Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting "winrscmde has stopped working" error


  • Please log in to reply
9 replies to this topic

#1 RocketMann

RocketMann

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 11 October 2012 - 12:49 PM

***Mod Edit: Moved from Windows 7 to the more appropriate forum. bloopie***

Hello,

I am not sure what the order of these things happened, but it has been over the course of just the past couple of days:

* Google search result links were being redirected. I started thinking that Google search had sold their results to advertisers.

* When resuming Windows 7 after a Hibernation, the system gave a "could not restart" error and started repairing files. After a message saying that it could not repair the system I restarted and it gave the same error, but I canceled the repair and did a hard power down. On power up, it then restarted normally. It seemed to me at the time to be just a hard disk glitch.

* I experienced an unexplained automatic restart of Windows. I was in the middle of typing a Word document and it performed a shutdown/restart without warning.

* My system was running very slow and the wireless network link showed heavy download traffic. It cleared up after about a half-hour. I looked and saw that the system wanted to run an update on shutdown, so I did the shutdown so it could run the update. Shortly after the restart, Windows Malware Removal Tool popped up and said it removed a "search redirection Trojan". I read the info and closed the dialog box. I was now thinking that the problem was fixed.

* I now have an "winrscmde has stopped working" error box on my Desktop.

After a quick search of "winrscmde" on Google led me here. I am sure my system is infected. Can anyone help me?

RocketMann

Edited by bloopie, 11 October 2012 - 01:01 PM.
Moved to AII from Windows 7


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 11 October 2012 - 12:51 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 RocketMann

RocketMann
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 11 October 2012 - 04:55 PM

I ran TDSSkiller neglecting to check the TDLFS file system check box, so I ran it twice.


First TDSSkiller Log:

