Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

( Rootkit.Boot.Pihar.c )


  • Please log in to reply
11 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 28 October 2012 - 07:16 PM

Friends sons laptop acting strangley. Rebooting and not letting him on the internet. Getting ready to head into work so I ran tdsskiller since it is quick.

Here is what tdsskiller found in safe mode:

16:52:52.0668 1768 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:52:53.0307 1768 ============================================================
16:52:53.0307 1768 Current date / time: 2012/10/28 16:52:53.0307
16:52:53.0307 1768 SystemInfo:
16:52:53.0307 1768
16:52:53.0307 1768 OS Version: 6.0.6002 ServicePack: 2.0
16:52:53.0307 1768 Product type: Workstation
16:52:53.0307 1768 ComputerName: HOMEPC
16:52:53.0307 1768 UserName: Bryce
16:52:53.0307 1768 Windows directory: C:\Windows
16:52:53.0307 1768 System windows directory: C:\Windows
16:52:53.0307 1768 Processor architecture: Intel x86
16:52:53.0307 1768 Number of processors: 1
16:52:53.0307 1768 Page size: 0x1000
16:52:53.0307 1768 Boot type: Safe boot with network
16:52:53.0307 1768 ============================================================
16:52:54.0618 1768 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:54.0618 1768 ============================================================
16:52:54.0618 1768 \Device\Harddisk0\DR0:
16:52:54.0618 1768 MBR partitions:
16:52:54.0618 1768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
16:52:54.0618 1768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0xCBF89EB
16:52:54.0618 1768 ============================================================
16:52:54.0649 1768 C: <-> \Device\Harddisk0\DR0\Partition2
16:52:54.0680 1768 D: <-> \Device\Harddisk0\DR0\Partition1
16:52:54.0680 1768 ============================================================
16:52:54.0680 1768 Initialize success
16:52:54.0680 1768 ============================================================
16:53:03.0042 0256 ============================================================
16:53:03.0042 0256 Scan started
16:53:03.0042 0256 Mode: Manual; TDLFS;
16:53:03.0042 0256 ============================================================
16:53:03.0837 0256 ================ Scan system memory ========================
16:53:03.0837 0256 System memory - ok
16:53:03.0837 0256 ================ Scan services =============================
16:53:04.0009 0256 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:53:04.0024 0256 ACPI - ok
16:53:04.0134 0256 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:04.0134 0256 AdobeARMservice - ok
16:53:04.0196 0256 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:53:04.0196 0256 adp94xx - ok
16:53:04.0243 0256 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:53:04.0243 0256 adpahci - ok
16:53:04.0274 0256 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:53:04.0290 0256 adpu160m - ok
16:53:04.0305 0256 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:53:04.0305 0256 adpu320 - ok
16:53:04.0368 0256 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:53:04.0368 0256 AeLookupSvc - ok
16:53:04.0414 0256 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:53:04.0414 0256 AFD - ok
16:53:04.0461 0256 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:53:04.0461 0256 agp440 - ok
16:53:04.0508 0256 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:53:04.0524 0256 aic78xx - ok
16:53:04.0555 0256 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:53:04.0555 0256 ALG - ok
16:53:04.0570 0256 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:53:04.0570 0256 aliide - ok
16:53:04.0602 0256 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:53:04.0617 0256 amdagp - ok
16:53:04.0633 0256 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:53:04.0633 0256 amdide - ok
16:53:04.0648 0256 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:53:04.0664 0256 AmdK7 - ok
16:53:04.0680 0256 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:53:04.0680 0256 AmdK8 - ok
16:53:04.0789 0256 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:53:04.0789 0256 ApfiltrService - ok
16:53:04.0882 0256 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:53:04.0898 0256 Appinfo - ok
16:53:05.0132 0256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:53:05.0148 0256 Apple Mobile Device - ok
16:53:05.0226 0256 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:53:05.0257 0256 arc - ok
16:53:05.0319 0256 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:53:05.0350 0256 arcsas - ok
16:53:05.0397 0256 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:05.0397 0256 AsyncMac - ok
16:53:05.0444 0256 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:53:05.0444 0256 atapi - ok
16:53:05.0709 0256 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
16:53:05.0896 0256 athr - ok
16:53:06.0037 0256 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:53:06.0068 0256 AudioEndpointBuilder - ok
16:53:06.0084 0256 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:53:06.0084 0256 Audiosrv - ok
16:53:06.0193 0256 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:53:06.0208 0256 BBSvc - ok
16:53:06.0255 0256 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:53:06.0255 0256 Beep - ok
16:53:06.0302 0256 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:53:06.0333 0256 BFE - ok
16:53:06.0411 0256 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:53:06.0552 0256 BITS - ok
16:53:06.0567 0256 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:53:06.0567 0256 blbdrive - ok
16:53:06.0676 0256 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:53:06.0676 0256 Bonjour Service - ok
16:53:06.0708 0256 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:53:06.0708 0256 bowser - ok
16:53:06.0754 0256 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:53:06.0754 0256 BrFiltLo - ok
16:53:06.0770 0256 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:53:06.0786 0256 BrFiltUp - ok
16:53:06.0817 0256 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:53:06.0817 0256 Browser - ok
16:53:06.0832 0256 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:53:06.0848 0256 Brserid - ok
16:53:06.0864 0256 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:53:06.0879 0256 BrSerWdm - ok
16:53:06.0895 0256 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:53:06.0895 0256 BrUsbMdm - ok
16:53:06.0926 0256 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:53:06.0926 0256 BrUsbSer - ok
16:53:06.0957 0256 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:53:06.0957 0256 BTHMODEM - ok
16:53:07.0004 0256 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:53:07.0004 0256 cdfs - ok
16:53:07.0035 0256 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:53:07.0035 0256 cdrom - ok
16:53:07.0082 0256 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:53:07.0082 0256 CertPropSvc - ok
16:53:07.0160 0256 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:53:07.0160 0256 circlass - ok
16:53:07.0207 0256 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:53:07.0222 0256 CLFS - ok
16:53:07.0300 0256 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:07.0316 0256 clr_optimization_v2.0.50727_32 - ok
16:53:07.0441 0256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:07.0488 0256 clr_optimization_v4.0.30319_32 - ok
16:53:07.0550 0256 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:07.0550 0256 CmBatt - ok
16:53:07.0581 0256 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:53:07.0581 0256 cmdide - ok
16:53:07.0628 0256 [ 58BC03301EC3052F866532946BF51AD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:53:07.0644 0256 CnxtHdAudService - ok
16:53:07.0675 0256 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:53:07.0675 0256 Compbatt - ok
16:53:07.0675 0256 COMSysApp - ok
16:53:07.0690 0256 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:53:07.0690 0256 crcdisk - ok
16:53:07.0722 0256 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:53:07.0722 0256 Crusoe - ok
16:53:07.0784 0256 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:53:07.0784 0256 CryptSvc - ok
16:53:07.0846 0256 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:53:07.0862 0256 DcomLaunch - ok
16:53:07.0893 0256 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:53:07.0893 0256 DfsC - ok
16:53:07.0987 0256 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:53:08.0049 0256 DFSR - ok
16:53:08.0112 0256 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:53:08.0127 0256 Dhcp - ok
16:53:08.0143 0256 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:53:08.0143 0256 disk - ok
16:53:08.0190 0256 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:53:08.0190 0256 Dnscache - ok
16:53:08.0221 0256 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:53:08.0221 0256 dot3svc - ok
16:53:08.0268 0256 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:53:08.0268 0256 Dot4 - ok
16:53:08.0299 0256 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:53:08.0299 0256 Dot4Print - ok
16:53:08.0314 0256 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:53:08.0314 0256 dot4usb - ok
16:53:08.0408 0256 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:53:08.0408 0256 DPS - ok
16:53:08.0439 0256 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:53:08.0439 0256 drmkaud - ok
16:53:08.0502 0256 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:53:08.0533 0256 DXGKrnl - ok
16:53:08.0595 0256 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
16:53:08.0595 0256 e1express - ok
16:53:08.0626 0256 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:53:08.0642 0256 E1G60 - ok
16:53:08.0689 0256 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:53:08.0689 0256 EapHost - ok
16:53:08.0720 0256 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:53:08.0720 0256 Ecache - ok
16:53:08.0767 0256 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:53:08.0782 0256 elxstor - ok
16:53:08.0829 0256 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:53:08.0845 0256 EMDMgmt - ok
16:53:08.0876 0256 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:53:08.0876 0256 ErrDev - ok
16:53:08.0938 0256 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:53:08.0970 0256 EventSystem - ok
16:53:09.0001 0256 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:53:09.0001 0256 exfat - ok
16:53:09.0048 0256 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:53:09.0063 0256 fastfat - ok
16:53:09.0110 0256 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:53:09.0110 0256 fdc - ok
16:53:09.0141 0256 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:53:09.0141 0256 fdPHost - ok
16:53:09.0157 0256 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:53:09.0157 0256 FDResPub - ok
16:53:09.0172 0256 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:53:09.0172 0256 FileInfo - ok
16:53:09.0204 0256 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:53:09.0204 0256 Filetrace - ok
16:53:09.0219 0256 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:09.0219 0256 flpydisk - ok
16:53:09.0250 0256 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:53:09.0250 0256 FltMgr - ok
