022 4760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:29:32.0023 4760 Processor - ok
15:29:32.0054 4760 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:29:32.0058 4760 ProfSvc - ok
15:29:32.0078 4760 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:32.0080 4760 ProtectedStorage - ok
15:29:32.0131 4760 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:29:32.0133 4760 Psched - ok
15:29:32.0175 4760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:29:32.0191 4760 ql2300 - ok
15:29:32.0212 4760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:29:32.0213 4760 ql40xx - ok
15:29:32.0251 4760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:29:32.0255 4760 QWAVE - ok
15:29:32.0276 4760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:29:32.0278 4760 QWAVEdrv - ok
15:29:32.0390 4760 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
15:29:32.0394 4760 RapportCerberus_43926 - ok
15:29:32.0432 4760 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:29:32.0434 4760 RapportEI64 - ok
15:29:32.0477 4760 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
15:29:32.0478 4760 RapportKE64 - ok
15:29:32.0515 4760 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:29:32.0521 4760 RapportMgmtService - ok
15:29:32.0544 4760 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:29:32.0547 4760 RapportPG64 - ok
15:29:32.0577 4760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:29:32.0578 4760 RasAcd - ok
15:29:32.0615 4760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:32.0617 4760 RasAgileVpn - ok
15:29:32.0649 4760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:29:32.0653 4760 RasAuto - ok
15:29:32.0703 4760 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:32.0705 4760 Rasl2tp - ok
15:29:32.0730 4760 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:29:32.0735 4760 RasMan - ok
15:29:32.0753 4760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:32.0755 4760 RasPppoe - ok
15:29:32.0768 4760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:29:32.0770 4760 RasSstp - ok
15:29:32.0819 4760 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:29:32.0823 4760 rdbss - ok
15:29:32.0850 4760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:32.0850 4760 rdpbus - ok
15:29:32.0877 4760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:32.0878 4760 RDPCDD - ok
15:29:32.0897 4760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:29:32.0898 4760 RDPENCDD - ok
15:29:32.0916 4760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:29:32.0917 4760 RDPREFMP - ok
15:29:32.0954 4760 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:29:32.0958 4760 RDPWD - ok
15:29:33.0010 4760 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:29:33.0013 4760 rdyboost - ok
15:29:33.0046 4760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:29:33.0049 4760 RemoteAccess - ok
15:29:33.0084 4760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:29:33.0086 4760 RemoteRegistry - ok
15:29:33.0156 4760 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:29:33.0159 4760 RichVideo - ok
15:29:33.0171 4760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:29:33.0174 4760 RpcEptMapper - ok
15:29:33.0201 4760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:29:33.0203 4760 RpcLocator - ok
15:29:33.0254 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:29:33.0259 4760 RpcSs - ok
15:29:33.0287 4760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:29:33.0289 4760 rspndr - ok
15:29:33.0301 4760 RSUSBSTOR - ok
15:29:33.0334 4760 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:33.0336 4760 RTL8167 - ok
15:29:33.0353 4760 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:29:33.0355 4760 SamSs - ok
15:29:33.0388 4760 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:29:33.0389 4760 sbp2port - ok
15:29:33.0462 4760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:29:33.0482 4760 SCardSvr - ok
15:29:33.0531 4760 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:29:33.0533 4760 scfilter - ok
15:29:33.0593 4760 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:29:33.0601 4760 Schedule - ok
15:29:33.0645 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:29:33.0647 4760 SCPolicySvc - ok
15:29:33.0689 4760 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:29:33.0691 4760 sdbus - ok
15:29:33.0735 4760 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:29:33.0738 4760 SDRSVC - ok
15:29:33.0772 4760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:29:33.0772 4760 secdrv - ok
15:29:33.0816 4760 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:29:33.0818 4760 seclogon - ok
15:29:33.0848 4760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:29:33.0851 4760 SENS - ok
15:29:33.0867 4760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:29:33.0869 4760 SensrSvc - ok
15:29:33.0892 4760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:29:33.0893 4760 Serenum - ok
15:29:33.0906 4760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:29:33.0907 4760 Serial - ok
15:29:33.0932 4760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:29:33.0933 4760 sermouse - ok
15:29:34.0000 4760 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:29:34.0004 4760 SessionEnv - ok
15:29:34.0035 4760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:29:34.0036 4760 sffdisk - ok
15:29:34.0047 4760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:29:34.0048 4760 sffp_mmc - ok
15:29:34.0060 4760 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:29:34.0061 4760 sffp_sd - ok
15:29:34.0079 4760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:34.0080 4760 sfloppy - ok
15:29:34.0119 4760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:29:34.0124 4760 SharedAccess - ok
15:29:34.0178 4760 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:34.0182 4760 ShellHWDetection - ok
15:29:34.0215 4760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:34.0216 4760 SiSRaid2 - ok
15:29:34.0229 4760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:34.0230 4760 SiSRaid4 - ok
15:29:34.0268 4760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:34.0270 4760 Smb - ok