11:04:17.0813 7860 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:04:18.0313 7860 ============================================================
11:04:18.0313 7860 Current date / time: 2012/10/11 11:04:18.0313
11:04:18.0313 7860 SystemInfo:
11:04:18.0313 7860
11:04:18.0313 7860 OS Version: 6.1.7601 ServicePack: 1.0
11:04:18.0313 7860 Product type: Workstation
11:04:18.0313 7860 ComputerName: EXTENSA
11:04:18.0313 7860 UserName: David
11:04:18.0313 7860 Windows directory: C:\Windows
11:04:18.0313 7860 System windows directory: C:\Windows
11:04:18.0313 7860 Running under WOW64
11:04:18.0313 7860 Processor architecture: Intel x64
11:04:18.0313 7860 Number of processors: 2
11:04:18.0313 7860 Page size: 0x1000
11:04:18.0313 7860 Boot type: Normal boot
11:04:18.0313 7860 ============================================================
11:04:20.0388 7860 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:04:20.0388 7860 ============================================================
11:04:20.0388 7860 \Device\Harddisk0\DR0:
11:04:20.0388 7860 MBR partitions:
11:04:20.0388 7860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
11:04:20.0388 7860 ============================================================
11:04:20.0468 7860 C: <-> \Device\Harddisk0\DR0\Partition1
11:04:20.0468 7860 ============================================================
11:04:20.0468 7860 Initialize success
11:04:20.0468 7860 ============================================================
11:05:05.0128 6236 ============================================================
11:05:05.0128 6236 Scan started
11:05:05.0128 6236 Mode: Manual;
11:05:05.0128 6236 ============================================================
11:05:12.0012 6236 ================ Scan system memory ========================
11:05:12.0012 6236 System memory - ok
11:05:12.0022 6236 ================ Scan services =============================
11:05:12.0362 6236 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:05:12.0382 6236 1394ohci - ok
11:05:12.0432 6236 [ C7323B83878C8C83A9A2DDEBD4A823B9 ] A191_x64 C:\Windows\system32\DRIVERS\A191_x64.sys
11:05:12.0452 6236 A191_x64 - ok
11:05:12.0552 6236 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
11:05:12.0562 6236 ac.sharedstore - ok
11:05:12.0612 6236 [ 0803574AD22B3AA83A54966CD07B1B50 ] acautoupdate C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
11:05:12.0612 6236 acautoupdate - ok
11:05:12.0702 6236 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:05:12.0732 6236 ACPI - ok
11:05:12.0762 6236 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:05:12.0792 6236 AcpiPmi - ok
11:05:12.0872 6236 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:05:12.0902 6236 adp94xx - ok
11:05:12.0922 6236 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:05:12.0950 6236 adpahci - ok
11:05:12.0954 6236 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:05:12.0974 6236 adpu320 - ok
11:05:13.0024 6236 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:05:13.0034 6236 AeLookupSvc - ok
11:05:13.0084 6236 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:05:13.0104 6236 AFD - ok
11:05:13.0114 6236 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:05:13.0134 6236 agp440 - ok
11:05:13.0154 6236 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:05:13.0164 6236 ALG - ok
11:05:13.0194 6236 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:05:13.0204 6236 aliide - ok
11:05:13.0234 6236 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:05:13.0284 6236 amdide - ok
11:05:13.0294 6236 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:05:13.0304 6236 AmdK8 - ok
11:05:13.0336 6236 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:05:13.0346 6236 AmdPPM - ok
11:05:13.0396 6236 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:05:13.0406 6236 amdsata - ok
11:05:13.0436 6236 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:05:13.0476 6236 amdsbs - ok
11:05:13.0516 6236 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:05:13.0516 6236 amdxata - ok
11:05:13.0586 6236 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:05:13.0606 6236 AppID - ok
11:05:13.0658 6236 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:05:13.0668 6236 AppIDSvc - ok
11:05:13.0778 6236 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:05:13.0788 6236 Appinfo - ok
11:05:13.0900 6236 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:05:14.0040 6236 AppMgmt - ok
11:05:14.0070 6236 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:05:14.0090 6236 arc - ok
11:05:14.0100 6236 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:05:14.0110 6236 arcsas - ok
11:05:14.0150 6236 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:05:14.0160 6236 AsyncMac - ok
11:05:14.0200 6236 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:05:14.0200 6236 atapi - ok
11:05:14.0280 6236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:05:14.0340 6236 AudioEndpointBuilder - ok
11:05:14.0367 6236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:05:14.0374 6236 AudioSrv - ok
11:05:14.0412 6236 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:05:14.0422 6236 AxInstSV - ok
11:05:14.0462 6236 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:05:14.0482 6236 b06bdrv - ok
11:05:14.0612 6236 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:05:14.0612 6236 b57nd60a - ok
11:05:14.0672 6236 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:05:14.0692 6236 BDESVC - ok
11:05:14.0712 6236 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:05:14.0712 6236 Beep - ok
11:05:14.0784 6236 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:05:14.0844 6236 BFE - ok
11:05:14.0872 6236 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:05:14.0946 6236 BITS - ok
11:05:14.0966 6236 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:05:14.0966 6236 blbdrive - ok
11:05:15.0006 6236 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:05:15.0006 6236 bowser - ok
11:05:15.0036 6236 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:05:15.0046 6236 BrFiltLo - ok
11:05:15.0066 6236 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:05:15.0076 6236 BrFiltUp - ok
11:05:15.0116 6236 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:05:15.0166 6236 Browser - ok
11:05:15.0186 6236 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:05:15.0266 6236 Brserid - ok
11:05:15.0276 6236 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:05:15.0286 6236 BrSerWdm - ok
11:05:15.0306 6236 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:05:15.0316 6236 BrUsbMdm - ok
11:05:15.0316 6236 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:05:15.0326 6236 BrUsbSer - ok
11:05:15.0336 6236 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:05:15.0346 6236 BTHMODEM - ok
11:05:15.0386 6236 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:05:15.0406 6236 bthserv - ok
11:05:15.0526 6236 [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:05:15.0526 6236 ccEvtMgr - ok
11:05:15.0536 6236 [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:05:15.0536 6236 ccSetMgr - ok
11:05:15.0566 6236 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:05:15.0576 6236 cdfs - ok
11:05:15.0636 6236 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:05:15.0636 6236 cdrom - ok
11:05:15.0706 6236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:05:15.0716 6236 CertPropSvc - ok
11:05:15.0726 6236 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:05:15.0736 6236 circlass - ok
11:05:15.0786 6236 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
11:05:15.0786 6236 CISVC - ok
11:05:15.0806 6236 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:05:15.0816 6236 CLFS - ok
11:05:15.0896 6236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:16.0006 6236 clr_optimization_v2.0.50727_32 - ok
11:05:16.0078 6236 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:05:16.0088 6236 clr_optimization_v2.0.50727_64 - ok
11:05:16.0208 6236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:05:16.0298 6236 clr_optimization_v4.0.30319_32 - ok
11:05:16.0368 6236 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:05:16.0388 6236 clr_optimization_v4.0.30319_64 - ok
11:05:16.0398 6236 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:05:16.0398 6236 CmBatt - ok
11:05:16.0450 6236 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:05:16.0460 6236 cmdide - ok
11:05:16.0500 6236 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:05:16.0520 6236 CNG - ok
11:05:16.0570 6236 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:05:16.0570 6236 Compbatt - ok
11:05:16.0610 6236 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:05:16.0620 6236 CompositeBus - ok
11:05:16.0630 6236 COMSysApp - ok
11:05:16.0670 6236 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:05:16.0700 6236 crcdisk - ok
11:05:16.0770 6236 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:05:16.0790 6236 CryptSvc - ok
11:05:16.0852 6236 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:05:16.0862 6236 CSC - ok
11:05:16.0974 6236 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:05:17.0014 6236 CscService - ok
11:05:17.0094 6236 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
11:05:17.0094 6236 ctxusbm - ok
11:05:17.0134 6236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:05:17.0153 6236 DcomLaunch - ok
11:05:17.0236 6236 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:05:17.0266 6236 defragsvc - ok
11:05:17.0306 6236 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:05:17.0306 6236 DfsC - ok
11:05:17.0336 6236 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:05:17.0376 6236 Dhcp - ok
11:05:17.0406 6236 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:05:17.0416 6236 discache - ok
11:05:17.0436 6236 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:05:17.0436 6236 Disk - ok
11:05:17.0476 6236 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:05:17.0496 6236 Dnscache - ok
11:05:17.0546 6236 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:05:17.0566 6236 dot3svc - ok
11:05:17.0606 6236 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:05:17.0606 6236 DPS - ok
11:05:17.0656 6236 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:05:17.0666 6236 drmkaud - ok
11:05:17.0826 6236 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:05:17.0876 6236 DXGKrnl - ok
11:05:17.0946 6236 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:05:17.0956 6236 EapHost - ok
11:05:18.0216 6236 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:05:18.0526 6236 ebdrv - ok
11:05:18.0658 6236 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:05:18.0688 6236 eeCtrl - ok
11:05:18.0718 6236 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:05:18.0718 6236 EFS - ok
11:05:18.0788 6236 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:05:18.0863 6236 ehRecvr - ok
11:05:18.0900 6236 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:05:18.0940 6236 ehSched - ok
11:05:19.0050 6236 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:05:19.0090 6236 elxstor - ok
11:05:19.0130 6236 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:05:19.0140 6236 EraserUtilRebootDrv - ok
11:05:19.0180 6236 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:05:19.0190 6236 ErrDev - ok
11:05:19.0320 6236 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:05:19.0360 6236 EventSystem - ok
11:05:19.0410 6236 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:05:19.0430 6236 exfat - ok
11:05:19.0450 6236 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:05:19.0540 6236 fastfat - ok
11:05:19.0630 6236 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:05:19.0670 6236 Fax - ok
11:05:19.0690 6236 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:05:19.0710 6236 fdc - ok
11:05:19.0760 6236 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:05:19.0770 6236 fdPHost - ok
11:05:19.0780 6236 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:05:19.0800 6236 FDResPub - ok
11:05:19.0820 6236 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:05:19.0820 6236 FileInfo - ok
11:05:19.0840 6236 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:05:19.0860 6236 Filetrace - ok
11:05:19.0870 6236 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:05:19.0880 6236 flpydisk - ok
11:05:19.0950 6236 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:05:19.0960 6236 FltMgr - ok
11:05:20.0050 6236 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:05:20.0380 6236 FontCache - ok
11:05:20.0530 6236 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:05:20.0550 6236 FontCache3.0.0.0 - ok
11:05:20.0560 6236 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:05:20.0570 6236 FsDepends - ok
11:05:20.0600 6236 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:05:20.0600 6236 Fs_Rec - ok
11:05:20.0660 6236 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:05:20.0670 6236 fvevol - ok
11:05:20.0700 6236 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:05:20.0710 6236 gagp30kx - ok
11:05:20.0780 6236 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:05:20.0810 6236 gpsvc - ok
11:05:21.0030 6236 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:21.0040 6236 gupdate - ok
11:05:21.0050 6236 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:21.0050 6236 gupdatem - ok
11:05:21.0100 6236 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:05:21.0130 6236 gusvc - ok
11:05:21.0140 6236 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:05:21.0151 6236 hcw85cir - ok
11:05:21.0202 6236 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:05:21.0202 6236 HdAudAddService - ok
11:05:21.0232 6236 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:05:21.0232 6236 HDAudBus - ok
11:05:21.0242 6236 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:05:21.0252 6236 HidBatt - ok
11:05:21.0262 6236 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:05:21.0282 6236 HidBth - ok
11:05:21.0292 6236 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:05:21.0302 6236 HidIr - ok
11:05:21.0349 6236 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:05:21.0359 6236 hidserv - ok
11:05:21.0424 6236 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:05:21.0434 6236 HidUsb - ok
11:05:21.0474 6236 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:05:21.0484 6236 hkmsvc - ok
11:05:21.0524 6236 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:05:21.0544 6236 HomeGroupListener - ok
11:05:21.0594 6236 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:05:21.0614 6236 HomeGroupProvider - ok
11:05:21.0654 6236 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:05:21.0674 6236 HpSAMD - ok
11:05:21.0724 6236 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:05:21.0734 6236 HTTP - ok
11:05:21.0774 6236 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:05:21.0774 6236 hwpolicy - ok
11:05:21.0844 6236 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:05:21.0844 6236 i8042prt - ok
11:05:21.0894 6236 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:05:21.0996 6236 iaStorV - ok
11:05:22.0226 6236 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:05:22.0346 6236 idsvc - ok
11:05:22.0704 6236 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:05:22.0842 6236 igfx - ok
11:05:22.0920 6236 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:05:22.0930 6236 iirsp - ok
11:05:23.0110 6236 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:05:23.0432 6236 IKEEXT - ok
11:05:23.0472 6236 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:05:23.0492 6236 intelide - ok
11:05:23.0522 6236 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:05:23.0522 6236 intelppm - ok
11:05:23.0562 6236 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:05:23.0572 6236 IPBusEnum - ok
11:05:23.0612 6236 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:23.0622 6236 IpFilterDriver - ok
11:05:23.0672 6236 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:05:23.0712 6236 iphlpsvc - ok
11:05:23.0752 6236 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:05:23.0762 6236 IPMIDRV - ok
11:05:23.0792 6236 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:05:23.0802 6236 IPNAT - ok
11:05:23.0822 6236 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:05:23.0832 6236 IRENUM - ok
11:05:23.0892 6236 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:05:23.0902 6236 isapnp - ok
11:05:24.0002 6236 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:05:24.0032 6236 iScsiPrt - ok
11:05:24.0212 6236 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
11:05:24.0212 6236 JMCR - ok
11:05:24.0282 6236 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:05:24.0282 6236 kbdclass - ok
11:05:24.0352 6236 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:05:24.0362 6236 kbdhid - ok
11:05:24.0432 6236 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:05:24.0432 6236 KeyIso - ok
11:05:24.0562 6236 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:05:24.0562 6236 KSecDD - ok
11:05:24.0682 6236 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:05:24.0682 6236 KSecPkg - ok
11:05:24.0772 6236 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:05:24.0772 6236 ksthunk - ok
11:05:24.0842 6236 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:05:24.0862 6236 KtmRm - ok
11:05:24.0922 6236 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:05:24.0942 6236 LanmanServer - ok
11:05:25.0004 6236 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:05:25.0014 6236 LanmanWorkstation - ok
11:05:25.0137 6236 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:05:25.0369 6236 LiveUpdate - ok
11:05:25.0410 6236 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:05:25.0411 6236 lltdio - ok
11:05:25.0451 6236 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:05:25.0471 6236 lltdsvc - ok
11:05:25.0491 6236 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:05:25.0501 6236 lmhosts - ok
11:05:25.0541 6236 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:05:25.0551 6236 LSI_FC - ok
11:05:25.0571 6236 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:05:25.0581 6236 LSI_SAS - ok
11:05:25.0601 6236 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:05:25.0611 6236 LSI_SAS2 - ok
11:05:25.0631 6236 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:05:25.0641 6236 LSI_SCSI - ok
11:05:25.0671 6236 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:05:25.0671 6236 luafv - ok
11:05:25.0713 6236 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:05:25.0723 6236 Mcx2Svc - ok
11:05:25.0893 6236 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:05:25.0893 6236 MDM - ok
11:05:25.0943 6236 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:05:25.0973 6236 megasas - ok
11:05:26.0033 6236 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:05:26.0163 6236 MegaSR - ok
11:05:26.0323 6236 Microsoft SharePoint Workspace Audit Service - ok
11:05:26.0383 6236 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:05:26.0393 6236 MMCSS - ok
11:05:26.0423 6236 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:05:26.0423 6236 Modem - ok
11:05:26.0493 6236 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:05:26.0493 6236 monitor - ok
11:05:26.0593 6236 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:05:26.0593 6236 mouclass - ok
11:05:26.0603 6236 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:05:26.0613 6236 mouhid - ok
11:05:26.0693 6236 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:05:26.0693 6236 mountmgr - ok
11:05:26.0773 6236 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:05:26.0813 6236 mpio - ok
11:05:26.0865 6236 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:05:26.0865 6236 mpsdrv - ok
11:05:27.0015 6236 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:05:27.0317 6236 MpsSvc - ok
11:05:27.0397 6236 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:05:27.0397 6236 MRxDAV - ok
11:05:27.0457 6236 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:27.0457 6236 mrxsmb - ok
11:05:27.0507 6236 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:27.0517 6236 mrxsmb10 - ok
11:05:27.0537 6236 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:27.0537 6236 mrxsmb20 - ok
11:05:27.0587 6236 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:05:27.0587 6236 msahci - ok
11:05:27.0617 6236 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:05:27.0627 6236 msdsm - ok
11:05:27.0647 6236 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:05:27.0667 6236 MSDTC - ok
11:05:27.0709 6236 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:05:27.0710 6236 Msfs - ok
11:05:27.0739 6236 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:05:27.0749 6236 mshidkmdf - ok
11:05:27.0789 6236 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:05:27.0789 6236 msisadrv - ok
11:05:27.0839 6236 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:05:27.0859 6236 MSiSCSI - ok
11:05:27.0869 6236 msiserver - ok
11:05:27.0902 6236 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:05:27.0931 6236 MSKSSRV - ok
11:05:28.0013 6236 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:28.0023 6236 MSPCLOCK - ok
11:05:28.0063 6236 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:05:28.0073 6236 MSPQM - ok
11:05:28.0243 6236 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:05:28.0243 6236 MsRPC - ok
11:05:28.0293 6236 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:05:28.0293 6236 mssmbios - ok
11:05:28.0563 6236 MSSQL$SQLEXPRESS - ok
11:05:28.0633 6236 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:05:28.0653 6236 MSSQLServerADHelper - ok
11:05:28.0663 6236 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:05:28.0673 6236 MSTEE - ok
11:05:28.0953 6236 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
11:05:29.0217 6236 msvsmon90 - ok
11:05:29.0249 6236 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:05:29.0259 6236 MTConfig - ok
11:05:29.0289 6236 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:05:29.0289 6236 Mup - ok
11:05:29.0339 6236 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:05:29.0399 6236 napagent - ok
11:05:29.0439 6236 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:05:29.0439 6236 NativeWifiP - ok
11:05:29.0679 6236 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121011.002\ENG64.SYS
11:05:29.0699 6236 NAVENG - ok
11:05:29.0789 6236 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121011.002\EX64.SYS
11:05:29.0879 6236 NAVEX15 - ok
11:05:30.0009 6236 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:05:30.0019 6236 NDIS - ok
11:05:30.0149 6236 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:05:30.0159 6236 NdisCap - ok
11:05:30.0269 6236 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:30.0269 6236 NdisTapi - ok
11:05:30.0399 6236 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:30.0399 6236 Ndisuio - ok
11:05:30.0559 6236 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:30.0559 6236 NdisWan - ok
11:05:30.0639 6236 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:05:30.0639 6236 NDProxy - ok
11:05:30.0699 6236 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:05:30.0709 6236 NetBIOS - ok
11:05:30.0799 6236 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:05:30.0809 6236 NetBT - ok
11:05:30.0819 6236 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:05:30.0819 6236 Netlogon - ok
11:05:30.0876 6236 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:05:30.0901 6236 Netman - ok
11:05:30.0921 6236 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:05:31.0021 6236 netprofm - ok
11:05:31.0093 6236 [ D66596DB0A0739A89C25B590CE36D628 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
11:05:31.0113 6236 netr28x - ok
11:05:31.0153 6236 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:31.0173 6236 NetTcpPortSharing - ok
11:05:31.0193 6236 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:05:31.0203 6236 nfrd960 - ok
11:05:31.0263 6236 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:05:31.0293 6236 NlaSvc - ok
11:05:31.0303 6236 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:05:31.0313 6236 Npfs - ok
11:05:31.0343 6236 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:05:31.0363 6236 nsi - ok
11:05:31.0373 6236 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:05:31.0373 6236 nsiproxy - ok
11:05:31.0443 6236 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:05:31.0483 6236 Ntfs - ok
11:05:31.0519 6236 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:05:31.0519 6236 Null - ok
11:05:31.0565 6236 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:05:31.0585 6236 nvraid - ok
11:05:31.0595 6236 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:05:31.0615 6236 nvstor - ok
11:05:31.0635 6236 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:05:31.0645 6236 nv_agp - ok