16:53:09.0328 0256 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:53:09.0360 0256 FontCache - ok
16:53:09.0453 0256 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:09.0453 0256 FontCache3.0.0.0 - ok
16:53:09.0484 0256 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:53:09.0484 0256 Fs_Rec - ok
16:53:09.0516 0256 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:53:09.0516 0256 gagp30kx - ok
16:53:09.0562 0256 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:53:09.0562 0256 GEARAspiWDM - ok
16:53:09.0625 0256 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
16:53:09.0625 0256 GoogleDesktopManager-051210-111108 - ok
16:53:09.0687 0256 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:53:09.0718 0256 gpsvc - ok
16:53:09.0812 0256 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98d7fe7a444c3 C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:09.0812 0256 gupdate1c98d7fe7a444c3 - ok
16:53:09.0859 0256 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:09.0859 0256 gupdatem - ok
16:53:09.0906 0256 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:09.0921 0256 gusvc - ok
16:53:09.0968 0256 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:09.0968 0256 HDAudBus - ok
16:53:10.0030 0256 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:53:10.0030 0256 HidBth - ok
16:53:10.0062 0256 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:53:10.0062 0256 HidIr - ok
16:53:10.0093 0256 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:53:10.0093 0256 hidserv - ok
16:53:10.0124 0256 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:53:10.0124 0256 HidUsb - ok
16:53:10.0155 0256 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:53:10.0171 0256 hkmsvc - ok
16:53:10.0186 0256 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:53:10.0186 0256 HpCISSs - ok
16:53:10.0249 0256 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:53:10.0280 0256 HSF_DPV - ok
16:53:10.0296 0256 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:53:10.0311 0256 HSXHWAZL - ok
16:53:10.0358 0256 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:53:10.0358 0256 HTTP - ok
16:53:10.0389 0256 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:53:10.0389 0256 i2omp - ok
16:53:10.0467 0256 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:10.0467 0256 i8042prt - ok
16:53:10.0498 0256 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:53:10.0514 0256 iaStorV - ok
16:53:10.0592 0256 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:10.0623 0256 idsvc - ok
16:53:10.0732 0256 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:53:10.0795 0256 igfx - ok
16:53:10.0810 0256 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:53:10.0810 0256 iirsp - ok
16:53:10.0873 0256 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:53:10.0873 0256 IKEEXT - ok
16:53:10.0920 0256 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:53:10.0920 0256 intelide - ok
16:53:10.0935 0256 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:53:10.0935 0256 intelppm - ok
16:53:10.0998 0256 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:53:10.0998 0256 IPBusEnum - ok
16:53:11.0029 0256 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:11.0029 0256 IpFilterDriver - ok
16:53:11.0060 0256 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:53:11.0060 0256 iphlpsvc - ok
16:53:11.0076 0256 IpInIp - ok
16:53:11.0107 0256 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:53:11.0122 0256 IPMIDRV - ok
16:53:11.0138 0256 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:53:11.0138 0256 IPNAT - ok
16:53:11.0216 0256 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:53:11.0232 0256 iPod Service - ok
16:53:11.0263 0256 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:53:11.0263 0256 IRENUM - ok
16:53:11.0294 0256 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:53:11.0294 0256 isapnp - ok
16:53:11.0325 0256 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:53:11.0341 0256 iScsiPrt - ok
16:53:11.0356 0256 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:53:11.0356 0256 iteatapi - ok
16:53:11.0372 0256 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:53:11.0372 0256 iteraid - ok
16:53:11.0403 0256 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:11.0403 0256 kbdclass - ok
16:53:11.0466 0256 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:11.0466 0256 kbdhid - ok
16:53:11.0497 0256 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:53:11.0497 0256 KeyIso - ok
16:53:11.0559 0256 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:53:11.0559 0256 KSecDD - ok
16:53:11.0637 0256 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:53:11.0653 0256 KtmRm - ok
16:53:11.0684 0256 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:53:11.0715 0256 LanmanServer - ok
16:53:11.0746 0256 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:53:11.0778 0256 LanmanWorkstation - ok
16:53:11.0809 0256 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:53:11.0824 0256 lltdio - ok
16:53:11.0871 0256 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:53:11.0871 0256 lltdsvc - ok
16:53:11.0902 0256 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:53:11.0902 0256 lmhosts - ok
16:53:11.0949 0256 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:53:11.0949 0256 LSI_FC - ok
16:53:11.0996 0256 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:53:11.0996 0256 LSI_SAS - ok
16:53:12.0043 0256 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:53:12.0043 0256 LSI_SCSI - ok
16:53:12.0058 0256 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:53:12.0058 0256 luafv - ok
16:53:12.0121 0256 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
16:53:12.0121 0256 MBAMSwissArmy - ok
16:53:12.0152 0256 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:53:12.0152 0256 mdmxsdk - ok
16:53:12.0183 0256 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:53:12.0183 0256 megasas - ok
16:53:12.0214 0256 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:53:12.0230 0256 MegaSR - ok
16:53:12.0277 0256 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:53:12.0277 0256 MMCSS - ok
16:53:12.0308 0256 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:53:12.0308 0256 Modem - ok
16:53:12.0339 0256 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:53:12.0339 0256 monitor - ok
16:53:12.0370 0256 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:53:12.0370 0256 mouclass - ok
16:53:12.0386 0256 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:53:12.0386 0256 mouhid - ok
16:53:12.0417 0256 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:53:12.0417 0256 MountMgr - ok
16:53:12.0480 0256 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:53:12.0480 0256 MpFilter - ok
16:53:12.0526 0256 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:53:12.0526 0256 mpio - ok
16:53:12.0667 0256 [ A69630D039C38018689190234F866D77 ] MpKsl35979285 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl35979285.sys
16:53:12.0667 0256 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl35979285.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
16:53:12.0667 0256 MpKsl35979285 ( ForgedFile.Multi.Generic ) - warning
16:53:12.0667 0256 MpKsl35979285 - detected ForgedFile.Multi.Generic (1)
16:53:12.0729 0256 [ A69630D039C38018689190234F866D77 ] MpKsl8aaf85ae C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl8aaf85ae.sys
16:53:12.0729 0256 MpKsl8aaf85ae - ok
16:53:12.0760 0256 [ A69630D039C38018689190234F866D77 ] MpKsldfa6aa49 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsldfa6aa49.sys
16:53:12.0760 0256 MpKsldfa6aa49 - ok
16:53:12.0792 0256 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:53:12.0792 0256 mpsdrv - ok
16:53:12.0854 0256 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:53:12.0854 0256 MpsSvc - ok
16:53:12.0885 0256 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:53:12.0885 0256 Mraid35x - ok
16:53:12.0916 0256 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:53:12.0916 0256 MRxDAV - ok
16:53:12.0963 0256 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:12.0963 0256 mrxsmb - ok
16:53:13.0010 0256 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:13.0010 0256 mrxsmb10 - ok
16:53:13.0057 0256 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:13.0057 0256 mrxsmb20 - ok
16:53:13.0088 0256 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
16:53:13.0088 0256 msahci - ok
16:53:13.0119 0256 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:53:13.0119 0256 msdsm - ok
16:53:13.0135 0256 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:53:13.0150 0256 MSDTC - ok
16:53:13.0182 0256 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:53:13.0182 0256 Msfs - ok
16:53:13.0228 0256 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:53:13.0244 0256 msisadrv - ok
16:53:13.0275 0256 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:53:13.0275 0256 MSiSCSI - ok
16:53:13.0291 0256 msiserver - ok
16:53:13.0322 0256 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:53:13.0322 0256 MSKSSRV - ok
16:53:13.0400 0256 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:53:13.0400 0256 MsMpSvc - ok
16:53:13.0416 0256 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:13.0416 0256 MSPCLOCK - ok
16:53:13.0447 0256 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:53:13.0447 0256 MSPQM - ok
16:53:13.0478 0256 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:53:13.0494 0256 MsRPC - ok
16:53:13.0525 0256 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:53:13.0525 0256 mssmbios - ok
16:53:13.0540 0256 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:53:13.0540 0256 MSTEE - ok
16:53:13.0572 0256 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:53:13.0572 0256 Mup - ok
16:53:13.0603 0256 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:53:13.0603 0256 napagent - ok
16:53:13.0650 0256 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:53:13.0650 0256 NativeWifiP - ok
16:53:13.0696 0256 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:53:13.0712 0256 NDIS - ok
16:53:13.0728 0256 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:13.0728 0256 NdisTapi - ok
16:53:13.0743 0256 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:13.0743 0256 Ndisuio - ok
16:53:13.0774 0256 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:13.0790 0256 NdisWan - ok
16:53:13.0806 0256 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:53:13.0806 0256 NDProxy - ok
16:53:13.0821 0256 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:53:13.0821 0256 NetBIOS - ok
16:53:13.0852 0256 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:53:13.0852 0256 netbt - ok
16:53:13.0868 0256 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:53:13.0884 0256 Netlogon - ok
16:53:13.0915 0256 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:53:13.0930 0256 Netman - ok
16:53:13.0946 0256 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:53:13.0962 0256 netprofm - ok
16:53:13.0977 0256 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:53:13.0993 0256 NetTcpPortSharing - ok