15:29:34.0313 4760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:34.0315 4760 SNMPTRAP - ok
15:29:34.0336 4760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:34.0337 4760 spldr - ok
15:29:34.0383 4760 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:29:34.0391 4760 Spooler - ok
15:29:34.0505 4760 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:29:34.0546 4760 sppsvc - ok
15:29:34.0581 4760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:29:34.0583 4760 sppuinotify - ok
15:29:34.0629 4760 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:34.0635 4760 srv - ok
15:29:34.0665 4760 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:34.0670 4760 srv2 - ok
15:29:34.0698 4760 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:29:34.0700 4760 SrvHsfHDA - ok
15:29:34.0743 4760 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:29:34.0761 4760 SrvHsfV92 - ok
15:29:34.0797 4760 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:29:34.0803 4760 SrvHsfWinac - ok
15:29:34.0839 4760 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:34.0842 4760 srvnet - ok
15:29:34.0881 4760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:34.0884 4760 SSDPSRV - ok
15:29:34.0907 4760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:34.0910 4760 SstpSvc - ok
15:29:35.0000 4760 [ 2185595C6663660FDC90F5A2A79E2155 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
15:29:35.0003 4760 STacSV - ok
15:29:35.0029 4760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:29:35.0030 4760 stexstor - ok
15:29:35.0062 4760 [ 8D1CE4322A35F840711B87927CB57C05 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:29:35.0066 4760 STHDA - ok
15:29:35.0117 4760 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:35.0126 4760 stisvc - ok
15:29:35.0156 4760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:29:35.0157 4760 swenum - ok
15:29:35.0206 4760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:29:35.0214 4760 swprv - ok
15:29:35.0249 4760 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:29:35.0251 4760 SynTP - ok
15:29:35.0320 4760 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:29:35.0339 4760 SysMain - ok
15:29:35.0388 4760 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:35.0391 4760 TabletInputService - ok
15:29:35.0415 4760 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:35.0418 4760 TapiSrv - ok
15:29:35.0469 4760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:29:35.0471 4760 TBS - ok
15:29:35.0550 4760 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:35.0573 4760 Tcpip - ok
15:29:35.0607 4760 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:35.0620 4760 TCPIP6 - ok
15:29:35.0671 4760 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:35.0672 4760 tcpipreg - ok
15:29:35.0717 4760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:35.0718 4760 TDPIPE - ok
15:29:35.0755 4760 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:35.0755 4760 TDTCP - ok
15:29:35.0799 4760 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:35.0802 4760 tdx - ok
15:29:35.0837 4760 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:29:35.0839 4760 TermDD - ok
15:29:35.0898 4760 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:29:35.0904 4760 TermService - ok
15:29:35.0932 4760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:29:35.0935 4760 Themes - ok
15:29:35.0964 4760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:35.0966 4760 THREADORDER - ok
15:29:35.0993 4760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:29:35.0996 4760 TrkWks - ok
15:29:36.0062 4760 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:36.0063 4760 TrustedInstaller - ok
15:29:36.0118 4760 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:36.0120 4760 tssecsrv - ok
15:29:36.0163 4760 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:29:36.0165 4760 TsUsbFlt - ok
15:29:36.0207 4760 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:36.0210 4760 tunnel - ok
15:29:36.0243 4760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:29:36.0244 4760 uagp35 - ok
15:29:36.0289 4760 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:36.0293 4760 udfs - ok
15:29:36.0340 4760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:36.0343 4760 UI0Detect - ok
15:29:36.0363 4760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:36.0365 4760 uliagpkx - ok
15:29:36.0399 4760 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:29:36.0400 4760 umbus - ok
15:29:36.0419 4760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:29:36.0420 4760 UmPass - ok
15:29:36.0452 4760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:29:36.0458 4760 upnphost - ok
15:29:36.0478 4760 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:36.0480 4760 usbccgp - ok
15:29:36.0508 4760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:29:36.0510 4760 usbcir - ok
15:29:36.0538 4760 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:29:36.0540 4760 usbehci - ok
15:29:36.0564 4760 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:36.0569 4760 usbhub - ok
15:29:36.0589 4760 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:36.0590 4760 usbohci - ok
15:29:36.0619 4760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:29:36.0620 4760 usbprint - ok
15:29:36.0654 4760 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:29:36.0655 4760 usbscan - ok
15:29:36.0683 4760 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:36.0685 4760 USBSTOR - ok
15:29:36.0698 4760 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:29:36.0699 4760 usbuhci - ok
15:29:36.0727 4760 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:29:36.0730 4760 usbvideo - ok
15:29:36.0759 4760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:29:36.0762 4760 UxSms - ok
15:29:36.0787 4760 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:29:36.0789 4760 VaultSvc - ok
15:29:36.0825 4760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:29:36.0827 4760 vdrvroot - ok
15:29:36.0877 4760 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:29:36.0885 4760 vds - ok