11:05:31.0727 6236 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:05:31.0777 6236 odserv - ok
11:05:31.0819 6236 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:05:31.0829 6236 ohci1394 - ok
11:05:31.0879 6236 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:05:31.0919 6236 ose - ok
11:05:32.0443 6236 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:05:32.0585 6236 osppsvc - ok
11:05:32.0727 6236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:05:32.0747 6236 p2pimsvc - ok
11:05:32.0857 6236 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:05:32.0887 6236 p2psvc - ok
11:05:32.0937 6236 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:05:32.0947 6236 Parport - ok
11:05:32.0987 6236 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:05:32.0987 6236 partmgr - ok
11:05:33.0037 6236 [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
11:05:33.0057 6236 PcaSp60 - ok
11:05:33.0107 6236 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:05:33.0177 6236 PcaSvc - ok
11:05:33.0227 6236 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:05:33.0227 6236 pci - ok
11:05:33.0267 6236 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:05:33.0277 6236 pciide - ok
11:05:33.0317 6236 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:05:33.0317 6236 pcmcia - ok
11:05:33.0337 6236 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:05:33.0337 6236 pcw - ok
11:05:33.0367 6236 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:05:33.0377 6236 PEAUTH - ok
11:05:33.0457 6236 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:05:33.0557 6236 PeerDistSvc - ok
11:05:33.0727 6236 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:05:33.0747 6236 PerfHost - ok
11:05:33.0957 6236 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:05:34.0097 6236 pla - ok
11:05:34.0247 6236 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:05:34.0327 6236 PlugPlay - ok
11:05:34.0387 6236 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:05:34.0397 6236 PNRPAutoReg - ok
11:05:34.0557 6236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:05:34.0557 6236 PNRPsvc - ok
11:05:34.0727 6236 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:05:34.0847 6236 PolicyAgent - ok
11:05:34.0907 6236 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:05:34.0927 6236 Power - ok
11:05:34.0957 6236 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:05:34.0957 6236 PptpMiniport - ok
11:05:34.0997 6236 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:05:35.0017 6236 Processor - ok
11:05:35.0057 6236 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:05:35.0077 6236 ProfSvc - ok
11:05:35.0097 6236 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:05:35.0097 6236 ProtectedStorage - ok
11:05:35.0217 6236 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:05:35.0227 6236 Psched - ok
11:05:35.0277 6236 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:05:35.0357 6236 ql2300 - ok
11:05:35.0367 6236 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:05:35.0377 6236 ql40xx - ok
11:05:35.0457 6236 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:05:35.0477 6236 QWAVE - ok
11:05:35.0497 6236 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:05:35.0507 6236 QWAVEdrv - ok
11:05:35.0517 6236 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:05:35.0537 6236 RasAcd - ok
11:05:35.0589 6236 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:05:35.0589 6236 RasAgileVpn - ok
11:05:35.0609 6236 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:05:35.0619 6236 RasAuto - ok
11:05:35.0669 6236 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:05:35.0669 6236 Rasl2tp - ok
11:05:35.0719 6236 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:05:35.0739 6236 RasMan - ok
11:05:35.0749 6236 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:05:35.0749 6236 RasPppoe - ok
11:05:35.0773 6236 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:05:35.0774 6236 RasSstp - ok
11:05:35.0811 6236 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:05:35.0821 6236 rdbss - ok
11:05:35.0841 6236 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:05:35.0841 6236 rdpbus - ok
11:05:35.0851 6236 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:05:35.0851 6236 RDPCDD - ok
11:05:35.0901 6236 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:05:35.0991 6236 RDPDR - ok
11:05:36.0071 6236 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:05:36.0071 6236 RDPENCDD - ok
11:05:36.0091 6236 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:05:36.0091 6236 RDPREFMP - ok
11:05:36.0171 6236 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:05:36.0621 6236 RDPWD - ok
11:05:36.0721 6236 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:05:36.0721 6236 rdyboost - ok
11:05:36.0851 6236 [ 6B220CC1B8EB7F8723F5082F4A990B3C ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
11:05:36.0851 6236 RealNetworks Downloader Resolver Service - ok
11:05:36.0901 6236 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:05:36.0911 6236 RemoteAccess - ok
11:05:36.0961 6236 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:05:36.0981 6236 RemoteRegistry - ok
11:05:37.0001 6236 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:05:37.0011 6236 RpcEptMapper - ok
11:05:37.0031 6236 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:05:37.0041 6236 RpcLocator - ok
11:05:37.0091 6236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:05:37.0091 6236 RpcSs - ok
11:05:37.0141 6236 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:05:37.0141 6236 rspndr - ok
11:05:37.0231 6236 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:05:37.0241 6236 s3cap - ok
11:05:37.0301 6236 [ D9693EB930B3FF0861D9F454CAFE5B10 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
11:05:37.0311 6236 S3XXx64 - ok
11:05:37.0331 6236 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:05:37.0331 6236 SamSs - ok
11:05:37.0381 6236 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:05:37.0391 6236 sbp2port - ok
11:05:37.0421 6236 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:05:37.0441 6236 SCardSvr - ok
11:05:37.0499 6236 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:05:37.0503 6236 scfilter - ok
11:05:37.0573 6236 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:05:37.0676 6236 Schedule - ok
11:05:37.0715 6236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:05:37.0715 6236 SCPolicySvc - ok
11:05:37.0755 6236 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:05:37.0765 6236 sdbus - ok
11:05:37.0805 6236 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:05:37.0825 6236 SDRSVC - ok
11:05:37.0845 6236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:05:37.0845 6236 secdrv - ok
11:05:37.0885 6236 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:05:37.0915 6236 seclogon - ok
11:05:37.0965 6236 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:05:37.0975 6236 SENS - ok
11:05:38.0025 6236 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:05:38.0045 6236 SensrSvc - ok
11:05:38.0155 6236 [ 3DC3EC72952BD60C438E397781FF0572 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
11:05:38.0175 6236 Ser2pl - ok
11:05:38.0205 6236 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:05:38.0215 6236 Serenum - ok
11:05:38.0285 6236 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:05:38.0305 6236 Serial - ok
11:05:38.0375 6236 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:05:38.0385 6236 sermouse - ok
11:05:38.0455 6236 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:05:38.0465 6236 SessionEnv - ok
11:05:38.0515 6236 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:05:38.0525 6236 sffdisk - ok
11:05:38.0525 6236 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:05:38.0545 6236 sffp_mmc - ok
11:05:38.0545 6236 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:05:38.0555 6236 sffp_sd - ok
11:05:38.0565 6236 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:05:38.0575 6236 sfloppy - ok
11:05:38.0627 6236 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:05:38.0647 6236 SharedAccess - ok
11:05:38.0687 6236 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:05:38.0697 6236 ShellHWDetection - ok
11:05:38.0737 6236 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
11:05:38.0747 6236 simptcp - ok
11:05:38.0757 6236 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:05:38.0777 6236 SiSRaid2 - ok
11:05:38.0777 6236 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:05:38.0797 6236 SiSRaid4 - ok
11:05:38.0817 6236 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:05:38.0827 6236 Smb - ok
11:05:38.0967 6236 [ 9B34CD63A68AA922A1A30B449A626A7F ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
11:05:39.0049 6236 SmcService - ok
11:05:39.0111 6236 [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
11:05:39.0131 6236 SNAC - ok
11:05:39.0201 6236 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:05:39.0211 6236 SNMPTRAP - ok
11:05:39.0221 6236 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:05:39.0221 6236 spldr - ok
11:05:39.0271 6236 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:05:39.0291 6236 Spooler - ok
11:05:39.0401 6236 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:05:39.0875 6236 sppsvc - ok
11:05:39.0895 6236 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:05:39.0947 6236 sppuinotify - ok
11:05:40.0217 6236 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
11:05:40.0217 6236 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
11:05:40.0227 6236 sptd ( LockedFile.Multi.Generic ) - warning
11:05:40.0227 6236 sptd - detected LockedFile.Multi.Generic (1)
11:05:40.0277 6236 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:05:40.0277 6236 SQLBrowser - ok
11:05:40.0477 6236 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:05:40.0477 6236 SQLWriter - ok
11:05:40.0657 6236 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
11:05:40.0657 6236 SRTSP - ok
11:05:40.0757 6236 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
11:05:40.0837 6236 SRTSPL - ok
11:05:40.0867 6236 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
11:05:40.0867 6236 SRTSPX - ok
11:05:40.0907 6236 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:05:40.0917 6236 srv - ok
11:05:40.0937 6236 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:05:40.0937 6236 srv2 - ok
11:05:40.0987 6236 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:05:40.0997 6236 SrvHsfHDA - ok
11:05:41.0037 6236 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:05:41.0067 6236 SrvHsfV92 - ok
11:05:41.0097 6236 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:05:41.0117 6236 SrvHsfWinac - ok
11:05:41.0147 6236 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:05:41.0147 6236 srvnet - ok
11:05:41.0199 6236 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:05:41.0219 6236 SSDPSRV - ok
11:05:41.0229 6236 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:05:41.0249 6236 SstpSvc - ok
11:05:41.0291 6236 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:05:41.0311 6236 stexstor - ok
11:05:41.0362 6236 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:05:41.0393 6236 stisvc - ok
11:05:41.0443 6236 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:05:41.0443 6236 storflt - ok
11:05:41.0493 6236 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:05:41.0503 6236 StorSvc - ok
11:05:41.0513 6236 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:05:41.0523 6236 storvsc - ok
11:05:41.0543 6236 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:05:41.0543 6236 swenum - ok
11:05:41.0563 6236 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:05:41.0663 6236 swprv - ok
11:05:41.0793 6236 [ 05799A82B7A2714AE14EE17C4B660701 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
11:05:41.0813 6236 Symantec AntiVirus - ok
11:05:41.0843 6236 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:05:41.0855 6236 SymEvent - ok
11:05:42.0045 6236 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:05:42.0275 6236 SysMain - ok
11:05:42.0357 6236 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:05:42.0377 6236 TabletInputService - ok
11:05:42.0507 6236 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:05:42.0527 6236 TapiSrv - ok
11:05:42.0617 6236 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:05:42.0707 6236 TBS - ok
11:05:42.0987 6236 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:05:43.0027 6236 Tcpip - ok
11:05:43.0087 6236 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:05:43.0097 6236 TCPIP6 - ok
11:05:43.0139 6236 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:05:43.0149 6236 tcpipreg - ok
11:05:43.0189 6236 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:05:43.0199 6236 TDPIPE - ok
11:05:43.0239 6236 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:05:43.0259 6236 TDTCP - ok
11:05:43.0299 6236 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:05:43.0299 6236 tdx - ok
11:05:43.0339 6236 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
11:05:43.0339 6236 Teefer2 - ok
11:05:43.0379 6236 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:05:43.0379 6236 TermDD - ok
11:05:43.0449 6236 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:05:43.0499 6236 TermService - ok
11:05:43.0519 6236 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:05:43.0539 6236 Themes - ok
11:05:43.0569 6236 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:05:43.0569 6236 THREADORDER - ok
11:05:43.0589 6236 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:05:43.0609 6236 TrkWks - ok
11:05:43.0679 6236 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:05:43.0699 6236 TrustedInstaller - ok
11:05:43.0751 6236 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:05:43.0761 6236 tssecsrv - ok
11:05:43.0791 6236 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:05:43.0801 6236 TsUsbFlt - ok
11:05:43.0851 6236 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:05:43.0851 6236 tunnel - ok
11:05:43.0871 6236 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:05:43.0881 6236 uagp35 - ok
11:05:43.0921 6236 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:05:43.0961 6236 udfs - ok
11:05:44.0010 6236 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:05:44.0023 6236 UI0Detect - ok
11:05:44.0223 6236 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
11:05:44.0223 6236 UleadBurningHelper - ok
11:05:44.0283 6236 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:05:44.0293 6236 uliagpkx - ok
11:05:44.0353 6236 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:05:44.0363 6236 umbus - ok
11:05:44.0463 6236 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:05:44.0483 6236 UmPass - ok
11:05:44.0553 6236 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:05:44.0563 6236 UmRdpService - ok
11:05:44.0703 6236 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:05:44.0853 6236 upnphost - ok
11:05:44.0933 6236 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:05:44.0943 6236 usbaudio - ok
11:05:44.0983 6236 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
11:05:44.0993 6236 usbbus - ok
11:05:45.0023 6236 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:45.0023 6236 usbccgp - ok
11:05:45.0073 6236 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:05:45.0093 6236 usbcir - ok
11:05:45.0113 6236 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
11:05:45.0123 6236 UsbDiag - ok
11:05:45.0153 6236 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:05:45.0153 6236 usbehci - ok
11:05:45.0183 6236 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:05:45.0193 6236 usbhub - ok
11:05:45.0223 6236 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
11:05:45.0233 6236 USBModem - ok
11:05:45.0233 6236 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:05:45.0243 6236 usbohci - ok
11:05:45.0273 6236 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:05:45.0283 6236 usbprint - ok
11:05:45.0383 6236 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:05:45.0393 6236 usbscan - ok
11:05:45.0413 6236 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:45.0434 6236 USBSTOR - ok
11:05:45.0453 6236 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:05:45.0455 6236 usbuhci - ok
11:05:45.0475 6236 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:05:45.0475 6236 usbvideo - ok
11:05:45.0525 6236 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:05:45.0535 6236 UxSms - ok
11:05:45.0555 6236 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:05:45.0555 6236 VaultSvc - ok
11:05:45.0585 6236 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:05:45.0585 6236 vdrvroot - ok
11:05:45.0645 6236 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:05:45.0675 6236 vds - ok
11:05:45.0695 6236 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:45.0705 6236 vga - ok
11:05:45.0725 6236 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:05:45.0725 6236 VgaSave - ok
11:05:45.0755 6236 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:05:45.0775 6236 vhdmp - ok
11:05:45.0825 6236 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:05:45.0845 6236 viaide - ok
11:05:45.0885 6236 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:05:45.0895 6236 vmbus - ok
11:05:45.0925 6236 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:05:45.0945 6236 VMBusHID - ok
11:05:45.0965 6236 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:05:45.0975 6236 volmgr - ok
11:05:46.0075 6236 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:05:46.0075 6236 volmgrx - ok
11:05:46.0135 6236 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:05:46.0135 6236 volsnap - ok
11:05:46.0355 6236 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:05:46.0395 6236 vpnagent - ok
11:05:46.0455 6236 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
11:05:46.0475 6236 vpnva - ok
11:05:46.0575 6236 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:05:46.0595 6236 vsmraid - ok
11:05:46.0855 6236 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:05:46.0995 6236 VSS - ok
11:05:47.0005 6236 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:05:47.0005 6236 vwifibus - ok
11:05:47.0046 6236 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:05:47.0048 6236 vwififlt - ok
11:05:47.0107 6236 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:05:48.0887 6236 W32Time - ok
11:05:48.0947 6236 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:05:48.0987 6236 WacomPen - ok
11:05:49.0037 6236 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:05:49.0037 6236 WANARP - ok
11:05:49.0067 6236 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:05:49.0067 6236 Wanarpv6 - ok
11:05:49.0147 6236 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:05:49.0207 6236 WatAdminSvc - ok
11:05:49.0289 6236 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:05:49.0359 6236 wbengine - ok
11:05:49.0399 6236 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:05:49.0419 6236 WbioSrvc - ok
11:05:49.0499 6236 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:05:49.0509 6236 wcncsvc - ok
11:05:49.0519 6236 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:05:49.0539 6236 WcsPlugInService - ok
11:05:49.0559 6236 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:05:49.0569 6236 Wd - ok
11:05:49.0599 6236 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:05:49.0619 6236 Wdf01000 - ok
11:05:49.0639 6236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:05:49.0649 6236 WdiServiceHost - ok
11:05:49.0659 6236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:05:49.0669 6236 WdiSystemHost - ok
11:05:49.0721 6236 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:05:49.0751 6236 WebClient - ok
11:05:49.0771 6236 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:05:49.0791 6236 Wecsvc - ok
11:05:49.0801 6236 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:05:49.0811 6236 wercplsupport - ok
11:05:49.0831 6236 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:05:49.0841 6236 WerSvc - ok
11:05:49.0861 6236 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:05:49.0861 6236 WfpLwf - ok
11:05:49.0891 6236 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:05:49.0901 6236 WIMMount - ok
11:05:49.0931 6236 WinDefend - ok
11:05:49.0946 6236 WinHttpAutoProxySvc - ok
11:05:50.0073 6236 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:05:50.0093 6236 Winmgmt - ok
11:05:50.0283 6236 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:05:50.0383 6236 WinRM - ok
11:05:50.0473 6236 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:05:50.0483 6236 WinUsb - ok
11:05:50.0523 6236 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:05:50.0573 6236 Wlansvc - ok
11:05:50.0693 6236 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:05:50.0753 6236 wlidsvc - ok
11:05:50.0773 6236 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:05:50.0773 6236 WmiAcpi - ok
11:05:50.0815 6236 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:05:50.0845 6236 wmiApSrv - ok
11:05:50.0885 6236 WMPNetworkSvc - ok
11:05:50.0905 6236 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:05:50.0915 6236 WPCSvc - ok
11:05:50.0945 6236 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:05:50.0975 6236 WPDBusEnum - ok
11:05:51.0005 6236 [ 1D98E69903BC3A2D8383696DD701B679 ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
11:05:51.0015 6236 WPS - ok
11:05:51.0055 6236 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
11:05:51.0075 6236 WpsHelper - ok
11:05:51.0125 6236 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:05:51.0135 6236 ws2ifsl - ok
11:05:51.0175 6236 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:05:51.0195 6236 wscsvc - ok
11:05:51.0205 6236 WSearch - ok
11:05:51.0285 6236 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:05:51.0395 6236 wuauserv - ok
11:05:51.0441 6236 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:05:51.0443 6236 WudfPf - ok
11:05:51.0467 6236 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:51.0487 6236 WUDFRd - ok
11:05:51.0527 6236 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:05:51.0537 6236 wudfsvc - ok
11:05:51.0557 6236 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:05:51.0577 6236 WwanSvc - ok
11:05:51.0607 6236 ================ Scan global ===============================
11:05:51.0647 6236 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:05:51.0687 6236 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:05:51.0727 6236 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:05:51.0768 6236 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:05:51.0819 6236 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:05:51.0829 6236 [Global] - ok
11:05:51.0829 6236 ================ Scan MBR ==================================
11:05:51.0839 6236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:05:51.0839 6236 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:05:51.0869 6236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:05:51.0869 6236 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:05:51.0869 6236 ================ Scan VBR ==================================
11:05:51.0879 6236 [ 431C779E5D6E8DBDADEE230B4C6A86F9 ] \Device\Harddisk0\DR0\Partition1
11:05:51.0879 6236 \Device\Harddisk0\DR0\Partition1 - ok
11:05:51.0879 6236 ============================================================
11:05:51.0879 6236 Scan finished
11:05:51.0879 6236 ============================================================
11:05:51.0899 3392 Detected object count: 2
11:05:51.0899 3392 Actual detected object count: 2
11:06:26.0023 3392 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
11:06:26.0043 3392 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
11:06:27.0319 3392 \Device\Harddisk0\DR0\# - copied to quarantine
11:06:27.0329 3392 \Device\Harddisk0\DR0 - copied to quarantine
11:06:27.0431 3392 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:06:27.0451 3392 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:06:27.0481 3392 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:06:27.0511 3392 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:06:27.0521 3392 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:06:27.0521 3392 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:06:27.0531 3392 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:06:27.0541 3392 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:06:27.0551 3392 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:06:27.0565 3392 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:06:27.0572 3392 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:06:27.0577 3392 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:06:27.0603 3392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:06:27.0683 3392 \Device\Harddisk0\DR0 - ok
11:06:27.0713 3392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