16:53:14.0024 0256 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:53:14.0024 0256 nfrd960 - ok
16:53:14.0071 0256 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:53:14.0071 0256 NisDrv - ok
16:53:14.0118 0256 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:53:14.0118 0256 NisSrv - ok
16:53:14.0149 0256 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:53:14.0149 0256 NlaSvc - ok
16:53:14.0180 0256 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:53:14.0180 0256 Npfs - ok
16:53:14.0227 0256 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:53:14.0227 0256 nsi - ok
16:53:14.0242 0256 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:53:14.0242 0256 nsiproxy - ok
16:53:14.0320 0256 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:53:14.0367 0256 Ntfs - ok
16:53:14.0383 0256 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:53:14.0383 0256 ntrigdigi - ok
16:53:14.0414 0256 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:53:14.0414 0256 Null - ok
16:53:14.0430 0256 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:53:14.0445 0256 nvraid - ok
16:53:14.0476 0256 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:53:14.0476 0256 nvstor - ok
16:53:14.0508 0256 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:53:14.0523 0256 nv_agp - ok
16:53:14.0523 0256 NwlnkFlt - ok
16:53:14.0539 0256 NwlnkFwd - ok
16:53:14.0570 0256 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:53:14.0570 0256 ohci1394 - ok
16:53:14.0632 0256 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:53:14.0664 0256 p2pimsvc - ok
16:53:14.0679 0256 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:53:14.0679 0256 p2psvc - ok
16:53:14.0710 0256 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:53:14.0710 0256 Parport - ok
16:53:14.0742 0256 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:53:14.0742 0256 partmgr - ok
16:53:14.0788 0256 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:53:14.0788 0256 Parvdm - ok
16:53:14.0804 0256 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:53:14.0820 0256 PcaSvc - ok
16:53:14.0851 0256 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:53:14.0866 0256 pci - ok
16:53:14.0913 0256 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:53:14.0913 0256 pciide - ok
16:53:14.0960 0256 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:14.0960 0256 pcmcia - ok
16:53:15.0022 0256 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:53:15.0054 0256 PEAUTH - ok
16:53:15.0147 0256 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:53:15.0194 0256 pla - ok
16:53:15.0241 0256 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:53:15.0241 0256 PlugPlay - ok
16:53:15.0288 0256 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:53:15.0288 0256 PNRPAutoReg - ok
16:53:15.0319 0256 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:53:15.0334 0256 PNRPsvc - ok
16:53:15.0366 0256 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:53:15.0397 0256 PolicyAgent - ok
16:53:15.0412 0256 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:53:15.0412 0256 PptpMiniport - ok
16:53:15.0444 0256 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
16:53:15.0444 0256 Processor - ok
16:53:15.0475 0256 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:53:15.0490 0256 ProfSvc - ok
16:53:15.0506 0256 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:53:15.0506 0256 ProtectedStorage - ok
16:53:15.0568 0256 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:53:15.0568 0256 PSched - ok
16:53:15.0615 0256 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:53:15.0615 0256 PxHelp20 - ok
16:53:15.0678 0256 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:53:15.0724 0256 ql2300 - ok
16:53:15.0756 0256 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:53:15.0756 0256 ql40xx - ok
16:53:15.0802 0256 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:53:15.0802 0256 QWAVE - ok
16:53:15.0834 0256 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:53:15.0834 0256 QWAVEdrv - ok
16:53:15.0927 0256 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:15.0990 0256 R300 - ok
16:53:16.0021 0256 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:53:16.0021 0256 RasAcd - ok
16:53:16.0036 0256 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:53:16.0036 0256 RasAuto - ok
16:53:16.0083 0256 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:16.0083 0256 Rasl2tp - ok
16:53:16.0130 0256 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:53:16.0146 0256 RasMan - ok
16:53:16.0161 0256 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:16.0161 0256 RasPppoe - ok
16:53:16.0192 0256 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:53:16.0192 0256 RasSstp - ok
16:53:16.0224 0256 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:53:16.0239 0256 rdbss - ok
16:53:16.0270 0256 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:16.0270 0256 RDPCDD - ok
16:53:16.0302 0256 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:53:16.0317 0256 rdpdr - ok
16:53:16.0333 0256 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:53:16.0333 0256 RDPENCDD - ok
16:53:16.0380 0256 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:53:16.0380 0256 RDPWD - ok
16:53:16.0442 0256 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:53:16.0442 0256 RemoteAccess - ok
16:53:16.0458 0256 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:53:16.0473 0256 RemoteRegistry - ok
16:53:16.0489 0256 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:53:16.0489 0256 rimmptsk - ok
16:53:16.0536 0256 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\drivers\rimsptsk.sys
16:53:16.0551 0256 rimsptsk - ok
16:53:16.0567 0256 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\drivers\rixdptsk.sys
16:53:16.0582 0256 rismxdp - ok
16:53:16.0614 0256 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:53:16.0629 0256 RpcLocator - ok
16:53:16.0660 0256 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:53:16.0660 0256 RpcSs - ok
16:53:16.0707 0256 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:53:16.0707 0256 rspndr - ok
16:53:16.0770 0256 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:53:16.0785 0256 RTL8169 - ok
16:53:16.0785 0256 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:53:16.0785 0256 SamSs - ok
16:53:16.0816 0256 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:53:16.0816 0256 sbp2port - ok
16:53:16.0879 0256 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:53:16.0879 0256 SCardSvr - ok
16:53:16.0941 0256 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:53:16.0972 0256 Schedule - ok
16:53:16.0988 0256 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:53:16.0988 0256 SCPolicySvc - ok
16:53:17.0035 0256 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:53:17.0035 0256 sdbus - ok
16:53:17.0082 0256 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:53:17.0082 0256 SDRSVC - ok
16:53:17.0128 0256 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:53:17.0144 0256 SeaPort - ok
16:53:17.0175 0256 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:53:17.0175 0256 secdrv - ok
16:53:17.0206 0256 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:53:17.0206 0256 seclogon - ok
16:53:17.0238 0256 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:53:17.0238 0256 SENS - ok
16:53:17.0253 0256 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:53:17.0253 0256 Serenum - ok
16:53:17.0284 0256 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:53:17.0284 0256 Serial - ok
16:53:17.0300 0256 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:53:17.0300 0256 sermouse - ok
16:53:17.0362 0256 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:53:17.0362 0256 SessionEnv - ok
16:53:17.0394 0256 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:53:17.0394 0256 sffdisk - ok
16:53:17.0425 0256 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:53:17.0425 0256 sffp_mmc - ok
16:53:17.0456 0256 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:53:17.0456 0256 sffp_sd - ok
16:53:17.0487 0256 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:53:17.0487 0256 sfloppy - ok
16:53:17.0534 0256 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:53:17.0534 0256 SharedAccess - ok
16:53:17.0581 0256 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:53:17.0581 0256 ShellHWDetection - ok
16:53:17.0612 0256 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:53:17.0612 0256 sisagp - ok
16:53:17.0659 0256 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:53:17.0659 0256 SiSRaid2 - ok
16:53:17.0690 0256 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:53:17.0690 0256 SiSRaid4 - ok
16:53:17.0815 0256 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:53:17.0908 0256 slsvc - ok
16:53:17.0940 0256 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:53:17.0940 0256 SLUINotify - ok
16:53:17.0955 0256 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:53:17.0955 0256 Smb - ok
16:53:18.0018 0256 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:53:18.0018 0256 SNMPTRAP - ok
16:53:18.0033 0256 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:53:18.0033 0256 spldr - ok
16:53:18.0080 0256 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:53:18.0080 0256 Spooler - ok
16:53:18.0111 0256 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:53:18.0142 0256 srv - ok
16:53:18.0189 0256 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:53:18.0205 0256 srv2 - ok
16:53:18.0236 0256 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:53:18.0236 0256 srvnet - ok
16:53:18.0252 0256 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:53:18.0252 0256 SSDPSRV - ok
16:53:18.0298 0256 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:53:18.0298 0256 SstpSvc - ok
16:53:18.0345 0256 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:53:18.0345 0256 stisvc - ok
16:53:18.0408 0256 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:53:18.0408 0256 stllssvr - ok
16:53:18.0439 0256 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:53:18.0439 0256 swenum - ok
16:53:18.0486 0256 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:53:18.0501 0256 swprv - ok
16:53:18.0532 0256 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:53:18.0532 0256 Symc8xx - ok
16:53:18.0548 0256 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:53:18.0548 0256 Sym_hi - ok
16:53:18.0579 0256 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:53:18.0579 0256 Sym_u3 - ok
16:53:18.0642 0256 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:53:18.0673 0256 SysMain - ok
16:53:18.0704 0256 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:53:18.0704 0256 TabletInputService - ok
16:53:18.0751 0256 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:53:18.0766 0256 TapiSrv - ok
16:53:18.0782 0256 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:53:18.0782 0256 TBS - ok
16:53:18.0829 0256 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:53:18.0860 0256 Tcpip - ok
16:53:18.0891 0256 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:53:18.0891 0256 Tcpip6 - ok
16:53:18.0922 0256 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:53:18.0922 0256 tcpipreg - ok