15:29:36.0911 4760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:36.0913 4760 vga - ok
15:29:36.0931 4760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:36.0933 4760 VgaSave - ok
15:29:36.0963 4760 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:29:36.0966 4760 vhdmp - ok
15:29:36.0993 4760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:36.0994 4760 viaide - ok
15:29:37.0028 4760 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:37.0030 4760 volmgr - ok
15:29:37.0080 4760 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:37.0084 4760 volmgrx - ok
15:29:37.0112 4760 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:37.0116 4760 volsnap - ok
15:29:37.0138 4760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:37.0139 4760 vsmraid - ok
15:29:37.0219 4760 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:29:37.0240 4760 VSS - ok
15:29:37.0270 4760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:29:37.0271 4760 vwifibus - ok
15:29:37.0285 4760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:37.0286 4760 vwififlt - ok
15:29:37.0334 4760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:29:37.0340 4760 W32Time - ok
15:29:37.0367 4760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:29:37.0367 4760 WacomPen - ok
15:29:37.0418 4760 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:37.0420 4760 WANARP - ok
15:29:37.0431 4760 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:37.0433 4760 Wanarpv6 - ok
15:29:37.0509 4760 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:37.0523 4760 WatAdminSvc - ok
15:29:37.0599 4760 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:29:37.0619 4760 wbengine - ok
15:29:37.0652 4760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:37.0656 4760 WbioSrvc - ok
15:29:37.0700 4760 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:37.0706 4760 wcncsvc - ok
15:29:37.0727 4760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:37.0731 4760 WcsPlugInService - ok
15:29:37.0764 4760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:29:37.0765 4760 Wd - ok
15:29:37.0791 4760 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:37.0800 4760 Wdf01000 - ok
15:29:37.0828 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:37.0832 4760 WdiServiceHost - ok
15:29:37.0843 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:37.0846 4760 WdiSystemHost - ok
15:29:37.0892 4760 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:29:37.0897 4760 WebClient - ok
15:29:37.0943 4760 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:37.0948 4760 Wecsvc - ok
15:29:37.0967 4760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:37.0970 4760 wercplsupport - ok
15:29:37.0992 4760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:37.0995 4760 WerSvc - ok
15:29:38.0024 4760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:38.0025 4760 WfpLwf - ok
15:29:38.0044 4760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:38.0045 4760 WIMMount - ok
15:29:38.0069 4760 WinDefend - ok
15:29:38.0087 4760 WinHttpAutoProxySvc - ok
15:29:38.0143 4760 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:38.0146 4760 Winmgmt - ok
15:29:38.0230 4760 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:38.0255 4760 WinRM - ok
15:29:38.0293 4760 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:38.0294 4760 WinUsb - ok
15:29:38.0345 4760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:38.0356 4760 Wlansvc - ok
15:29:38.0392 4760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:29:38.0393 4760 WmiAcpi - ok
15:29:38.0443 4760 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:38.0446 4760 wmiApSrv - ok
15:29:38.0480 4760 WMPNetworkSvc - ok
15:29:38.0510 4760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:38.0513 4760 WPCSvc - ok
15:29:38.0556 4760 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:38.0560 4760 WPDBusEnum - ok
15:29:38.0589 4760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:38.0590 4760 ws2ifsl - ok
15:29:38.0611 4760 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:29:38.0614 4760 wscsvc - ok
15:29:38.0627 4760 WSearch - ok
15:29:38.0711 4760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:38.0741 4760 wuauserv - ok
15:29:38.0798 4760 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:38.0801 4760 WudfPf - ok
15:29:38.0832 4760 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:38.0835 4760 WUDFRd - ok
15:29:38.0881 4760 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:38.0884 4760 wudfsvc - ok
15:29:38.0915 4760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:38.0921 4760 WwanSvc - ok
15:29:38.0958 4760 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:29:38.0961 4760 yukonw7 - ok
15:29:38.0979 4760 ================ Scan global ===============================
15:29:38.0999 4760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:39.0048 4760 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:29:39.0062 4760 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:29:39.0091 4760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:39.0118 4760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:39.0122 4760 [Global] - ok
15:29:39.0126 4760 ================ Scan MBR ==================================
15:29:39.0139 4760 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
15:29:39.0317 4760 \Device\Harddisk0\DR0 - ok
15:29:39.0320 4760 ================ Scan VBR ==================================
15:29:39.0325 4760 [ EA23AC729F0DE48E0D711DF4A5070AA9 ] \Device\Harddisk0\DR0\Partition1
15:29:39.0326 4760 \Device\Harddisk0\DR0\Partition1 - ok
15:29:39.0339 4760 [ 0D516DEAA7373654F8BEF355E815E107 ] \Device\Harddisk0\DR0\Partition2
15:29:39.0340 4760 \Device\Harddisk0\DR0\Partition2 - ok
15:29:39.0371 4760 [ 29B437E4B20BE665BCBC9E61D12436C7 ] \Device\Harddisk0\DR0\Partition3
15:29:39.0372 4760 \Device\Harddisk0\DR0\Partition3 - ok
15:29:39.0376 4760 ============================================================
15:29:39.0376 4760 Scan finished
15:29:39.0376 4760 ============================================================
15:29:39.0390 3768 Detected object count: 0
15:29:39.0390 3768 Actual detected object count: 0