Second TDSSkiller Log:

11:14:47.0569 3540 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:14:48.0052 3540 ============================================================
11:14:48.0052 3540 Current date / time: 2012/10/11 11:14:48.0052
11:14:48.0052 3540 SystemInfo:
11:14:48.0052 3540
11:14:48.0052 3540 OS Version: 6.1.7601 ServicePack: 1.0
11:14:48.0052 3540 Product type: Workstation
11:14:48.0068 3540 ComputerName: EXTENSA
11:14:48.0068 3540 UserName: David
11:14:48.0068 3540 Windows directory: C:\Windows
11:14:48.0068 3540 System windows directory: C:\Windows
11:14:48.0068 3540 Running under WOW64
11:14:48.0068 3540 Processor architecture: Intel x64
11:14:48.0068 3540 Number of processors: 2
11:14:48.0068 3540 Page size: 0x1000
11:14:48.0068 3540 Boot type: Normal boot
11:14:48.0068 3540 ============================================================
11:15:07.0432 3540 BG loaded
11:15:08.0571 3540 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:15:08.0602 3540 ============================================================
11:15:08.0602 3540 \Device\Harddisk0\DR0:
11:15:08.0665 3540 MBR partitions:
11:15:08.0665 3540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
11:15:08.0665 3540 ============================================================
11:15:08.0743 3540 C: <-> \Device\Harddisk0\DR0\Partition1
11:15:08.0743 3540 ============================================================
11:15:08.0743 3540 Initialize success
11:15:08.0743 3540 ============================================================
11:22:06.0340 4460 ============================================================
11:22:06.0340 4460 Scan started
11:22:06.0340 4460 Mode: Manual; TDLFS;
11:22:06.0340 4460 ============================================================
11:22:06.0745 4460 ================ Scan system memory ========================
11:22:06.0745 4460 System memory - ok
11:22:06.0745 4460 ================ Scan services =============================
11:22:06.0917 4460 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:22:06.0917 4460 1394ohci - ok
11:22:06.0979 4460 [ C7323B83878C8C83A9A2DDEBD4A823B9 ] A191_x64 C:\Windows\system32\DRIVERS\A191_x64.sys
11:22:06.0995 4460 A191_x64 - ok
11:22:07.0089 4460 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
11:22:07.0089 4460 ac.sharedstore - ok
11:22:07.0135 4460 [ 0803574AD22B3AA83A54966CD07B1B50 ] acautoupdate C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
11:22:07.0135 4460 acautoupdate - ok
11:22:07.0182 4460 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:22:07.0198 4460 ACPI - ok
11:22:07.0245 4460 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:22:07.0260 4460 AcpiPmi - ok
11:22:07.0323 4460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:22:07.0338 4460 adp94xx - ok
11:22:07.0354 4460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:22:07.0354 4460 adpahci - ok
11:22:07.0385 4460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:22:07.0385 4460 adpu320 - ok
11:22:07.0432 4460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:22:07.0432 4460 AeLookupSvc - ok
11:22:07.0479 4460 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:22:07.0479 4460 AFD - ok
11:22:07.0510 4460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:22:07.0510 4460 agp440 - ok
11:22:07.0525 4460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:22:07.0525 4460 ALG - ok
11:22:07.0557 4460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:22:07.0557 4460 aliide - ok
11:22:07.0557 4460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:22:07.0557 4460 amdide - ok
11:22:07.0572 4460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:22:07.0572 4460 AmdK8 - ok
11:22:07.0572 4460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:22:07.0588 4460 AmdPPM - ok
11:22:07.0603 4460 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:22:07.0603 4460 amdsata - ok
11:22:07.0619 4460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:22:07.0619 4460 amdsbs - ok
11:22:07.0650 4460 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:22:07.0650 4460 amdxata - ok
11:22:07.0697 4460 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:22:07.0697 4460 AppID - ok
11:22:07.0713 4460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:22:07.0728 4460 AppIDSvc - ok
11:22:07.0775 4460 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:22:07.0775 4460 Appinfo - ok
11:22:07.0822 4460 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:22:07.0822 4460 AppMgmt - ok
11:22:07.0837 4460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:22:07.0837 4460 arc - ok
11:22:07.0853 4460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:22:07.0853 4460 arcsas - ok
11:22:07.0884 4460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:22:07.0884 4460 AsyncMac - ok
11:22:07.0900 4460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:22:07.0900 4460 atapi - ok
11:22:08.0040 4460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:22:08.0056 4460 AudioEndpointBuilder - ok
11:22:08.0071 4460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:22:08.0087 4460 AudioSrv - ok
11:22:08.0118 4460 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:22:08.0134 4460 AxInstSV - ok
11:22:08.0149 4460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:22:08.0165 4460 b06bdrv - ok
11:22:08.0196 4460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:22:08.0196 4460 b57nd60a - ok
11:22:08.0243 4460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:22:08.0243 4460 BDESVC - ok
11:22:08.0259 4460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:22:08.0259 4460 Beep - ok
11:22:08.0321 4460 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:22:08.0337 4460 BFE - ok
11:22:08.0368 4460 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:22:08.0415 4460 BITS - ok
11:22:08.0446 4460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:22:08.0446 4460 blbdrive - ok
11:22:08.0477 4460 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:22:08.0477 4460 bowser - ok
11:22:08.0493 4460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:22:08.0508 4460 BrFiltLo - ok
11:22:08.0508 4460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:22:08.0508 4460 BrFiltUp - ok
11:22:08.0539 4460 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:22:08.0539 4460 Browser - ok
11:22:08.0555 4460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:22:08.0571 4460 Brserid - ok
11:22:08.0571 4460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:22:08.0571 4460 BrSerWdm - ok
11:22:08.0586 4460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:22:08.0586 4460 BrUsbMdm - ok
11:22:08.0602 4460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:22:08.0602 4460 BrUsbSer - ok
11:22:08.0602 4460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:22:08.0617 4460 BTHMODEM - ok
11:22:08.0633 4460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:22:08.0633 4460 bthserv - ok
11:22:08.0758 4460 [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:22:08.0758 4460 ccEvtMgr - ok
11:22:08.0773 4460 [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
11:22:08.0773 4460 ccSetMgr - ok
11:22:08.0789 4460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:22:08.0805 4460 cdfs - ok
11:22:08.0851 4460 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:22:08.0851 4460 cdrom - ok
11:22:08.0883 4460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:22:08.0883 4460 CertPropSvc - ok
11:22:08.0914 4460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:22:08.0914 4460 circlass - ok
11:22:08.0945 4460 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
11:22:08.0945 4460 CISVC - ok
11:22:08.0976 4460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:22:08.0976 4460 CLFS - ok
11:22:09.0085 4460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:09.0085 4460 clr_optimization_v2.0.50727_32 - ok
11:22:09.0148 4460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:22:09.0148 4460 clr_optimization_v2.0.50727_64 - ok
11:22:09.0226 4460 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:22:09.0257 4460 clr_optimization_v4.0.30319_32 - ok
11:22:09.0288 4460 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:22:09.0288 4460 clr_optimization_v4.0.30319_64 - ok
11:22:09.0335 4460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:22:09.0335 4460 CmBatt - ok
11:22:09.0382 4460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:22:09.0382 4460 cmdide - ok
11:22:09.0429 4460 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:22:09.0460 4460 CNG - ok
11:22:09.0507 4460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:22:09.0507 4460 Compbatt - ok
11:22:09.0569 4460 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:22:09.0569 4460 CompositeBus - ok
11:22:09.0585 4460 COMSysApp - ok
11:22:09.0631 4460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:22:09.0631 4460 crcdisk - ok
11:22:09.0694 4460 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:22:09.0694 4460 CryptSvc - ok
11:22:09.0756 4460 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:22:09.0756 4460 CSC - ok
11:22:09.0819 4460 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:22:09.0819 4460 CscService - ok
11:22:09.0897 4460 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
11:22:09.0897 4460 ctxusbm - ok
11:22:09.0928 4460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:22:09.0928 4460 DcomLaunch - ok
11:22:09.0975 4460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:22:09.0990 4460 defragsvc - ok
11:22:10.0021 4460 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:22:10.0037 4460 DfsC - ok
11:22:10.0068 4460 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:22:10.0068 4460 Dhcp - ok
11:22:10.0115 4460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:22:10.0115 4460 discache - ok
11:22:10.0131 4460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:22:10.0146 4460 Disk - ok
11:22:10.0209 4460 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:22:10.0209 4460 Dnscache - ok
11:22:10.0255 4460 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:22:10.0271 4460 dot3svc - ok
11:22:10.0287 4460 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:22:10.0302 4460 DPS - ok
11:22:10.0349 4460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:22:10.0365 4460 drmkaud - ok
11:22:10.0427 4460 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:22:10.0443 4460 DXGKrnl - ok
11:22:10.0474 4460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:22:10.0474 4460 EapHost - ok
11:22:10.0552 4460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:22:10.0692 4460 ebdrv - ok
11:22:10.0770 4460 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:22:10.0770 4460 eeCtrl - ok
11:22:10.0817 4460 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:22:10.0817 4460 EFS - ok
11:22:10.0879 4460 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:22:10.0926 4460 ehRecvr - ok
11:22:10.0957 4460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:22:10.0957 4460 ehSched - ok
11:22:10.0989 4460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:22:11.0020 4460 elxstor - ok
11:22:11.0051 4460 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:22:11.0051 4460 EraserUtilRebootDrv - ok
11:22:11.0098 4460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:22:11.0098 4460 ErrDev - ok
11:22:11.0160 4460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:22:11.0176 4460 EventSystem - ok
11:22:11.0191 4460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:22:11.0191 4460 exfat - ok
11:22:11.0223 4460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:22:11.0223 4460 fastfat - ok
11:22:11.0285 4460 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:22:11.0301 4460 Fax - ok
11:22:11.0316 4460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:22:11.0316 4460 fdc - ok
11:22:11.0332 4460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:22:11.0347 4460 fdPHost - ok
11:22:11.0363 4460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:22:11.0363 4460 FDResPub - ok
11:22:11.0379 4460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:22:11.0379 4460 FileInfo - ok
11:22:11.0394 4460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:22:11.0394 4460 Filetrace - ok
11:22:11.0394 4460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:22:11.0394 4460 flpydisk - ok
11:22:11.0457 4460 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:22:11.0457 4460 FltMgr - ok
11:22:11.0519 4460 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:22:11.0535 4460 FontCache - ok
11:22:11.0613 4460 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:22:11.0613 4460 FontCache3.0.0.0 - ok
11:22:11.0628 4460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:22:11.0628 4460 FsDepends - ok
11:22:11.0659 4460 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:22:11.0675 4460 Fs_Rec - ok
11:22:11.0722 4460 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:22:11.0753 4460 fvevol - ok
11:22:11.0784 4460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:22:11.0784 4460 gagp30kx - ok
11:22:11.0847 4460 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:22:11.0862 4460 gpsvc - ok
11:22:12.0034 4460 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:22:12.0034 4460 gupdate - ok
11:22:12.0065 4460 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:22:12.0081 4460 gupdatem - ok
11:22:12.0127 4460 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:22:12.0127 4460 gusvc - ok
11:22:12.0127 4460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:22:12.0143 4460 hcw85cir - ok
11:22:12.0205 4460 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:22:12.0205 4460 HdAudAddService - ok
11:22:12.0237 4460 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:22:12.0237 4460 HDAudBus - ok
11:22:12.0237 4460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:22:12.0237 4460 HidBatt - ok
11:22:12.0268 4460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:22:12.0268 4460 HidBth - ok
11:22:12.0268 4460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:22:12.0283 4460 HidIr - ok
11:22:12.0315 4460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:22:12.0330 4460 hidserv - ok
11:22:12.0377 4460 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:22:12.0393 4460 HidUsb - ok
11:22:12.0439 4460 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:22:12.0439 4460 hkmsvc - ok
11:22:12.0486 4460 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:22:12.0486 4460 HomeGroupListener - ok
11:22:12.0517 4460 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:22:12.0533 4460 HomeGroupProvider - ok
11:22:12.0580 4460 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:22:12.0580 4460 HpSAMD - ok
11:22:12.0642 4460 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:22:12.0642 4460 HTTP - ok
11:22:12.0689 4460 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:22:12.0705 4460 hwpolicy - ok
11:22:12.0751 4460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:22:12.0751 4460 i8042prt - ok
11:22:12.0783 4460 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:22:12.0814 4460 iaStorV - ok
11:22:12.0861 4460 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:22:12.0923 4460 idsvc - ok
11:22:13.0110 4460 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:22:13.0173 4460 igfx - ok
11:22:13.0500 4460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:22:13.0500 4460 iirsp - ok
11:22:13.0547 4460 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:22:13.0563 4460 IKEEXT - ok
11:22:13.0578 4460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:22:13.0578 4460 intelide - ok
11:22:13.0594 4460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:22:13.0594 4460 intelppm - ok
11:22:13.0641 4460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:22:13.0641 4460 IPBusEnum - ok
11:22:13.0687 4460 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:22:13.0687 4460 IpFilterDriver - ok
11:22:13.0750 4460 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:22:13.0750 4460 iphlpsvc - ok
11:22:13.0797 4460 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:22:13.0812 4460 IPMIDRV - ok
11:22:13.0828 4460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:22:13.0828 4460 IPNAT - ok
11:22:13.0859 4460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:22:13.0859 4460 IRENUM - ok
11:22:13.0890 4460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:22:13.0906 4460 isapnp - ok
11:22:13.0999 4460 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:22:14.0015 4460 iScsiPrt - ok
11:22:14.0077 4460 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
11:22:14.0077 4460 JMCR - ok
11:22:14.0124 4460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:22:14.0124 4460 kbdclass - ok
11:22:14.0155 4460 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:22:14.0171 4460 kbdhid - ok