16:53:18.0954 0256 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:53:18.0954 0256 TDPIPE - ok
16:53:18.0985 0256 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:53:18.0985 0256 TDTCP - ok
16:53:19.0032 0256 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:53:19.0032 0256 tdx - ok
16:53:19.0078 0256 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:53:19.0078 0256 TermDD - ok
16:53:19.0110 0256 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:53:19.0110 0256 TermService - ok
16:53:19.0156 0256 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:53:19.0156 0256 Themes - ok
16:53:19.0172 0256 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:53:19.0172 0256 THREADORDER - ok
16:53:19.0250 0256 [ 2E7315B147E524E055026E6634B14EA6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:53:19.0266 0256 TOSHIBA Bluetooth Service - ok
16:53:19.0297 0256 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\Windows\system32\drivers\toshidpt.sys
16:53:19.0297 0256 toshidpt - ok
16:53:19.0328 0256 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
16:53:19.0328 0256 tosporte - ok
16:53:19.0390 0256 [ E90ACE3B4FA7A85F992BC21EB779C407 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
16:53:19.0390 0256 Tosrfcom - ok
16:53:19.0422 0256 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:53:19.0437 0256 TrkWks - ok
16:53:19.0500 0256 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:53:19.0500 0256 TrustedInstaller - ok
16:53:19.0546 0256 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:19.0546 0256 tssecsrv - ok
16:53:19.0578 0256 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:53:19.0578 0256 tunmp - ok
16:53:19.0593 0256 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:53:19.0593 0256 tunnel - ok
16:53:19.0624 0256 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:53:19.0624 0256 uagp35 - ok
16:53:19.0671 0256 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:53:19.0687 0256 udfs - ok
16:53:19.0718 0256 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:53:19.0718 0256 UI0Detect - ok
16:53:19.0749 0256 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:53:19.0749 0256 uliagpkx - ok
16:53:19.0780 0256 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:53:19.0780 0256 uliahci - ok
16:53:19.0812 0256 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:53:19.0827 0256 UlSata - ok
16:53:19.0858 0256 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:53:19.0858 0256 ulsata2 - ok
16:53:19.0890 0256 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:53:19.0890 0256 umbus - ok
16:53:19.0936 0256 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:53:19.0952 0256 upnphost - ok
16:53:19.0999 0256 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:53:19.0999 0256 USBAAPL - ok
16:53:20.0046 0256 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:20.0046 0256 usbccgp - ok
16:53:20.0077 0256 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:53:20.0077 0256 usbcir - ok
16:53:20.0124 0256 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:53:20.0124 0256 usbehci - ok
16:53:20.0155 0256 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:53:20.0170 0256 usbhub - ok
16:53:20.0202 0256 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:53:20.0202 0256 usbohci - ok
16:53:20.0233 0256 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:53:20.0233 0256 usbprint - ok
16:53:20.0295 0256 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:53:20.0295 0256 usbscan - ok
16:53:20.0342 0256 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:20.0342 0256 USBSTOR - ok
16:53:20.0389 0256 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:53:20.0389 0256 usbuhci - ok
16:53:20.0420 0256 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:53:20.0420 0256 UxSms - ok
16:53:20.0482 0256 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:53:20.0482 0256 vds - ok
16:53:20.0514 0256 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:20.0514 0256 vga - ok
16:53:20.0545 0256 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:53:20.0545 0256 VgaSave - ok
16:53:20.0592 0256 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:53:20.0592 0256 viaagp - ok
16:53:20.0607 0256 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:53:20.0607 0256 ViaC7 - ok
16:53:20.0654 0256 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:53:20.0654 0256 viaide - ok
16:53:20.0685 0256 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:53:20.0685 0256 volmgr - ok
16:53:20.0732 0256 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:53:20.0732 0256 volmgrx - ok
16:53:20.0794 0256 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:53:20.0794 0256 volsnap - ok
16:53:20.0826 0256 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:53:20.0826 0256 vsmraid - ok
16:53:20.0888 0256 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:53:20.0919 0256 VSS - ok
16:53:20.0966 0256 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:53:20.0966 0256 W32Time - ok
16:53:20.0997 0256 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:53:20.0997 0256 WacomPen - ok
16:53:21.0013 0256 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:53:21.0028 0256 Wanarp - ok
16:53:21.0028 0256 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:53:21.0028 0256 Wanarpv6 - ok
16:53:21.0075 0256 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:53:21.0091 0256 wcncsvc - ok
16:53:21.0138 0256 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:53:21.0138 0256 WcsPlugInService - ok
16:53:21.0169 0256 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:53:21.0169 0256 Wd - ok
16:53:21.0216 0256 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:53:21.0216 0256 Wdf01000 - ok
16:53:21.0247 0256 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:53:21.0247 0256 WdiServiceHost - ok
16:53:21.0262 0256 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:53:21.0262 0256 WdiSystemHost - ok
16:53:21.0294 0256 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:53:21.0294 0256 WebClient - ok
16:53:21.0340 0256 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:53:21.0356 0256 Wecsvc - ok
16:53:21.0372 0256 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:53:21.0387 0256 wercplsupport - ok
16:53:21.0403 0256 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:53:21.0403 0256 WerSvc - ok
16:53:21.0450 0256 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:53:21.0465 0256 winachsf - ok
16:53:21.0543 0256 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:53:21.0543 0256 WinDefend - ok
16:53:21.0559 0256 WinHttpAutoProxySvc - ok
16:53:21.0621 0256 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:53:21.0621 0256 Winmgmt - ok
16:53:21.0730 0256 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:53:21.0762 0256 WinRM - ok
16:53:21.0808 0256 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:53:21.0824 0256 Wlansvc - ok
16:53:21.0933 0256 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:53:21.0980 0256 wlidsvc - ok
16:53:22.0027 0256 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:53:22.0027 0256 WmiAcpi - ok
16:53:22.0074 0256 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:53:22.0074 0256 wmiApSrv - ok
16:53:22.0152 0256 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:53:22.0198 0256 WMPNetworkSvc - ok
16:53:22.0214 0256 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:53:22.0214 0256 WPCSvc - ok
16:53:22.0261 0256 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:53:22.0261 0256 WPDBusEnum - ok
16:53:22.0292 0256 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:53:22.0292 0256 WpdUsb - ok
16:53:22.0401 0256 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:53:22.0417 0256 WPFFontCache_v0400 - ok
16:53:22.0448 0256 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:53:22.0448 0256 ws2ifsl - ok
16:53:22.0464 0256 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:53:22.0479 0256 wscsvc - ok
16:53:22.0479 0256 WSearch - ok
16:53:22.0588 0256 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:53:22.0635 0256 wuauserv - ok
16:53:22.0698 0256 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:22.0698 0256 WUDFRd - ok
16:53:22.0744 0256 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:53:22.0744 0256 wudfsvc - ok
16:53:22.0760 0256 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:53:22.0760 0256 XAudio - ok
16:53:22.0807 0256 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:53:22.0822 0256 XAudioService - ok
16:53:22.0838 0256 ================ Scan global ===============================
16:53:22.0885 0256 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:53:22.0932 0256 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:53:22.0963 0256 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:53:22.0994 0256 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:53:23.0010 0256 [Global] - ok
16:53:23.0010 0256 ================ Scan MBR ==================================
16:53:23.0010 0256 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
16:53:23.0010 0256 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:53:23.0041 0256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:53:23.0041 0256 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:53:23.0072 0256 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:53:23.0072 0256 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:53:23.0088 0256 ================ Scan VBR ==================================
16:53:23.0119 0256 [ A431838945CA4AEAD0B42711B8CA0E9B ] \Device\Harddisk0\DR0\Partition1
16:53:23.0119 0256 \Device\Harddisk0\DR0\Partition1 - ok
16:53:23.0150 0256 [ 3CEFF41578917A35C2D9C79A15B1D276 ] \Device\Harddisk0\DR0\Partition2
16:53:23.0150 0256 \Device\Harddisk0\DR0\Partition2 - ok
16:53:23.0150 0256 ============================================================
16:53:23.0150 0256 Scan finished
16:53:23.0150 0256 ============================================================
16:53:23.0166 1760 Detected object count: 3
16:53:23.0166 1760 Actual detected object count: 3
16:54:35.0082 1760 MpKsl35979285 ( ForgedFile.Multi.Generic ) - skipped by user
16:54:35.0082 1760 MpKsl35979285 ( ForgedFile.Multi.Generic ) - User select action: Skip
16:54:35.0784 1760 \Device\Harddisk0\DR0\# - copied to quarantine
16:54:35.0784 1760 \Device\Harddisk0\DR0 - copied to quarantine
16:54:35.0815 1760 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:54:35.0815 1760 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:54:35.0815 1760 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:54:35.0830 1760 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:54:35.0846 1760 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:54:35.0862 1760 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:54:35.0877 1760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:54:35.0877 1760 \Device\Harddisk0\DR0 - ok
16:54:36.0142 1760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:54:36.0158 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:54:36.0158 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:54:40.0573 1780 Deinitialize success