----------------------------------------------------------------------------------------------------------------------------------------------------------------
AsMBR Log Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 02:05:01
-----------------------------
02:05:01.186 OS Version: Windows x64 6.1.7600
02:05:01.186 Number of processors: 1 586 0x170A
02:05:01.186 ComputerName: THIND-PC UserName: Thind
02:05:04.486 Initialize success
02:05:56.700 AVAST engine defs: 12062900
02:06:34.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:06:34.136 Disk 0 Vendor: Hitachi_HTS725016A9A364 PCBOC72E Size: 152627MB BusType: 11
02:06:34.154 Disk 0 MBR read successfully
02:06:34.157 Disk 0 MBR scan
02:06:34.165 Disk 0 unknown MBR code
02:06:34.173 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
02:06:34.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 139655 MB offset 409600
02:06:34.219 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12771 MB offset 286423040
02:06:34.267 Disk 0 scanning C:\Windows\system32\drivers
02:06:50.989 Service scanning
02:07:22.341 Modules scanning
02:07:22.341 Disk 0 trace - called modules:
02:07:22.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:07:22.887 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002748510]
02:07:22.887 3 CLASSPNP.SYS[fffff880010e243f] -> nt!IofCallDriver -> [0xfffffa800264b4e0]
02:07:22.887 5 ACPI.sys[fffff88000f87781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800261f680]
02:07:23.745 AVAST engine scan C:\Windows
02:07:25.937 AVAST engine scan C:\Windows\system32
02:12:32.142 AVAST engine scan C:\Windows\system32\drivers
02:13:01.499 AVAST engine scan C:\Users\Thind
02:18:20.372 AVAST engine scan C:\ProgramData
02:18:41.384 Disk 0 MBR has been saved successfully to "C:\Users\Thind\Documents\MBR.dat"
02:18:41.649 The log file has been saved successfully to "C:\Users\Thind\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 15:18:01
-----------------------------
15:18:01.095 OS Version: Windows x64 6.1.7600
15:18:01.095 Number of processors: 1 586 0x170A
15:18:01.095 ComputerName: THIND-PC UserName: Thind
15:18:02.295 Initialize success
15:18:37.666 AVAST engine defs: 12070700
15:19:02.844 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:19:02.846 Disk 0 Vendor: Hitachi_HTS725016A9A364 PCBOC72E Size: 152627MB BusType: 11
15:19:02.859 Disk 0 MBR read successfully
15:19:02.861 Disk 0 MBR scan
15:19:02.870 Disk 0 unknown MBR code
15:19:02.877 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:19:02.891 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 139655 MB offset 409600
15:19:02.922 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12771 MB offset 286423040
15:19:02.972 Disk 0 scanning C:\Windows\system32\drivers
15:19:17.958 Service scanning
15:19:58.176 Modules scanning
15:19:58.177 Disk 0 trace - called modules:
15:19:58.194 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:19:58.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800273f060]
15:19:58.197 3 CLASSPNP.SYS[fffff8800107c43f] -> nt!IofCallDriver -> [0xfffffa80026344e0]
15:19:58.197 5 ACPI.sys[fffff88000f08781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80022f1680]
15:19:59.773 AVAST engine scan C:\Windows
15:20:09.339 AVAST engine scan C:\Windows\system32
15:25:07.360 AVAST engine scan C:\Windows\system32\drivers
15:25:36.490 AVAST engine scan C:\Users\Thind
15:33:50.879 AVAST engine scan C:\ProgramData
15:38:46.906 Scan finished successfully
16:28:20.251 Verifying
16:28:30.333 Disk 0 Windows 601 MBR fixed successfully
16:28:49.252 Disk 0 MBR has been saved successfully to "C:\Users\Thind\Documents\MBR.dat"
16:28:49.307 The log file has been saved successfully to "C:\Users\Thind\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-12 14:35:46
-----------------------------
14:35:46.111 OS Version: Windows x64 6.1.7601 Service Pack 1
14:35:46.111 Number of processors: 1 586 0x170A
14:35:46.111 ComputerName: THIND-PC UserName: Thind
14:35:46.688 Initialize success
14:36:51.770 AVAST engine defs: 12101200
14:38:52.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:38:52.806 Disk 0 Vendor: Hitachi_HTS725016A9A364 PCBOC72E Size: 152627MB BusType: 11
14:38:52.821 Disk 0 MBR read successfully
14:38:52.837 Disk 0 MBR scan
14:38:52.899 Disk 0 Windows 7 default MBR code
14:38:52.899 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:38:52.946 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 139655 MB offset 409600
14:38:52.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12771 MB offset 286423040
14:38:53.102 Disk 0 scanning C:\Windows\system32\drivers
14:39:08.297 Service scanning
14:39:45.815 Modules scanning
14:39:45.815 Disk 0 trace - called modules:
14:39:45.846 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:39:46.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002747060]
14:39:46.361 3 CLASSPNP.SYS[fffff8800115143f] -> nt!IofCallDriver -> [0xfffffa8002228520]
14:39:46.361 5 ACPI.sys[fffff88000ed17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80022161f0]
14:39:46.844 AVAST engine scan C:\Windows
14:39:50.245 AVAST engine scan C:\Windows\system32
14:44:42.728 AVAST engine scan C:\Windows\system32\drivers
14:45:04.387 AVAST engine scan C:\Users\Thind
14:48:53.329 AVAST engine scan C:\ProgramData
14:50:37.126 Scan finished successfully
15:00:32.190 Disk 0 MBR has been saved successfully to "C:\Users\Thind\Documents\MBR.dat"
15:00:32.501 The log file has been saved successfully to "C:\Users\Thind\Documents\aswMBR.txt"