11:22:14.0202 4460 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:22:14.0202 4460 KeyIso - ok
11:22:14.0218 4460 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:22:14.0218 4460 KSecDD - ok
11:22:14.0249 4460 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:22:14.0265 4460 KSecPkg - ok
11:22:14.0280 4460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:22:14.0280 4460 ksthunk - ok
11:22:14.0311 4460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:22:14.0327 4460 KtmRm - ok
11:22:14.0405 4460 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:22:14.0405 4460 LanmanServer - ok
11:22:14.0452 4460 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:22:14.0467 4460 LanmanWorkstation - ok
11:22:14.0592 4460 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:22:14.0623 4460 LiveUpdate - ok
11:22:14.0655 4460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:22:14.0655 4460 lltdio - ok
11:22:14.0670 4460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:22:14.0686 4460 lltdsvc - ok
11:22:14.0701 4460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:22:14.0701 4460 lmhosts - ok
11:22:14.0733 4460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:22:14.0733 4460 LSI_FC - ok
11:22:14.0748 4460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:22:14.0764 4460 LSI_SAS - ok
11:22:14.0779 4460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:22:14.0779 4460 LSI_SAS2 - ok
11:22:14.0811 4460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:22:14.0811 4460 LSI_SCSI - ok
11:22:14.0826 4460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:22:14.0826 4460 luafv - ok
11:22:14.0857 4460 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:22:14.0873 4460 Mcx2Svc - ok
11:22:14.0951 4460 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:22:14.0967 4460 MDM - ok
11:22:14.0982 4460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:22:14.0998 4460 megasas - ok
11:22:15.0013 4460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:22:15.0013 4460 MegaSR - ok
11:22:15.0076 4460 Microsoft SharePoint Workspace Audit Service - ok
11:22:15.0107 4460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:22:15.0107 4460 MMCSS - ok
11:22:15.0123 4460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:22:15.0123 4460 Modem - ok
11:22:15.0138 4460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:22:15.0138 4460 monitor - ok
11:22:15.0185 4460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:22:15.0185 4460 mouclass - ok
11:22:15.0185 4460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:22:15.0185 4460 mouhid - ok
11:22:15.0232 4460 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:22:15.0247 4460 mountmgr - ok
11:22:15.0294 4460 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:22:15.0294 4460 mpio - ok
11:22:15.0310 4460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:22:15.0310 4460 mpsdrv - ok
11:22:15.0357 4460 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:22:15.0372 4460 MpsSvc - ok
11:22:15.0403 4460 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:22:15.0403 4460 MRxDAV - ok
11:22:15.0450 4460 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:22:15.0450 4460 mrxsmb - ok
11:22:15.0497 4460 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:22:15.0497 4460 mrxsmb10 - ok
11:22:15.0513 4460 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:22:15.0513 4460 mrxsmb20 - ok
11:22:15.0528 4460 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:22:15.0528 4460 msahci - ok
11:22:15.0559 4460 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:22:15.0575 4460 msdsm - ok
11:22:15.0591 4460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:22:15.0591 4460 MSDTC - ok
11:22:15.0606 4460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:22:15.0606 4460 Msfs - ok
11:22:15.0622 4460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:22:15.0622 4460 mshidkmdf - ok
11:22:15.0669 4460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:22:15.0669 4460 msisadrv - ok
11:22:15.0731 4460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:22:15.0731 4460 MSiSCSI - ok
11:22:15.0747 4460 msiserver - ok
11:22:15.0762 4460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:22:15.0762 4460 MSKSSRV - ok
11:22:15.0778 4460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:22:15.0793 4460 MSPCLOCK - ok
11:22:15.0809 4460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:22:15.0809 4460 MSPQM - ok
11:22:15.0840 4460 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:22:15.0871 4460 MsRPC - ok
11:22:15.0903 4460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:22:15.0903 4460 mssmbios - ok
11:22:15.0996 4460 MSSQL$SQLEXPRESS - ok
11:22:16.0043 4460 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:22:16.0043 4460 MSSQLServerADHelper - ok
11:22:16.0059 4460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:22:16.0074 4460 MSTEE - ok
11:22:16.0277 4460 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
11:22:16.0386 4460 msvsmon90 - ok
11:22:16.0417 4460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:22:16.0417 4460 MTConfig - ok
11:22:16.0433 4460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:22:16.0433 4460 Mup - ok
11:22:16.0480 4460 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:22:16.0480 4460 napagent - ok
11:22:16.0527 4460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:22:16.0527 4460 NativeWifiP - ok
11:22:16.0683 4460 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121011.002\ENG64.SYS
11:22:16.0683 4460 NAVENG - ok
11:22:16.0776 4460 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121011.002\EX64.SYS
11:22:16.0792 4460 NAVEX15 - ok
11:22:16.0854 4460 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:22:16.0870 4460 NDIS - ok
11:22:16.0901 4460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:22:16.0917 4460 NdisCap - ok
11:22:16.0932 4460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:22:16.0932 4460 NdisTapi - ok
11:22:16.0979 4460 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:22:16.0979 4460 Ndisuio - ok
11:22:17.0026 4460 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:22:17.0026 4460 NdisWan - ok
11:22:17.0073 4460 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:22:17.0073 4460 NDProxy - ok
11:22:17.0073 4460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:22:17.0073 4460 NetBIOS - ok
11:22:17.0135 4460 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:22:17.0135 4460 NetBT - ok
11:22:17.0151 4460 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:22:17.0151 4460 Netlogon - ok
11:22:17.0213 4460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:22:17.0213 4460 Netman - ok
11:22:17.0260 4460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:22:17.0275 4460 netprofm - ok
11:22:17.0322 4460 [ D66596DB0A0739A89C25B590CE36D628 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
11:22:17.0338 4460 netr28x - ok
11:22:17.0369 4460 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:22:17.0385 4460 NetTcpPortSharing - ok
11:22:17.0400 4460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:22:17.0416 4460 nfrd960 - ok
11:22:17.0463 4460 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:22:17.0463 4460 NlaSvc - ok
11:22:17.0478 4460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:22:17.0478 4460 Npfs - ok
11:22:17.0525 4460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:22:17.0525 4460 nsi - ok
11:22:17.0541 4460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:22:17.0541 4460 nsiproxy - ok
11:22:17.0619 4460 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:22:17.0665 4460 Ntfs - ok
11:22:17.0681 4460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:22:17.0697 4460 Null - ok
11:22:17.0743 4460 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:22:17.0743 4460 nvraid - ok
11:22:17.0759 4460 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:22:17.0775 4460 nvstor - ok
11:22:17.0775 4460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:22:17.0790 4460 nv_agp - ok
11:22:17.0868 4460 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:22:17.0884 4460 odserv - ok
11:22:17.0931 4460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:22:17.0946 4460 ohci1394 - ok
11:22:18.0040 4460 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:22:18.0040 4460 ose - ok
11:22:18.0243 4460 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:22:18.0274 4460 osppsvc - ok
11:22:18.0336 4460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:22:18.0336 4460 p2pimsvc - ok
11:22:18.0367 4460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:22:18.0367 4460 p2psvc - ok
11:22:18.0414 4460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:22:18.0414 4460 Parport - ok
11:22:18.0445 4460 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:22:18.0445 4460 partmgr - ok
11:22:18.0492 4460 [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
11:22:18.0508 4460 PcaSp60 - ok
11:22:18.0523 4460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:22:18.0539 4460 PcaSvc - ok
11:22:18.0586 4460 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:22:18.0586 4460 pci - ok
11:22:18.0601 4460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:22:18.0601 4460 pciide - ok
11:22:18.0617 4460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:22:18.0633 4460 pcmcia - ok
11:22:18.0648 4460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:22:18.0648 4460 pcw - ok
11:22:18.0664 4460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:22:18.0679 4460 PEAUTH - ok
11:22:18.0742 4460 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:22:18.0773 4460 PeerDistSvc - ok
11:22:18.0882 4460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:22:18.0882 4460 PerfHost - ok
11:22:18.0976 4460 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:22:19.0023 4460 pla - ok
11:22:19.0069 4460 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:22:19.0085 4460 PlugPlay - ok
11:22:19.0085 4460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:22:19.0101 4460 PNRPAutoReg - ok
11:22:19.0116 4460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:22:19.0116 4460 PNRPsvc - ok
11:22:19.0147 4460 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:22:19.0163 4460 PolicyAgent - ok
11:22:19.0210 4460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:22:19.0210 4460 Power - ok
11:22:19.0241 4460 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:22:19.0241 4460 PptpMiniport - ok
11:22:19.0272 4460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:22:19.0288 4460 Processor - ok
11:22:19.0319 4460 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:22:19.0319 4460 ProfSvc - ok
11:22:19.0335 4460 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:22:19.0335 4460 ProtectedStorage - ok
11:22:19.0381 4460 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:22:19.0381 4460 Psched - ok
11:22:19.0428 4460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:22:19.0475 4460 ql2300 - ok
11:22:19.0491 4460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:22:19.0491 4460 ql40xx - ok
11:22:19.0537 4460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:22:19.0553 4460 QWAVE - ok
11:22:19.0569 4460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:22:19.0569 4460 QWAVEdrv - ok
11:22:19.0569 4460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:22:19.0569 4460 RasAcd - ok
11:22:19.0615 4460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:22:19.0615 4460 RasAgileVpn - ok
11:22:19.0631 4460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:22:19.0647 4460 RasAuto - ok
11:22:19.0678 4460 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:22:19.0678 4460 Rasl2tp - ok
11:22:19.0740 4460 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:22:19.0740 4460 RasMan - ok
11:22:19.0756 4460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:22:19.0756 4460 RasPppoe - ok
11:22:19.0787 4460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:22:19.0787 4460 RasSstp - ok
11:22:19.0834 4460 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:22:19.0849 4460 rdbss - ok
11:22:19.0865 4460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:22:19.0865 4460 rdpbus - ok
11:22:19.0881 4460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:22:19.0881 4460 RDPCDD - ok
11:22:19.0990 4460 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:22:19.0990 4460 RDPDR - ok
11:22:20.0021 4460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:22:20.0021 4460 RDPENCDD - ok
11:22:20.0037 4460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:22:20.0037 4460 RDPREFMP - ok
11:22:20.0068 4460 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:22:20.0068 4460 RDPWD - ok
11:22:20.0115 4460 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:22:20.0130 4460 rdyboost - ok
11:22:20.0193 4460 [ 6B220CC1B8EB7F8723F5082F4A990B3C ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
11:22:20.0193 4460 RealNetworks Downloader Resolver Service - ok
11:22:20.0239 4460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:22:20.0239 4460 RemoteAccess - ok
11:22:20.0286 4460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:22:20.0302 4460 RemoteRegistry - ok
11:22:20.0302 4460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:22:20.0317 4460 RpcEptMapper - ok
11:22:20.0349 4460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:22:20.0349 4460 RpcLocator - ok
11:22:20.0411 4460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:22:20.0411 4460 RpcSs - ok
11:22:20.0442 4460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:22:20.0442 4460 rspndr - ok
11:22:20.0489 4460 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:22:20.0505 4460 s3cap - ok
11:22:20.0536 4460 [ D9693EB930B3FF0861D9F454CAFE5B10 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
11:22:20.0551 4460 S3XXx64 - ok
11:22:20.0551 4460 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:22:20.0551 4460 SamSs - ok
11:22:20.0598 4460 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:22:20.0614 4460 sbp2port - ok
11:22:20.0629 4460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:22:20.0629 4460 SCardSvr - ok
11:22:20.0676 4460 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:22:20.0676 4460 scfilter - ok
11:22:20.0739 4460 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:22:20.0754 4460 Schedule - ok
11:22:20.0801 4460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:22:20.0801 4460 SCPolicySvc - ok
11:22:20.0848 4460 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:22:20.0848 4460 sdbus - ok
11:22:20.0895 4460 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:22:20.0910 4460 SDRSVC - ok
11:22:20.0926 4460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:22:20.0926 4460 secdrv - ok
11:22:20.0973 4460 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:22:20.0973 4460 seclogon - ok
11:22:21.0019 4460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:22:21.0019 4460 SENS - ok
11:22:21.0035 4460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:22:21.0051 4460 SensrSvc - ok
11:22:21.0097 4460 [ 3DC3EC72952BD60C438E397781FF0572 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
11:22:21.0113 4460 Ser2pl - ok
11:22:21.0129 4460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:22:21.0129 4460 Serenum - ok
11:22:21.0160 4460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:22:21.0160 4460 Serial - ok
11:22:21.0207 4460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:22:21.0207 4460 sermouse - ok
11:22:21.0253 4460 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:22:21.0269 4460 SessionEnv - ok
11:22:21.0300 4460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:22:21.0300 4460 sffdisk - ok
11:22:21.0300 4460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:22:21.0300 4460 sffp_mmc - ok
11:22:21.0316 4460 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:22:21.0316 4460 sffp_sd - ok
11:22:21.0331 4460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:22:21.0331 4460 sfloppy - ok
11:22:21.0378 4460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:22:21.0409 4460 SharedAccess - ok
11:22:21.0425 4460 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:22:21.0425 4460 ShellHWDetection - ok
11:22:21.0472 4460 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
11:22:21.0472 4460 simptcp - ok
11:22:21.0487 4460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:22:21.0487 4460 SiSRaid2 - ok
11:22:21.0503 4460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:22:21.0503 4460 SiSRaid4 - ok
11:22:21.0534 4460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:22:21.0534 4460 Smb - ok
11:22:21.0690 4460 [ 9B34CD63A68AA922A1A30B449A626A7F ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
11:22:21.0721 4460 SmcService - ok
11:22:21.0768 4460 [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