Clicked continue at the end and it sat with a black screen for 10 minutes. Shut it down and rebooted in safe mode to post this.

Thank you for any assistance.

4

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 28 October 2012 - 07:19 PM

Launch TDSSkiller again and select DELETE for this entry,post the new log

16:54:36.0158 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 28 October 2012 - 07:22 PM

narenxp,

Thank you for the reply and instruction. I will follow as directed when I get up tomorrow as I am off to work here shortly.

Much appreciated.

4

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 28 October 2012 - 07:22 PM

:thumbup2:

#5 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 29 October 2012 - 09:59 AM

Real quick,

Just got home and running the aswmbr, which has detected a couple of things,,,,,

When I run the ESET...just want to double check that you do NOT want me to click remove found threats..just been a few since I have used it and didn't want to goof.

4

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 29 October 2012 - 10:41 AM

Checkmark REMOVE THREATS option and post the log.

#7 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 29 October 2012 - 04:17 PM

Narenxp,

Reran tdsskiller and deleted the specified entry, here is the new log:

07:19:45.0778 3348 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
07:19:46.0246 3348 ============================================================
07:19:46.0246 3348 Current date / time: 2012/10/29 07:19:46.0246
07:19:46.0246 3348 SystemInfo:
07:19:46.0246 3348
07:19:46.0246 3348 OS Version: 6.0.6002 ServicePack: 2.0
07:19:46.0246 3348 Product type: Workstation
07:19:46.0246 3348 ComputerName: HOMEPC
07:19:46.0246 3348 UserName: Bryce
07:19:46.0246 3348 Windows directory: C:\Windows
07:19:46.0246 3348 System windows directory: C:\Windows
07:19:46.0246 3348 Processor architecture: Intel x86
07:19:46.0246 3348 Number of processors: 1
07:19:46.0246 3348 Page size: 0x1000
07:19:46.0246 3348 Boot type: Normal boot
07:19:46.0246 3348 ============================================================
07:19:48.0025 3348 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:19:48.0025 3348 ============================================================
07:19:48.0025 3348 \Device\Harddisk0\DR0:
07:19:48.0025 3348 MBR partitions:
07:19:48.0025 3348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
07:19:48.0025 3348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0xCBF89EB
07:19:48.0025 3348 ============================================================
07:19:48.0071 3348 C: <-> \Device\Harddisk0\DR0\Partition2
07:19:48.0103 3348 D: <-> \Device\Harddisk0\DR0\Partition1
07:19:48.0103 3348 ============================================================
07:19:48.0103 3348 Initialize success
07:19:48.0103 3348 ============================================================
07:19:54.0827 3520 ============================================================
07:19:54.0827 3520 Scan started
07:19:54.0827 3520 Mode: Manual; TDLFS;
07:19:54.0827 3520 ============================================================
07:19:55.0233 3520 ================ Scan system memory ========================
07:19:55.0233 3520 System memory - ok
07:19:55.0233 3520 ================ Scan services =============================
07:19:55.0467 3520 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
07:19:55.0482 3520 ACPI - ok
07:19:55.0592 3520 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:19:55.0592 3520 AdobeARMservice - ok
07:19:55.0732 3520 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:19:55.0763 3520 adp94xx - ok
07:19:55.0794 3520 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:19:55.0810 3520 adpahci - ok
07:19:55.0826 3520 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
07:19:55.0826 3520 adpu160m - ok
07:19:55.0857 3520 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:19:55.0857 3520 adpu320 - ok
07:19:55.0904 3520 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:19:55.0904 3520 AeLookupSvc - ok
07:19:55.0997 3520 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
07:19:56.0013 3520 AFD - ok
07:19:56.0075 3520 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:19:56.0075 3520 agp440 - ok
07:19:56.0138 3520 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
07:19:56.0138 3520 aic78xx - ok
07:19:56.0169 3520 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
07:19:56.0169 3520 ALG - ok
07:19:56.0184 3520 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
07:19:56.0200 3520 aliide - ok
07:19:56.0216 3520 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:19:56.0231 3520 amdagp - ok
07:19:56.0247 3520 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
07:19:56.0247 3520 amdide - ok
07:19:56.0262 3520 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
07:19:56.0262 3520 AmdK7 - ok
07:19:56.0294 3520 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:19:56.0294 3520 AmdK8 - ok
07:19:56.0340 3520 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:19:56.0340 3520 ApfiltrService - ok
07:19:56.0450 3520 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
07:19:56.0465 3520 Appinfo - ok
07:19:56.0606 3520 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:19:56.0606 3520 Apple Mobile Device - ok
07:19:56.0699 3520 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
07:19:56.0699 3520 arc - ok
07:19:56.0777 3520 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:19:56.0808 3520 arcsas - ok
07:19:56.0886 3520 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:19:56.0918 3520 AsyncMac - ok
07:19:56.0980 3520 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
07:19:56.0980 3520 atapi - ok
07:19:57.0152 3520 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
07:19:57.0198 3520 athr - ok
07:19:57.0261 3520 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:19:57.0276 3520 AudioEndpointBuilder - ok
07:19:57.0308 3520 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:19:57.0308 3520 Audiosrv - ok
07:19:57.0479 3520 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
07:19:57.0495 3520 BBSvc - ok
07:19:57.0588 3520 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
07:19:57.0588 3520 Beep - ok
07:19:57.0698 3520 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
07:19:57.0729 3520 BFE - ok
07:19:57.0838 3520 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
07:19:57.0869 3520 BITS - ok
07:19:57.0916 3520 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:19:57.0947 3520 blbdrive - ok
07:19:58.0103 3520 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:19:58.0119 3520 Bonjour Service - ok
07:19:58.0197 3520 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:19:58.0197 3520 bowser - ok
07:19:58.0244 3520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
07:19:58.0290 3520 BrFiltLo - ok
07:19:58.0353 3520 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
07:19:58.0353 3520 BrFiltUp - ok
07:19:58.0431 3520 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
07:19:58.0431 3520 Browser - ok
07:19:58.0509 3520 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
07:19:58.0509 3520 Brserid - ok
07:19:58.0540 3520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
07:19:58.0571 3520 BrSerWdm - ok
07:19:58.0634 3520 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
07:19:58.0680 3520 BrUsbMdm - ok
07:19:58.0696 3520 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
07:19:58.0712 3520 BrUsbSer - ok
07:19:58.0743 3520 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:19:58.0743 3520 BTHMODEM - ok
07:19:58.0821 3520 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:19:58.0836 3520 cdfs - ok
07:19:58.0868 3520 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:19:58.0868 3520 cdrom - ok
07:19:58.0992 3520 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
07:19:59.0008 3520 CertPropSvc - ok
07:19:59.0039 3520 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
07:19:59.0070 3520 circlass - ok
07:19:59.0133 3520 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
07:19:59.0148 3520 CLFS - ok
07:19:59.0320 3520 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:19:59.0320 3520 clr_optimization_v2.0.50727_32 - ok
07:19:59.0507 3520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:19:59.0570 3520 clr_optimization_v4.0.30319_32 - ok
07:19:59.0694 3520 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:19:59.0710 3520 CmBatt - ok
07:19:59.0757 3520 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:19:59.0772 3520 cmdide - ok
07:19:59.0850 3520 [ 58BC03301EC3052F866532946BF51AD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
07:19:59.0897 3520 CnxtHdAudService - ok
07:19:59.0928 3520 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:19:59.0944 3520 Compbatt - ok
07:19:59.0991 3520 COMSysApp - ok
07:20:00.0006 3520 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:20:00.0006 3520 crcdisk - ok
07:20:00.0084 3520 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
07:20:00.0100 3520 Crusoe - ok
07:20:00.0194 3520 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:20:00.0194 3520 CryptSvc - ok
07:20:00.0287 3520 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:20:00.0318 3520 DcomLaunch - ok
07:20:00.0350 3520 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:20:00.0365 3520 DfsC - ok