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 12 October 2012 - 10:13 AM

Greetings LauraSmith,

Those logs look good. Please run the following program.


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Extra.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 LauraSmith

LauraSmith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 12 October 2012 - 11:24 AM

Hi,
Here are the reports.....

OTL.txt Log Report

OTL logfile created on: 10/12/2012 5:09:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thind\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.88% Memory free
3.87 Gb Paging File | 2.03 Gb Available in Paging File | 52.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.38 Gb Total Space | 39.03 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 2.09 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
Drive F: | 680.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THIND-PC | User Name: Thind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 17:08:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thind\Downloads\OTL.exe
PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/03/02 16:22:46 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/07/17 13:53:16 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/13 21:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV - [2012/10/09 16:02:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 14:36:04 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe -- (GoToAssist)
SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/13 21:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 21:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/27 17:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/13 21:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/21 00:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 15:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 17:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2012/10/04 15:49:47 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2009/09/02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
IE:64bit: - HKLM\..\SearchScopes\{103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
IE - HKLM\..\SearchScopes\{103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
IE - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\..\SearchScopes\{103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thind\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thind\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/25 18:21:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/25 18:21:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thind\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thind\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Turn Off the Lights = C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
CHR - Extension: YouTube = C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Gmail = C:\Users\Thind\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/11 15:33:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BE4EE6A-A243-4579-8CB0-6CEB07392C22}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAF611A6-2D70-4A37-BC72-55881A98CA94}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\830\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/06 05:20:26 | 000,000,027 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 12:16:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/11 17:16:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/11 17:15:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/10/11 15:42:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/11 15:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/11 15:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/11 15:05:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/11 15:03:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/11 15:03:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/10 21:18:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 21:18:48 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 21:18:47 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 21:18:18 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 21:18:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 21:18:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 21:18:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 21:18:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 21:18:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 21:18:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 21:18:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 21:18:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 21:18:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 21:18:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 21:18:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 21:18:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 21:18:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 21:18:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 21:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 21:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 21:18:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 21:18:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 21:18:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 21:18:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 21:18:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 21:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 21:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 21:18:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 21:18:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 21:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 21:18:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 21:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 21:18:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 21:18:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 21:18:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 21:17:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 21:17:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 21:17:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 21:17:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 21:17:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 21:17:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 21:17:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 21:17:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 21:17:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 21:17:24 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 21:16:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 21:16:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/26 11:15:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/23 11:30:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 11:30:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 11:30:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 11:30:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 11:30:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 11:30:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 11:30:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 11:30:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 11:30:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 11:30:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 11:30:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 11:30:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 11:30:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 11:30:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 11:30:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 17:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 16:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 16:41:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560224713-1747127086-1684988848-1001UA.job
[2012/10/12 15:41:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560224713-1747127086-1684988848-1001Core.job
[2012/10/12 15:00:32 | 000,000,512 | ---- | M] () -- C:\Users\Thind\Documents\MBR.dat
[2012/10/12 12:16:46 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/10/12 12:03:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 12:03:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 12:00:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/12 12:00:37 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/12 12:00:37 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/12 11:56:01 | 1556,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/11 15:33:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/11 15:01:41 | 000,007,608 | ---- | M] () -- C:\Users\Thind\AppData\Local\Resmon.ResmonCfg
[2012/10/10 22:22:56 | 000,166,560 | ---- | M] () -- C:\Users\Thind\Documents\cc_20121010_221955.reg
[2012/10/09 16:02:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 16:02:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/01 00:52:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 15:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/11 15:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/11 15:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/11 15:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/11 15:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/10 22:20:02 | 000,166,560 | ---- | C] () -- C:\Users\Thind\Documents\cc_20121010_221955.reg
[2012/08/29 16:18:37 | 000,826,444 | ---- | C] () -- C:\Users\Thind\AppData\Local\census.cache
[2012/08/29 16:18:00 | 000,117,538 | ---- | C] () -- C:\Users\Thind\AppData\Local\ars.cache
[2012/08/29 03:47:08 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 23:27:12 | 000,007,608 | ---- | C] () -- C:\Users\Thind\AppData\Local\Resmon.ResmonCfg
[2012/07/03 12:58:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/25 20:06:36 | 000,000,036 | ---- | C] () -- C:\Users\Thind\AppData\Local\housecall.guid.cache
[2012/06/25 18:13:01 | 000,202,739 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/06/25 18:13:01 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

Extra.txt Log Report:

OTL Extras logfile created on: 10/12/2012 5:09:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thind\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.88% Memory free
3.87 Gb Paging File | 2.03 Gb Available in Paging File | 52.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.38 Gb Total Space | 39.03 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 2.09 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
Drive F: | 680.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THIND-PC | User Name: Thind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
wshfile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
jsefile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
wshfile [open] -- C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1955EC9B-F494-42F7-98B8-FB5D7A29E132}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2835697E-A76B-41FC-B120-277133BFB860}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B7CCBDE-B8CB-4B9A-9A22-B3D61F019970}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31364926-43AC-4F35-AED6-6BF9DB46014B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EACFE9C-8C27-45B3-A6EB-FC3A023BC3C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458CB187-9F9C-4704-BB90-FBDBCD1985C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{48003548-CCF2-4A81-986A-8F86DDD83558}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5543345D-AF89-4A55-9FF0-A2BE591F1534}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57126E93-75B2-4A65-B41F-863651DFF241}" = rport=445 | protocol=6 | dir=out | app=system |
"{5A470AC7-0C64-4BD4-94EC-B6369F9C7E90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6497375D-6B25-4966-B80A-A64710DE9885}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6824491B-F4AC-4E61-88E3-AC8D778D9546}" = rport=138 | protocol=17 | dir=out | app=system |
"{7109D035-EBB9-44D9-829F-9BE328DE125A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{794D4285-F722-4C71-963D-2B5C87D204CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{88D07B31-1E67-4248-BF36-942591810651}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F664A07-89CF-497B-BCD9-E168951C6E4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{A47820A0-8CFD-403D-9F88-98483CC77955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADD50DFA-0ED8-4CCA-B53B-91148CA66EEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35BB13F-F99F-4927-88E6-8AAFF635B893}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9C48543-A6D1-4CCA-AAFB-819DC3FDE075}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAD539A7-CB7A-4293-A1B2-9A3E16531624}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8E977B3-3822-4E02-AA1F-2ABE611789AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED1F63DE-1C15-4E60-8800-D4E0CAAA4FAA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDC81186-3F40-4504-96C4-7C079600F165}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F060CD61-1B16-4F8D-8904-52F45A56D309}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01280555-2CD8-4861-AF91-8CEAE7C254F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05C6D027-F09E-48F9-87C1-F9663D934FD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{082DEE1B-9AB2-4A5F-8052-D6B96FC74659}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0FE456F7-3EFA-4C9C-8A10-8849D64A826E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{1C958BDB-931C-4102-8621-30F17450DD85}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{1D717118-8A21-49F3-80A5-9FC8BEC3B6C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{29908A33-76E1-463A-9451-DD274117D6DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{32B28A2A-80F8-412B-82D0-0F03450916C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{371D7935-B6E0-4D1B-8176-098FDD1B2781}" = protocol=6 | dir=out | app=system |
"{382DCFC8-5A63-4BE2-A4EA-395F9083F585}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3855CD0C-C678-41B7-9BC0-1A69F4265A9D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{397CB11E-1E3E-4040-BF7D-4E24E615C3E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3ED5E012-D83D-49C2-973B-AEC5EAECF625}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4208852D-EDDF-4F7E-B38B-7CC9CE573D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43CAF55A-DCC0-4EBE-8F06-A6356B2CADB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4467C512-28FC-4BAA-9500-7916971F15F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AEC3D71-C6BF-4581-AB03-35DDFCDB09C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5963F267-EFFB-459E-B3BB-0F0E4C9466D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{5F85A760-240B-4B10-BBBF-C584C550C017}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{66E6609E-D9C4-4614-821B-D2C771D4E78E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