11:22:21.0784 4460 SNAC - ok
11:22:21.0831 4460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:22:21.0831 4460 SNMPTRAP - ok
11:22:21.0846 4460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:22:21.0862 4460 spldr - ok
11:22:21.0909 4460 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:22:21.0909 4460 Spooler - ok
11:22:22.0049 4460 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:22:22.0080 4460 sppsvc - ok
11:22:22.0111 4460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:22:22.0111 4460 sppuinotify - ok
11:22:22.0158 4460 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
11:22:22.0158 4460 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
11:22:22.0158 4460 sptd ( LockedFile.Multi.Generic ) - warning
11:22:22.0158 4460 sptd - detected LockedFile.Multi.Generic (1)
11:22:22.0174 4460 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:22:22.0174 4460 SQLBrowser - ok
11:22:22.0252 4460 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:22:22.0252 4460 SQLWriter - ok
11:22:22.0283 4460 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
11:22:22.0299 4460 SRTSP - ok
11:22:22.0330 4460 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
11:22:22.0330 4460 SRTSPL - ok
11:22:22.0361 4460 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
11:22:22.0361 4460 SRTSPX - ok
11:22:22.0423 4460 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:22:22.0439 4460 srv - ok
11:22:22.0470 4460 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:22:22.0486 4460 srv2 - ok
11:22:22.0533 4460 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:22:22.0533 4460 SrvHsfHDA - ok
11:22:22.0579 4460 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:22:22.0595 4460 SrvHsfV92 - ok
11:22:22.0657 4460 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:22:22.0657 4460 SrvHsfWinac - ok
11:22:22.0689 4460 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:22:22.0689 4460 srvnet - ok
11:22:22.0735 4460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:22:22.0735 4460 SSDPSRV - ok
11:22:22.0751 4460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:22:22.0751 4460 SstpSvc - ok
11:22:22.0798 4460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:22:22.0798 4460 stexstor - ok
11:22:22.0845 4460 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:22:22.0860 4460 stisvc - ok
11:22:22.0907 4460 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:22:22.0923 4460 storflt - ok
11:22:22.0969 4460 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:22:22.0969 4460 StorSvc - ok
11:22:22.0985 4460 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:22:22.0985 4460 storvsc - ok
11:22:23.0016 4460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:22:23.0016 4460 swenum - ok
11:22:23.0047 4460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:22:23.0063 4460 swprv - ok
11:22:23.0141 4460 [ 05799A82B7A2714AE14EE17C4B660701 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
11:22:23.0157 4460 Symantec AntiVirus - ok
11:22:23.0188 4460 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:22:23.0188 4460 SymEvent - ok
11:22:23.0281 4460 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:22:23.0297 4460 SysMain - ok
11:22:23.0344 4460 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:22:23.0359 4460 TabletInputService - ok
11:22:23.0406 4460 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:22:23.0422 4460 TapiSrv - ok
11:22:23.0437 4460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:22:23.0437 4460 TBS - ok
11:22:23.0500 4460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:22:23.0547 4460 Tcpip - ok
11:22:23.0609 4460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:22:23.0625 4460 TCPIP6 - ok
11:22:23.0656 4460 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:22:23.0656 4460 tcpipreg - ok
11:22:23.0703 4460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:22:23.0718 4460 TDPIPE - ok
11:22:23.0765 4460 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:22:23.0765 4460 TDTCP - ok
11:22:23.0812 4460 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:22:23.0812 4460 tdx - ok
11:22:23.0843 4460 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
11:22:23.0859 4460 Teefer2 - ok
11:22:23.0890 4460 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:22:23.0890 4460 TermDD - ok
11:22:24.0015 4460 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:22:24.0046 4460 TermService - ok
11:22:24.0093 4460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:22:24.0093 4460 Themes - ok
11:22:24.0139 4460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:22:24.0155 4460 THREADORDER - ok
11:22:24.0171 4460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:22:24.0171 4460 TrkWks - ok
11:22:24.0249 4460 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:22:24.0264 4460 TrustedInstaller - ok
11:22:24.0311 4460 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:22:24.0327 4460 tssecsrv - ok
11:22:24.0373 4460 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:22:24.0373 4460 TsUsbFlt - ok
11:22:24.0436 4460 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:22:24.0436 4460 tunnel - ok
11:22:24.0483 4460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:22:24.0483 4460 uagp35 - ok
11:22:24.0514 4460 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:22:24.0529 4460 udfs - ok
11:22:24.0545 4460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:22:24.0561 4460 UI0Detect - ok
11:22:24.0607 4460 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
11:22:24.0607 4460 UleadBurningHelper - ok
11:22:24.0654 4460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:22:24.0654 4460 uliagpkx - ok
11:22:24.0685 4460 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:22:24.0685 4460 umbus - ok
11:22:24.0717 4460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:22:24.0717 4460 UmPass - ok
11:22:24.0763 4460 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:22:24.0779 4460 UmRdpService - ok
11:22:24.0795 4460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:22:24.0810 4460 upnphost - ok
11:22:24.0826 4460 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:22:24.0841 4460 usbaudio - ok
11:22:24.0873 4460 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
11:22:24.0873 4460 usbbus - ok
11:22:24.0919 4460 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:22:24.0919 4460 usbccgp - ok
11:22:24.0982 4460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:22:24.0982 4460 usbcir - ok
11:22:25.0013 4460 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
11:22:25.0013 4460 UsbDiag - ok
11:22:25.0029 4460 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:22:25.0029 4460 usbehci - ok
11:22:25.0044 4460 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:22:25.0060 4460 usbhub - ok
11:22:25.0091 4460 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
11:22:25.0091 4460 USBModem - ok
11:22:25.0091 4460 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:22:25.0107 4460 usbohci - ok
11:22:25.0138 4460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:22:25.0138 4460 usbprint - ok
11:22:25.0185 4460 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:22:25.0185 4460 usbscan - ok
11:22:25.0200 4460 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:22:25.0200 4460 USBSTOR - ok
11:22:25.0216 4460 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:22:25.0216 4460 usbuhci - ok
11:22:25.0247 4460 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:22:25.0247 4460 usbvideo - ok
11:22:25.0294 4460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:22:25.0294 4460 UxSms - ok
11:22:25.0309 4460 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:22:25.0309 4460 VaultSvc - ok
11:22:25.0309 4460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:22:25.0325 4460 vdrvroot - ok
11:22:25.0372 4460 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:22:25.0403 4460 vds - ok
11:22:25.0434 4460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:22:25.0434 4460 vga - ok
11:22:25.0450 4460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:22:25.0450 4460 VgaSave - ok
11:22:25.0465 4460 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:22:25.0481 4460 vhdmp - ok
11:22:25.0497 4460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:22:25.0497 4460 viaide - ok
11:22:25.0512 4460 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:22:25.0512 4460 vmbus - ok
11:22:25.0559 4460 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:22:25.0559 4460 VMBusHID - ok
11:22:25.0575 4460 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:22:25.0590 4460 volmgr - ok
11:22:25.0637 4460 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:22:25.0668 4460 volmgrx - ok
11:22:25.0668 4460 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:22:25.0684 4460 volsnap - ok
11:22:25.0777 4460 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:22:25.0777 4460 vpnagent - ok
11:22:25.0809 4460 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
11:22:25.0824 4460 vpnva - ok
11:22:25.0840 4460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:22:25.0840 4460 vsmraid - ok
11:22:25.0918 4460 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:22:25.0980 4460 VSS - ok
11:22:25.0996 4460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:22:25.0996 4460 vwifibus - ok
11:22:26.0058 4460 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:22:26.0058 4460 vwififlt - ok
11:22:26.0121 4460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:22:26.0136 4460 W32Time - ok
11:22:26.0152 4460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:22:26.0167 4460 WacomPen - ok
11:22:26.0214 4460 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:22:26.0214 4460 WANARP - ok
11:22:26.0230 4460 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:22:26.0230 4460 Wanarpv6 - ok
11:22:26.0308 4460 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:22:26.0339 4460 WatAdminSvc - ok
11:22:26.0401 4460 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:22:26.0464 4460 wbengine - ok
11:22:26.0495 4460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:22:26.0495 4460 WbioSrvc - ok
11:22:26.0557 4460 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:22:26.0573 4460 wcncsvc - ok
11:22:26.0604 4460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:22:26.0620 4460 WcsPlugInService - ok
11:22:26.0651 4460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:22:26.0667 4460 Wd - ok
11:22:26.0682 4460 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:22:26.0713 4460 Wdf01000 - ok
11:22:26.0729 4460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:22:26.0729 4460 WdiServiceHost - ok
11:22:26.0745 4460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:22:26.0745 4460 WdiSystemHost - ok
11:22:26.0776 4460 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:22:26.0791 4460 WebClient - ok
11:22:26.0807 4460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:22:26.0807 4460 Wecsvc - ok
11:22:26.0823 4460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:22:26.0823 4460 wercplsupport - ok
11:22:26.0854 4460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:22:26.0869 4460 WerSvc - ok
11:22:26.0885 4460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:22:26.0885 4460 WfpLwf - ok
11:22:26.0916 4460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:22:26.0916 4460 WIMMount - ok
11:22:26.0932 4460 WinDefend - ok
11:22:26.0932 4460 WinHttpAutoProxySvc - ok
11:22:27.0025 4460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:22:27.0025 4460 Winmgmt - ok
11:22:27.0119 4460 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:22:27.0181 4460 WinRM - ok
11:22:27.0244 4460 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:22:27.0244 4460 WinUsb - ok
11:22:27.0291 4460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:22:27.0306 4460 Wlansvc - ok
11:22:27.0462 4460 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:22:27.0493 4460 wlidsvc - ok
11:22:27.0509 4460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:22:27.0509 4460 WmiAcpi - ok
11:22:27.0525 4460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:22:27.0525 4460 wmiApSrv - ok
11:22:27.0587 4460 WMPNetworkSvc - ok
11:22:27.0634 4460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:22:27.0634 4460 WPCSvc - ok
11:22:27.0681 4460 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:22:27.0681 4460 WPDBusEnum - ok
11:22:27.0712 4460 [ 1D98E69903BC3A2D8383696DD701B679 ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
11:22:27.0712 4460 WPS - ok
11:22:27.0759 4460 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
11:22:27.0759 4460 WpsHelper - ok
11:22:27.0805 4460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:22:27.0805 4460 ws2ifsl - ok
11:22:27.0821 4460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:22:27.0821 4460 wscsvc - ok
11:22:27.0837 4460 WSearch - ok
11:22:27.0915 4460 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:22:27.0930 4460 wuauserv - ok
11:22:27.0993 4460 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:22:27.0993 4460 WudfPf - ok
11:22:28.0024 4460 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:22:28.0024 4460 WUDFRd - ok
11:22:28.0071 4460 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:22:28.0071 4460 wudfsvc - ok
11:22:28.0102 4460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:22:28.0102 4460 WwanSvc - ok
11:22:28.0133 4460 ================ Scan global ===============================
11:22:28.0164 4460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:22:28.0195 4460 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:22:28.0211 4460 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:22:28.0258 4460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:22:28.0305 4460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:22:28.0305 4460 [Global] - ok
11:22:28.0320 4460 ================ Scan MBR ==================================
11:22:28.0336 4460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:22:28.0648 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:22:28.0648 4460 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:22:28.0648 4460 ================ Scan VBR ==================================
11:22:28.0663 4460 [ 431C779E5D6E8DBDADEE230B4C6A86F9 ] \Device\Harddisk0\DR0\Partition1
11:22:28.0663 4460 \Device\Harddisk0\DR0\Partition1 - ok
11:22:28.0663 4460 ============================================================
11:22:28.0663 4460 Scan finished
11:22:28.0663 4460 ============================================================
11:22:28.0679 5076 Detected object count: 2
11:22:28.0679 5076 Actual detected object count: 2
11:22:48.0179 5076 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:22:48.0179 5076 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:22:48.0179 5076 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:22:48.0179 5076 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 11:26:33
-----------------------------
11:26:33.707 OS Version: Windows x64 6.1.7601 Service Pack 1
11:26:33.707 Number of processors: 2 586 0xF0D
11:26:33.707 ComputerName: EXTENSA UserName: David
11:26:34.767 Initialize success
11:27:28.844 AVAST engine defs: 12101100
11:27:52.837 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:27:52.853 Disk 0 Vendor: ST9250421AS SD13 Size: 238475MB BusType: 11
11:27:52.915 Disk 0 MBR read successfully
11:27:52.931 Disk 0 MBR scan
11:27:52.946 Disk 0 Windows 7 default MBR code
11:27:52.946 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
11:27:52.993 Disk 0 scanning C:\Windows\system32\drivers
11:28:10.294 Service scanning
11:28:46.064 Modules scanning
11:28:46.080 Disk 0 trace - called modules:
11:28:46.096 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a012c0]<<spnx.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:28:46.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d00660]
11:28:46.111 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004b4f040]
11:28:46.127 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b4c680]
11:28:46.127 \Driver\atapi[0xfffffa8004b4a060] -> IRP_MJ_CREATE -> 0xfffffa8004a012c0
11:28:47.094 AVAST engine scan C:\Windows
11:28:49.777 AVAST engine scan C:\Windows\system32
11:34:27.221 AVAST engine scan C:\Windows\system32\drivers
11:34:47.564 AVAST engine scan C:\Users\David
11:45:27.337 File: C:\Users\David\AppData\Local\Temp\5226.tmp **INFECTED** Win32:Alureon-AXN [Trj]
11:45:51.158 File: C:\Users\David\AppData\Local\Temp\is1774899824\installer.volonet.playbryte-fa.exe **INFECTED** Win32:Malware-gen
12:03:17.327 AVAST engine scan C:\ProgramData
12:08:34.382 Scan finished successfully
12:11:32.550 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
12:11:32.566 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