07:20:00.0521 3520 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
07:20:00.0646 3520 DFSR - ok
07:20:00.0771 3520 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
07:20:00.0771 3520 Dhcp - ok
07:20:00.0849 3520 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
07:20:00.0880 3520 disk - ok
07:20:00.0927 3520 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:20:00.0942 3520 Dnscache - ok
07:20:00.0974 3520 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:20:00.0974 3520 dot3svc - ok
07:20:01.0020 3520 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:20:01.0036 3520 Dot4 - ok
07:20:01.0067 3520 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:20:01.0067 3520 Dot4Print - ok
07:20:01.0083 3520 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:20:01.0098 3520 dot4usb - ok
07:20:01.0145 3520 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
07:20:01.0145 3520 DPS - ok
07:20:01.0208 3520 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:20:01.0208 3520 drmkaud - ok
07:20:01.0254 3520 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:20:01.0270 3520 DXGKrnl - ok
07:20:01.0332 3520 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
07:20:01.0332 3520 e1express - ok
07:20:01.0364 3520 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
07:20:01.0379 3520 E1G60 - ok
07:20:01.0410 3520 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
07:20:01.0410 3520 EapHost - ok
07:20:01.0457 3520 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
07:20:01.0457 3520 Ecache - ok
07:20:01.0504 3520 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:20:01.0504 3520 elxstor - ok
07:20:01.0566 3520 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
07:20:01.0582 3520 EMDMgmt - ok
07:20:01.0598 3520 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:20:01.0598 3520 ErrDev - ok
07:20:01.0676 3520 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
07:20:01.0676 3520 EventSystem - ok
07:20:01.0707 3520 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
07:20:01.0707 3520 exfat - ok
07:20:01.0754 3520 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:20:01.0754 3520 fastfat - ok
07:20:01.0800 3520 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:20:01.0800 3520 fdc - ok
07:20:01.0832 3520 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
07:20:01.0832 3520 fdPHost - ok
07:20:01.0847 3520 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
07:20:01.0847 3520 FDResPub - ok
07:20:01.0863 3520 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:20:01.0878 3520 FileInfo - ok
07:20:01.0894 3520 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:20:01.0894 3520 Filetrace - ok
07:20:01.0925 3520 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:20:01.0925 3520 flpydisk - ok
07:20:01.0941 3520 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:20:01.0956 3520 FltMgr - ok
07:20:02.0019 3520 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
07:20:02.0034 3520 FontCache - ok
07:20:02.0112 3520 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:20:02.0112 3520 FontCache3.0.0.0 - ok
07:20:02.0144 3520 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:20:02.0144 3520 Fs_Rec - ok
07:20:02.0175 3520 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:20:02.0175 3520 gagp30kx - ok
07:20:02.0222 3520 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:20:02.0222 3520 GEARAspiWDM - ok
07:20:02.0284 3520 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
07:20:02.0284 3520 GoogleDesktopManager-051210-111108 - ok
07:20:02.0331 3520 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
07:20:02.0346 3520 gpsvc - ok
07:20:02.0424 3520 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c98d7fe7a444c3 C:\Program Files\Google\Update\GoogleUpdate.exe
07:20:02.0424 3520 gupdate1c98d7fe7a444c3 - ok
07:20:02.0456 3520 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:20:02.0456 3520 gupdatem - ok
07:20:02.0518 3520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:20:02.0518 3520 gusvc - ok
07:20:02.0565 3520 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:20:02.0580 3520 HDAudBus - ok
07:20:02.0612 3520 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:20:02.0612 3520 HidBth - ok
07:20:02.0658 3520 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
07:20:02.0658 3520 HidIr - ok
07:20:02.0705 3520 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
07:20:02.0705 3520 hidserv - ok
07:20:02.0736 3520 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:20:02.0736 3520 HidUsb - ok
07:20:02.0768 3520 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:20:02.0768 3520 hkmsvc - ok
07:20:02.0783 3520 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
07:20:02.0799 3520 HpCISSs - ok
07:20:02.0861 3520 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:20:02.0892 3520 HSF_DPV - ok
07:20:02.0924 3520 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:20:02.0924 3520 HSXHWAZL - ok
07:20:02.0970 3520 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:20:02.0986 3520 HTTP - ok
07:20:03.0017 3520 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
07:20:03.0017 3520 i2omp - ok
07:20:03.0064 3520 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:20:03.0064 3520 i8042prt - ok
07:20:03.0111 3520 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
07:20:03.0111 3520 iaStorV - ok
07:20:03.0173 3520 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:20:03.0220 3520 idsvc - ok
07:20:03.0360 3520 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
07:20:03.0423 3520 igfx - ok
07:20:03.0454 3520 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:20:03.0454 3520 iirsp - ok
07:20:03.0516 3520 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
07:20:03.0516 3520 IKEEXT - ok
07:20:03.0579 3520 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
07:20:03.0579 3520 intelide - ok
07:20:03.0594 3520 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:20:03.0594 3520 intelppm - ok
07:20:03.0641 3520 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:20:03.0641 3520 IPBusEnum - ok
07:20:03.0672 3520 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:20:03.0672 3520 IpFilterDriver - ok
07:20:03.0735 3520 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:20:03.0735 3520 iphlpsvc - ok
07:20:03.0750 3520 IpInIp - ok
07:20:03.0766 3520 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
07:20:03.0782 3520 IPMIDRV - ok
07:20:03.0813 3520 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
07:20:03.0813 3520 IPNAT - ok
07:20:03.0891 3520 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:20:03.0906 3520 iPod Service - ok
07:20:03.0922 3520 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:20:03.0922 3520 IRENUM - ok
07:20:03.0953 3520 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:20:03.0953 3520 isapnp - ok
07:20:03.0984 3520 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:20:04.0000 3520 iScsiPrt - ok
07:20:04.0016 3520 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
07:20:04.0016 3520 iteatapi - ok
07:20:04.0047 3520 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
07:20:04.0047 3520 iteraid - ok
07:20:04.0078 3520 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:20:04.0078 3520 kbdclass - ok
07:20:04.0125 3520 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:20:04.0125 3520 kbdhid - ok
07:20:04.0156 3520 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
07:20:04.0156 3520 KeyIso - ok
07:20:04.0203 3520 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:20:04.0218 3520 KSecDD - ok
07:20:04.0265 3520 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:20:04.0281 3520 KtmRm - ok
07:20:04.0312 3520 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
07:20:04.0328 3520 LanmanServer - ok
07:20:04.0359 3520 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:20:04.0359 3520 LanmanWorkstation - ok
07:20:04.0390 3520 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:20:04.0406 3520 lltdio - ok
07:20:04.0452 3520 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:20:04.0452 3520 lltdsvc - ok
07:20:04.0484 3520 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:20:04.0484 3520 lmhosts - ok
07:20:04.0546 3520 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:20:04.0546 3520 LSI_FC - ok
07:20:04.0608 3520 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:20:04.0608 3520 LSI_SAS - ok
07:20:04.0640 3520 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:20:04.0640 3520 LSI_SCSI - ok
07:20:04.0671 3520 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
07:20:04.0671 3520 luafv - ok
07:20:04.0733 3520 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
07:20:04.0780 3520 MBAMSwissArmy - ok
07:20:04.0811 3520 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:20:04.0811 3520 mdmxsdk - ok
07:20:04.0842 3520 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
07:20:04.0842 3520 megasas - ok
07:20:04.0874 3520 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
07:20:04.0889 3520 MegaSR - ok
07:20:04.0920 3520 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
07:20:04.0920 3520 MMCSS - ok
07:20:04.0952 3520 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
07:20:04.0952 3520 Modem - ok
07:20:04.0998 3520 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:20:04.0998 3520 monitor - ok