{7A7A006A-1A0A-49B1-B846-3D2E57354BC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{86BB1EA6-6363-4C1C-A243-51F8BADC0FEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{892045C9-8FE1-4796-A591-83A289AC175B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DC4BA7B-7404-45CB-B1A1-3486F44BF04F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{996840A4-BB06-443B-9B14-4554F1D6ABB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C109076-FD79-4935-9195-59AE9936679B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9DCB6E98-B0D8-4056-A255-622442BB2FB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9E630D6F-F663-4946-9141-6B827BB4D6CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{9E9D5F49-029B-473D-8F18-1E91D92D47B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A0B9D4D3-C5EF-41AD-B4BC-E5234FB41417}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5115DC1-1305-4763-B2B5-494746A81D70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A680F0B6-A56C-437F-8D79-33BD92BA0086}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B24A9982-9099-4A28-94F3-4B02F47999D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BB454B55-9066-4B72-AA08-0F17C4C92206}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{BDD9404B-4244-424B-AEBD-F4F3E8AE0363}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C3DA3518-9C42-42DF-8D27-41081336DEDD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C423C06F-EF35-4208-B33B-4716E9BD0854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{C798EBAE-057E-4F8E-BD0D-1A7625E33497}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8320CB4-C299-4FDC-A4FE-881F6ABB48EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD566008-3202-49DB-942C-8D65282AF8EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D3AB609E-AB39-4DC2-8835-19EE31B06943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{DB44E307-1724-4622-A8F2-5798E265B318}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E94FB4E2-A68B-45B1-9CBA-892C1C2ABC9C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{EABE5004-6D45-4E3A-BB27-4CF816F0D901}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EE2D3252-999F-4915-96A4-C7600920D01E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F10A188E-2E64-4089-B191-8179D84511C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F1BFC091-4F90-4A19-9FEC-A11874679803}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{F6F01A2D-B53E-4DD3-A12E-435B00C44DAB}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F9F4D81D-1A5D-44D0-A938-2FC78F91A7F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FAE30ADB-C175-4D12-9B58-7A5A66BD47C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{FC9B0C6F-A66D-46D7-B4CA-2221ED32B01F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FE3A1C77-A934-444E-BDE9-4E4291C28B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{FA3440E5-30DE-440B-B730-832755C3B2EB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{DDD0CDB6-0A17-4F11-AE24-22E09DB25F12}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EasyBits Magic Desktop" = Magic Desktop
"Football Manager 2012_is1" = Football Manager 2012
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mickey Mouse Worldof Illusion_is1" = Mickey Mouse Worldof Illusion 1.0
"Rapport_msi" = Rapport
"Revengeof Shinobi The_is1" = Revengeof Shinobi The 1.0
"SopCast" = SopCast 3.5.0
"Soul Reaver 2" = Soul Reaver 2
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Unreal Tournament 2004_is1" = Unreal Tournament 2004
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3560224713-1747127086-1684988848-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2012 10:00:25 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:25 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:25 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:39 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:39 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:40 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:00:40 AM | Computer Name = Thind-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/2/2012 10:38:44 AM | Computer Name = Thind-PC | Source = ESENT | ID = 215
Description = WinMail (2636) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 9/15/2012 10:27:46 AM | Computer Name = Thind-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/15/2012 10:32:33 AM | Computer Name = Thind-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 9/26/2012 4:20:19 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/27/2012 3:27:15 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/29/2012 3:36:41 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/1/2012 8:53:12 AM | Computer Name = Thind-PC | Source = bowser | ID = 8003
Description =