ESET Log:

C:\Documents and Settings\All Users\Microsoft\Windows\DRM\50DC.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Microsoft\Windows\DRM\50ED.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\Documents and Settings\David\AppData\Local\Application Data\Temp\5226.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\Documents and Settings\David\AppData\Local\Application Data\Temp\BI_RunOnce.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Documents and Settings\David\AppData\Local\Application Data\Temp\is1774899824\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\David\Documents\Desktop\Wintoflash_downloader_by_betterinstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.10.2012_11.04.18\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 11 October 2012 - 04:59 PM

Run TDSSkiller again and select DELETE

11:22:48.0179 5076 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 RocketMann

RocketMann
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 12 October 2012 - 12:30 AM

MalwareBytes Log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: EXTENSA [administrator]

Protection: Enabled

10/11/2012 3:42:14 PM
mbam-log-2012-10-11 (15-42-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 481293
Time elapsed: 1 hour(s), 42 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\TDSSKiller_Quarantine\11.10.2012_15.25.50\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\is1774899824\installer.volonet.playbryte-fa.exe (PUP.PlayBryte) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Test\Favorites\Free Porn Tube Movies, Porno Pics & Upload XXX Sex Videos - KeezMovies.com.url (Rogue.Link) -> Quarantined and deleted successfully.

(end)


MiniToolBox Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 11-10-2012 at 21:54:40
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

192.168.1.2 server.mcsew2k.local



========================= IP Configuration: ================================

Ralink 802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : EXTENSA
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Ralink 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-24-2B-51-5C-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, October 11, 2012 9:46:11 PM
Lease Expires . . . . . . . . . . : Friday, October 12, 2012 9:46:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.238.64.12
Primary WINS Server . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1E-EC-D8-22-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:34f5:dce:3f57:fef0(Preferred)
Link-local IPv6 Address . . . . . : fe80::34f5:dce:3f57:fef0%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6404889A-D609-4E13-8DF9-E612A76A835F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:4007:800::1007
74.125.239.8
74.125.239.4
74.125.239.0
74.125.239.5
74.125.239.14
74.125.239.2
74.125.239.7
74.125.239.9
74.125.239.1
74.125.239.3
74.125.239.6


Pinging google.com [74.125.224.238] with 32 bytes of data:
Reply from 74.125.224.238: bytes=32 time=18ms TTL=252
Reply from 74.125.224.238: bytes=32 time=13ms TTL=252

Ping statistics for 74.125.224.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 18ms, Average = 15ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=139ms TTL=49
Reply from 98.139.183.24: bytes=32 time=135ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 135ms, Maximum = 139ms, Average = 137ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 10ms, Average = 8ms
===========================================================================
Interface List
11...00 24 2b 51 5c e2 ......Ralink 802.11n Wireless LAN Card
10...00 1e ec d8 22 17 ......Broadcom NetXtreme Gigabit Ethernet
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.15 281
192.168.1.15 255.255.255.255 On-link 192.168.1.15 281
192.168.1.255 255.255.255.255 On-link 192.168.1.15 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.15 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.15 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:9d38:953c:34f5:dce:3f57:fef0/128
On-link
20 306 fe80::/64 On-link
20 306 fe80::34f5:dce:3f57:fef0/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/11/2012 05:57:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 05:57:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 05:51:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 00:14:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 00:14:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 00:14:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 00:14:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 00:14:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/11/2012 11:50:08 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.ADH.2 in File: C:\Users\David\AppData\Local\Temp\av41372.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error: (10/11/2012 11:48:33 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.ADH.2 in File: C:\Users\David\AppData\Local\Temp\Vid-Saver-ppi-US.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.


System errors:
=============
Error: (10/11/2012 09:45:14 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (10/11/2012 10:49:04 AM) (Source: DCOM) (User: EXTENSA)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}EXTENSADavidS-1-5-21-2131881300-838251891-169276321-1000LocalHost (Using LRPC)

Error: (10/11/2012 10:49:03 AM) (Source: DCOM) (User: EXTENSA)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}EXTENSADavidS-1-5-21-2131881300-838251891-169276321-1000LocalHost (Using LRPC)

Error: (10/11/2012 08:12:54 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (10/11/2012 01:50:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.