07:20:05.0014 3520 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:20:05.0014 3520 mouclass - ok
07:20:05.0030 3520 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:20:05.0045 3520 mouhid - ok
07:20:05.0061 3520 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
07:20:05.0061 3520 MountMgr - ok
07:20:05.0108 3520 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:20:05.0108 3520 MpFilter - ok
07:20:05.0139 3520 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
07:20:05.0139 3520 mpio - ok
07:20:05.0279 3520 [ A69630D039C38018689190234F866D77 ] MpKsl2b84f781 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl2b84f781.sys
07:20:05.0279 3520 MpKsl2b84f781 - ok
07:20:05.0326 3520 [ A69630D039C38018689190234F866D77 ] MpKsl35979285 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl35979285.sys
07:20:05.0373 3520 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl35979285.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
07:20:05.0373 3520 MpKsl35979285 ( ForgedFile.Multi.Generic ) - warning
07:20:05.0373 3520 MpKsl35979285 - detected ForgedFile.Multi.Generic (1)
07:20:05.0420 3520 [ A69630D039C38018689190234F866D77 ] MpKsl8aaf85ae C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl8aaf85ae.sys
07:20:05.0482 3520 MpKsl8aaf85ae - ok
07:20:05.0544 3520 [ A69630D039C38018689190234F866D77 ] MpKsldfa6aa49 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsldfa6aa49.sys
07:20:05.0544 3520 MpKsldfa6aa49 - ok
07:20:05.0576 3520 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:20:05.0576 3520 mpsdrv - ok
07:20:05.0622 3520 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
07:20:05.0622 3520 MpsSvc - ok
07:20:05.0654 3520 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
07:20:05.0654 3520 Mraid35x - ok
07:20:05.0700 3520 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:20:05.0700 3520 MRxDAV - ok
07:20:05.0747 3520 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:20:05.0747 3520 mrxsmb - ok
07:20:05.0810 3520 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:20:05.0810 3520 mrxsmb10 - ok
07:20:05.0856 3520 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:20:05.0872 3520 mrxsmb20 - ok
07:20:05.0903 3520 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
07:20:05.0919 3520 msahci - ok
07:20:05.0966 3520 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:20:05.0981 3520 msdsm - ok
07:20:06.0028 3520 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
07:20:06.0028 3520 MSDTC - ok
07:20:06.0075 3520 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:20:06.0075 3520 Msfs - ok
07:20:06.0137 3520 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:20:06.0153 3520 msisadrv - ok
07:20:06.0215 3520 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:20:06.0231 3520 MSiSCSI - ok
07:20:06.0246 3520 msiserver - ok
07:20:06.0309 3520 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:20:06.0324 3520 MSKSSRV - ok
07:20:06.0402 3520 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
07:20:06.0402 3520 MsMpSvc - ok
07:20:06.0418 3520 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:20:06.0418 3520 MSPCLOCK - ok
07:20:06.0449 3520 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:20:06.0465 3520 MSPQM - ok
07:20:06.0558 3520 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:20:06.0574 3520 MsRPC - ok
07:20:06.0636 3520 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:20:06.0636 3520 mssmbios - ok
07:20:06.0668 3520 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:20:06.0668 3520 MSTEE - ok
07:20:06.0746 3520 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
07:20:06.0761 3520 Mup - ok
07:20:06.0824 3520 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
07:20:06.0839 3520 napagent - ok
07:20:06.0886 3520 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:20:06.0902 3520 NativeWifiP - ok
07:20:07.0026 3520 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:20:07.0073 3520 NDIS - ok
07:20:07.0104 3520 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:20:07.0120 3520 NdisTapi - ok
07:20:07.0136 3520 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:20:07.0151 3520 Ndisuio - ok
07:20:07.0182 3520 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:20:07.0198 3520 NdisWan - ok
07:20:07.0229 3520 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:20:07.0245 3520 NDProxy - ok
07:20:07.0276 3520 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:20:07.0276 3520 NetBIOS - ok
07:20:07.0338 3520 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
07:20:07.0354 3520 netbt - ok
07:20:07.0385 3520 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
07:20:07.0385 3520 Netlogon - ok
07:20:07.0432 3520 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
07:20:07.0463 3520 Netman - ok
07:20:07.0526 3520 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
07:20:07.0541 3520 netprofm - ok
07:20:07.0588 3520 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:20:07.0604 3520 NetTcpPortSharing - ok
07:20:07.0650 3520 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:20:07.0650 3520 nfrd960 - ok
07:20:07.0697 3520 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:20:07.0713 3520 NisDrv - ok
07:20:07.0760 3520 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
07:20:07.0791 3520 NisSrv - ok
07:20:07.0853 3520 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:20:07.0853 3520 NlaSvc - ok
07:20:07.0900 3520 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:20:07.0900 3520 Npfs - ok
07:20:07.0947 3520 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
07:20:07.0962 3520 nsi - ok
07:20:08.0009 3520 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:20:08.0009 3520 nsiproxy - ok
07:20:08.0196 3520 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:20:08.0321 3520 Ntfs - ok
07:20:08.0352 3520 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
07:20:08.0368 3520 ntrigdigi - ok
07:20:08.0399 3520 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
07:20:08.0399 3520 Null - ok
07:20:08.0446 3520 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:20:08.0477 3520 nvraid - ok
07:20:08.0508 3520 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:20:08.0508 3520 nvstor - ok
07:20:08.0555 3520 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:20:08.0586 3520 nv_agp - ok
07:20:08.0602 3520 NwlnkFlt - ok
07:20:08.0618 3520 NwlnkFwd - ok
07:20:08.0664 3520 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:20:08.0680 3520 ohci1394 - ok
07:20:08.0836 3520 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
07:20:08.0898 3520 p2pimsvc - ok
07:20:08.0945 3520 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
07:20:08.0945 3520 p2psvc - ok
07:20:08.0992 3520 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
07:20:09.0008 3520 Parport - ok
07:20:09.0054 3520 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:20:09.0070 3520 partmgr - ok
07:20:09.0101 3520 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
07:20:09.0117 3520 Parvdm - ok
07:20:09.0148 3520 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
07:20:09.0164 3520 PcaSvc - ok
07:20:09.0226 3520 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
07:20:09.0273 3520 pci - ok
07:20:09.0320 3520 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
07:20:09.0320 3520 pciide - ok
07:20:09.0366 3520 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:20:09.0398 3520 pcmcia - ok
07:20:09.0632 3520 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:20:09.0772 3520 PEAUTH - ok
07:20:10.0006 3520 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
07:20:10.0131 3520 pla - ok
07:20:10.0178 3520 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:20:10.0193 3520 PlugPlay - ok
07:20:10.0302 3520 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
07:20:10.0365 3520 PNRPAutoReg - ok
07:20:10.0427 3520 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
07:20:10.0443 3520 PNRPsvc - ok
07:20:10.0942 3520 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:20:11.0082 3520 PolicyAgent - ok
07:20:11.0160 3520 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:20:11.0176 3520 PptpMiniport - ok
07:20:11.0254 3520 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
07:20:11.0254 3520 Processor - ok
07:20:11.0394 3520 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
07:20:11.0426 3520 ProfSvc - ok
07:20:11.0457 3520 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:20:11.0457 3520 ProtectedStorage - ok
07:20:11.0519 3520 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
07:20:11.0519 3520 PSched - ok
07:20:11.0597 3520 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
07:20:11.0597 3520 PxHelp20 - ok
07:20:11.0878 3520 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:20:11.0940 3520 ql2300 - ok
07:20:12.0003 3520 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:20:12.0003 3520 ql40xx - ok
07:20:12.0081 3520 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
07:20:12.0081 3520 QWAVE - ok
07:20:12.0112 3520 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:20:12.0112 3520 QWAVEdrv - ok
07:20:12.0330 3520 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
07:20:12.0393 3520 R300 - ok
07:20:12.0424 3520 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:20:12.0424 3520 RasAcd - ok
07:20:12.0440 3520 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