Error - 10/2/2012 4:37:14 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.

Error - 10/2/2012 6:33:16 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/4/2012 10:04:09 AM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/4/2012 2:22:38 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 10/6/2012 6:56:09 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/7/2012 7:29:03 PM | Computer Name = Thind-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.


< End of report >

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 14 October 2012 - 07:49 AM

Hi LauraSmith,

I apologize for the delay. I thought I had posted the below but now realize I put it together but never hit the Post button! :huh:

Please run this OTL fix.


===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
    IE - HKLM\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
    IE - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\..\SearchScopes,DefaultScope = {103C2CD7-AF86-48FD-8C1C-FEA84132B1CD}
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-3560224713-1747127086-1684988848-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Are you still experiencing high CPU usage?
  • Are you having any other issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 LauraSmith

LauraSmith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 14 October 2012 - 09:42 AM

Hi Gary,

Here is the OTL Report after rebooting:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3560224713-1747127086-1684988848-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3560224713-1747127086-1684988848-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: Thind
->Temp folder emptied: 67459686 bytes
->Temporary Internet Files folder emptied: 263296140 bytes
->Java cache emptied: 100127 bytes
->Google Chrome cache emptied: 412802279 bytes
->Flash cache emptied: 5825 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56493 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46427017 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 754.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Thind
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Thind
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142012_151742

Files\Folders moved on Reboot...
C:\Users\Thind\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

In regards to the CPU usage, it is still high and the computer responds slow to functions. For example streaming videos on the internet can still be a cumbersome task for the processor to handle. Also running two programs and the computer beings to completely non responsive. I have tried defraging and even my disk C: space is ok having 69GB free of 136GB, so I can't see a problem there.

Is there anything else I could try besides returning the computer to its factory settings and reinstalling windows? Which I am unsure still unsure will help improve the computer significantly.

Regards,

Laura

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 14 October 2012 - 02:19 PM

Hi LauraSmith,

I would like you to perform the following steps which will allow us to monitor CPU usage in real time. From that you may be able to identify which program(s) are eating up all of your resources.

Please do this.


===================================================


Monitoring CPU Usage Using Process Explorer

--------------------

  • Please download Process Explorer.zip and save it to your desktop
  • Double click the .zip folder
  • Double click procexp
  • Select Extract all, Next, Next, then Finish
  • Double click the precexp icon and you will be presented with a screen similar to this:


    Posted Image
  • If you do not see a User Name column, right click the column bar, click Select Columns..., check User Name, then OK
  • Please monitor the CPU column and list the 3 highest CPU usage programs in your response, along with the User Name information

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 17 October 2012 - 05:50 PM

Hi LauraSmith,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 19 October 2012 - 05:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 23 October 2012 - 09:56 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 AM

Posted 05 February 2013 - 10:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users