Error: (10/11/2012 01:42:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error: (10/11/2012 01:31:41 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ActivCard ActivCard USB Reader V2 0GET_STATEXX XX XX XX

Error: (10/11/2012 01:31:41 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ActivCard ActivCard USB Reader V2 0GET_STATEXX XX XX XX

Error: (10/11/2012 00:21:32 AM) (Source: DCOM) (User: EXTENSA)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}EXTENSADavidS-1-5-21-2131881300-838251891-169276321-1000LocalHost (Using LRPC)

Error: (10/11/2012 00:21:32 AM) (Source: DCOM) (User: EXTENSA)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}EXTENSADavidS-1-5-21-2131881300-838251891-169276321-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ActivClient CAC x64 (Version: 6.2)
Adobe AIR (Version: 2.0.3.13070)
Adobe Connect Add-in
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe SVG Viewer 3.0 (Version: 3.0)
Alarm Clock version 1.0 (Version: 1.0)
AnyClient 4.3.0.60 (Version: 4.3.0.60)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ASUS RT-N16 Wireless Router Utilities (Version: 4.1.3.5)
Audacity 1.3.13 (Unicode)
BitPim 1.0.7 (Version: 1.0.7)
Cisco AnyConnect VPN Client (Version: 2.5.3055)
Citrix online plug-in - web (Version: 12.0.0.6410)
Citrix online plug-in (DV) (Version: 12.0.0.6410)
Citrix online plug-in (HDX) (Version: 12.0.0.6410)
Citrix online plug-in (USB) (Version: 12.0.0.6410)
Citrix online plug-in (Web) (Version: 12.0.0.6410)
Consolas Font Family (Version: 1.00.0000)
CORE 8 University (Version: 8.0.6)
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
DAEMON Tools Toolbar (Version: 1.1.2.0185)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Installer x64 (Version: 2.2)
Dropbox (Version: 1.4.17)
ESET Online Scanner v3
Final Media Player 2011
Google Chrome (Version: 22.0.1229.94)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
HP USB Disk Storage Format Tool
HyperTerminal Private Edition v7.0
Indeo® software
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Internet TV for Windows Media Center (Version: 4.2.2.0)
IrfanView (remove only) (Version: 4.30)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
LEGO MINDSTORMS NXT - English Language Pack (Version: 2.0.100.0)
LEGO MINDSTORMS NXT Driver for x64 (Version: 1.17.770)
LEGO MINDSTORMS NXT Migration Package (Version: 1.2.8.0)
LEGO MINDSTORMS NXT Patch v2.0f3 (Version: 2.0.10.0)
LEGO MINDSTORMS NXT Software v2.0 (Version: 2.0.108.0)
LG United Mobile Driver (Version: 3.2.1.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Money 2004 (Version: 12.0.125)
Microsoft Money 2004 System Pack (Version: 12.0.120)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 (Version: 2.0.6362.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft S/MIME (Version: 14.1.218.12)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 3.1 - CE (Version: 3.10.050)
PrimoPDF (Version: 4.1.0.9)
QuickTime (Version: 7.72.80.56)
RealDownloader (Version: 1.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
SmartSound Quicktracks Plugin (Version: 3.0.2.6)
Stellarium 0.11.4 (Version: 0.11.4)
Symantec Endpoint Protection (Version: 11.0.6000.550)
Ulead DVD DiskRecorder 2.1.1
Ulead VideoStudio 9.0 SE DVD (Version: 9.0 SE)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (Version: 1)
VC Runtimes MSI (Version: 9.0.21022)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 4028.02 MB
Available physical RAM: 2541.98 MB
Total Pagefile: 8054.22 MB
Available Pagefile: 6416.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:77.29 GB) NTFS

========================= Users: ========================================

User accounts for \\EXTENSA

Administrator David Guest
Temp Test

========================= Restore Points ==================================


**** End of log ****

FSS Log:

Farbar Service Scanner Version: 07-10-2012
Ran by David (administrator) on 11-10-2012 at 21:57:36
Running from "C:\Users\David\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 08:15] - [2012-06-01 22:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwareCleaner Log:

# AdwCleaner v2.004 - Logfile created 10/11/2012 at 21:58:46
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : David - EXTENSA
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\David\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\David\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Temp\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13200 octets] - [11/10/2012 21:58:46]

########## EOF - C:\AdwCleaner[S1].txt - [13261 octets] ##########


JRT Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.4.5 (10.11.2012)
OS: Windows 7 Professional x64
Ran by David on Thu 10/11/2012 at 22:04:47.17
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\stats\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [KEY] "hkey_current_user\software\incredimail"
Successfully deleted: [KEY] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2131881300-838251891-169276321-1000\software\web assistant"



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 10/11/2012 at 22:22:50.45
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 12 October 2012 - 05:37 AM

Run malwarebytes again and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 RocketMann

RocketMann
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 12 October 2012 - 11:51 AM

MalwareBytes Log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: EXTENSA [administrator]

Protection: Enabled

10/12/2012 7:57:07 AM
mbam-log-2012-10-12 (07-57-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 481890
Time elapsed: 1 hour(s), 44 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RKill Log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 09:45:09 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\David\Desktop\rkill\rkill-10-12-2012-09-45-13.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

192.168.1.2 server.mcsew2k.local

Program finished at: 10/12/2012 09:45:29 AM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)

Autoruns Log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "accrdsub" "ActivIdentity card event handler" "ActivIdentity" "c:\program files\actividentity\activclient\accrdsub.exe"
+ "acevents" "ActivIdentity Event Service" "ActivIdentity" "c:\program files\actividentity\activclient\acevents.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\bcssync.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccapp.exe"
+ "ConnectionCenter" "Citrix online plug-in Connection Center" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\concentr.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\update\realsched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "ActivClient Agent.lnk" "ActivClient Agent" "ActivIdentity" "c:\program files\actividentity\activclient\acsagent.exe"
"C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe"
+ "Microsoft SharePoint Workspace.lnk" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onenotem.exe"
+ "VPN Connection - Shortcut.lnk" "" "" "c:\users\david\appdata\roaming\microsoft\windows\start menu\programs\startup\vpn connection - shortcut.lnk"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DAEMON Tools Lite" "DAEMON Tools Lite" "DT Soft Ltd" "c:\program files (x86)\daemon tools lite\dtlite.exe"
+ "MoneyAgent" "Microsoft Money Express" "Microsoft Corp." "c:\program files (x86)\microsoft money\system\mnyexpr.exe"
+ "OfficeSyncProcess" "Microsoft Office Document Cache" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\msosync.exe"
+ "PhotoShow Deluxe Media Manager" "" "" "File not found: C:\PROGRA~2\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe"
+ "SpeedTestPro" "" "" "File not found: C:\Program Files\SpeedTestPro\SpeedTestPro.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\david\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealDownloader" "c:\program files (x86)\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Final Media Player Update Checker" "Bitberry Software Update Checker" "Bitberry Software" "c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\RealDownloaderDownloaderScheduledTaskS-1-5-21-2131881300-838251891-169276321-1000" "RealDownloader" "RealNetworks, Inc." "c:\program files (x86)\realnetworks\realdownloader\recordingmanager.exe"
+ "\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2131881300-838251891-169276321-1000" "RealUpgrade" "RealNetworks, Inc." "c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe"
+ "\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2131881300-838251891-169276321-1000" "RealUpgrade" "RealNetworks, Inc." "c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-2131881300-838251891-169276321-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-2131881300-838251891-169276321-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files (x86)\real\realupgrade\realupgrade.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sidebar.exe"
+ "\{1B3C12B2-31B0-4866-B9FD-18F2E21DB1DC}" "" "" "File not found: G:\Vonage\autodown.exe"
+ "\{24CA8910-1B6E-43E3-89BF-83EA25BA2200}" "" "" "File not found: C:\Users\David\Documents\IBM\Zip\Temp\dosdrvr.exe"
+ "\{5A76C712-02AA-4C9C-B596-AA73278C8CE4}" "" "" "File not found: C:\Users\David\Documents\IBM\Zip\Temp\dosdrvr.exe"
+ "\{76D842A1-2096-4923-83F6-4D8FAF66C0F5}" "" "" "File not found: C:\Users\David\Documents\IBM\Zip\Temp\dosdrvr.exe"
+ "\{E284DABE-F903-487A-BCCF-2F75CB8443B4}" "" "" "File not found: C:\Users\David\Documents\IBM\Zip\Temp\dosdrvr.exe"
+ "\{EBC9A26B-09F4-4209-9C9B-BB10F9980FC6}" "" "" "File not found: C:\Users\David\Documents\IBM\Zip\Temp\dosdrvr.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ac.sharedstore" "Provide access to the shared store. If this service is stopped or disabled, ActivIdentity products will not function properly." "ActivIdentity" "c:\program files\common files\actividentity\ac.sharedstore.exe"
+ "acautoupdate" "Enables the download and installation of ActivClient updates. If this service is stopped or disabled, Software Auto-Update will not be available." "ActivIdentity" "c:\program files\actividentity\activclient\acautoup.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\lucomserver_3_3.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "MSSQL$SQLEXPRESS" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RealNetworks Downloader Resolver Service" "Manage different Downloader versions in RealNetworks' products." "" "c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe"
+ "SmcService" "Protects computers from malicious access and enforces security policies." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\smc.exe"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\rtvscan.exe"
+ "UleadBurningHelper" "ULCDRSvr" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\dvd\ulcdrsvr.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "A191_x64" "Trident Video USB Driver" "Trident Multimedia Technologies Co.,Ltd" "c:\windows\system32\drivers\a191_x64.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "JMCR" "JMicron PCIe Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20121011.018\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20121011.018\ex64.sys"
+ "netr28x" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28x.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PcaSp60" "Rawether NDIS 6.X SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\drivers\pcasp60.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "S3XXx64" "PC-SC CCID Driver for SCR3xx USB Smart Card Reader" "SCM Microsystems Inc." "c:\windows\system32\drivers\s3xxx64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Ser2pl" "USB-to-Serial Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\ser2pl64.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "sptd" "SCSI Pass Through Direct Host" "Duplex Secure Ltd." "c:\windows\system32\drivers\sptd.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp64.sys"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx64.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "Teefer2" "Symantec CMC Firewall Teefer2" "Symantec Corporation" "c:\windows\system32\drivers\teefer2.sys"
+ "usbbus" "LG CDMA USB Multi function Driver" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64bus.sys"
+ "UsbDiag" "LGE CDMA USB Serial Port" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64diag.sys"
+ "USBModem" "LGE CDMA Modem Support" "LG Electronics Inc." "c:\windows\system32\drivers\lgx64modem.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva64.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WPS" "Symantec CMC Firewall WPS" "Symantec Corporation" "c:\windows\system32\drivers\wpsdrvnt.sys"
+ "WpsHelper" "Symantec Intrusion Detection - WpsHelper" "Symantec Corporation" "c:\windows\system32\drivers\wpshelper.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\vio\dvacm.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.mpegacm" "Ulead MPEG1 Layer2 Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\mpegacm.acm"
+ "msacm.ulmp3acm" "Ulead MP3 codec engine" "Ulead systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmp3acm.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.iv31" "" "Intel® Corporation" "c:\windows\syswow64\ir32_32.dll"
+ "vidc.iv32" "" "Intel® Corporation" "c:\windows\syswow64\ir32_32.dll"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "vidc.yvu9" "" "" "c:\windows\syswow64\iyvu9_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\syswow64\ir41_32.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Dib Output" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dibreceive.ax"
+ "DV ACM V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\syswow64\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\syswow64\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\syswow64\ir50_32.dll"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\mainconcept\mcesmpeg.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\030625\mvvanalyse.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SmartSound SDS Reader" "SDS Media File Reader Filter" "SmartSound Software Inc." "c:\program files (x86)\smartsound software\quicktracks\sdsreader.dll"
+ "SmartSound Soundtrack" "Quicktracks Soundtrack source filter" "SmartSound Software Inc." "c:\program files (x86)\smartsound software\quicktracks\directqx.dll"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead LPCM Audio Encoder" "LPCM Audio Encoder" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulpcmpeg.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Audio Encoder" "DS MPEG Audio Encoder" "Ulead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uleampeg.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead Video De-Interlace Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\deinterlace.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "ScCertProp" "" "" "File not found: wlnotify.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "none" "" "" "File not found: none"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP190 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9i.dll"
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\snacnp64.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 12 October 2012 - 12:55 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 RocketMann

RocketMann
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 13 October 2012 - 02:20 AM

Thank you very much! Computer is running much better now.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 13 October 2012 - 07:47 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users