07:20:12.0455 3520 RasAuto - ok
07:20:12.0486 3520 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:20:12.0486 3520 Rasl2tp - ok
07:20:12.0533 3520 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
07:20:12.0549 3520 RasMan - ok
07:20:12.0580 3520 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:20:12.0580 3520 RasPppoe - ok
07:20:12.0611 3520 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:20:12.0611 3520 RasSstp - ok
07:20:12.0674 3520 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:20:12.0689 3520 rdbss - ok
07:20:12.0720 3520 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:20:12.0720 3520 RDPCDD - ok
07:20:12.0767 3520 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
07:20:12.0767 3520 rdpdr - ok
07:20:12.0783 3520 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:20:12.0783 3520 RDPENCDD - ok
07:20:12.0830 3520 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:20:12.0845 3520 RDPWD - ok
07:20:12.0892 3520 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:20:12.0892 3520 RemoteAccess - ok
07:20:12.0923 3520 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:20:12.0923 3520 RemoteRegistry - ok
07:20:12.0970 3520 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
07:20:12.0970 3520 rimmptsk - ok
07:20:13.0001 3520 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\drivers\rimsptsk.sys
07:20:13.0001 3520 rimsptsk - ok
07:20:13.0032 3520 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\drivers\rixdptsk.sys
07:20:13.0032 3520 rismxdp - ok
07:20:13.0064 3520 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
07:20:13.0064 3520 RpcLocator - ok
07:20:13.0095 3520 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
07:20:13.0095 3520 RpcSs - ok
07:20:13.0110 3520 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:20:13.0126 3520 rspndr - ok
07:20:13.0173 3520 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
07:20:13.0173 3520 RTL8169 - ok
07:20:13.0188 3520 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
07:20:13.0188 3520 SamSs - ok
07:20:13.0235 3520 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:20:13.0235 3520 sbp2port - ok
07:20:13.0298 3520 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:20:13.0298 3520 SCardSvr - ok
07:20:13.0360 3520 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
07:20:13.0376 3520 Schedule - ok
07:20:13.0391 3520 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:20:13.0391 3520 SCPolicySvc - ok
07:20:13.0438 3520 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
07:20:13.0438 3520 sdbus - ok
07:20:13.0516 3520 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:20:13.0516 3520 SDRSVC - ok
07:20:13.0547 3520 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
07:20:13.0563 3520 SeaPort - ok
07:20:13.0594 3520 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:20:13.0610 3520 secdrv - ok
07:20:13.0672 3520 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
07:20:13.0672 3520 seclogon - ok
07:20:13.0719 3520 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
07:20:13.0734 3520 SENS - ok
07:20:13.0766 3520 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:20:13.0766 3520 Serenum - ok
07:20:13.0797 3520 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
07:20:13.0797 3520 Serial - ok
07:20:13.0828 3520 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:20:13.0828 3520 sermouse - ok
07:20:13.0875 3520 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
07:20:13.0875 3520 SessionEnv - ok
07:20:13.0906 3520 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:20:13.0906 3520 sffdisk - ok
07:20:13.0922 3520 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:20:13.0922 3520 sffp_mmc - ok
07:20:13.0953 3520 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:20:13.0953 3520 sffp_sd - ok
07:20:13.0984 3520 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:20:14.0000 3520 sfloppy - ok
07:20:14.0031 3520 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:20:14.0046 3520 SharedAccess - ok
07:20:14.0078 3520 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:20:14.0093 3520 ShellHWDetection - ok
07:20:14.0109 3520 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:20:14.0109 3520 sisagp - ok
07:20:14.0140 3520 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
07:20:14.0140 3520 SiSRaid2 - ok
07:20:14.0171 3520 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:20:14.0187 3520 SiSRaid4 - ok
07:20:14.0530 3520 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
07:20:14.0670 3520 slsvc - ok
07:20:14.0764 3520 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
07:20:14.0764 3520 SLUINotify - ok
07:20:14.0795 3520 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:20:14.0795 3520 Smb - ok
07:20:14.0842 3520 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:20:14.0842 3520 SNMPTRAP - ok
07:20:14.0858 3520 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
07:20:14.0858 3520 spldr - ok
07:20:14.0904 3520 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
07:20:14.0904 3520 Spooler - ok
07:20:14.0951 3520 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:20:14.0951 3520 srv - ok
07:20:14.0982 3520 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:20:14.0982 3520 srv2 - ok
07:20:15.0029 3520 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:20:15.0029 3520 srvnet - ok
07:20:15.0060 3520 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:20:15.0060 3520 SSDPSRV - ok
07:20:15.0092 3520 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:20:15.0092 3520 SstpSvc - ok
07:20:15.0123 3520 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
07:20:15.0138 3520 stisvc - ok
07:20:15.0185 3520 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:20:15.0216 3520 stllssvr - ok
07:20:15.0263 3520 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:20:15.0263 3520 swenum - ok
07:20:15.0310 3520 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
07:20:15.0310 3520 swprv - ok
07:20:15.0341 3520 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
07:20:15.0341 3520 Symc8xx - ok
07:20:15.0372 3520 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
07:20:15.0372 3520 Sym_hi - ok
07:20:15.0404 3520 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
07:20:15.0404 3520 Sym_u3 - ok
07:20:15.0450 3520 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
07:20:15.0466 3520 SysMain - ok
07:20:15.0513 3520 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:20:15.0513 3520 TabletInputService - ok
07:20:15.0560 3520 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:20:15.0575 3520 TapiSrv - ok
07:20:15.0591 3520 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
07:20:15.0591 3520 TBS - ok
07:20:15.0669 3520 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:20:15.0700 3520 Tcpip - ok
07:20:15.0747 3520 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
07:20:15.0762 3520 Tcpip6 - ok
07:20:15.0794 3520 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:20:15.0809 3520 tcpipreg - ok
07:20:15.0825 3520 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:20:15.0840 3520 TDPIPE - ok
07:20:15.0856 3520 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:20:15.0856 3520 TDTCP - ok
07:20:15.0887 3520 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:20:15.0887 3520 tdx - ok
07:20:15.0934 3520 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:20:15.0934 3520 TermDD - ok
07:20:15.0965 3520 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
07:20:15.0981 3520 TermService - ok
07:20:15.0996 3520 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
07:20:16.0012 3520 Themes - ok
07:20:16.0028 3520 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
07:20:16.0028 3520 THREADORDER - ok
07:20:16.0106 3520 [ 2E7315B147E524E055026E6634B14EA6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
07:20:16.0106 3520 TOSHIBA Bluetooth Service - ok
07:20:16.0137 3520 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\Windows\system32\drivers\toshidpt.sys
07:20:16.0137 3520 toshidpt - ok
07:20:16.0184 3520 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
07:20:16.0184 3520 tosporte - ok
07:20:16.0230 3520 [ E90ACE3B4FA7A85F992BC21EB779C407 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
07:20:16.0230 3520 Tosrfcom - ok
07:20:16.0277 3520 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
07:20:16.0277 3520 TrkWks - ok
07:20:16.0340 3520 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:20:16.0340 3520 TrustedInstaller - ok
07:20:16.0386 3520 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:20:16.0386 3520 tssecsrv - ok
07:20:16.0418 3520 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
07:20:16.0418 3520 tunmp - ok
07:20:16.0464 3520 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:20:16.0464 3520 tunnel - ok
07:20:16.0480 3520 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:20:16.0496 3520 uagp35 - ok
07:20:16.0542 3520 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:20:16.0542 3520 udfs - ok
07:20:16.0589 3520 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:20:16.0589 3520 UI0Detect - ok
07:20:16.0620 3520 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:20:16.0620 3520 uliagpkx - ok
07:20:16.0652 3520 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
07:20:16.0652 3520 uliahci - ok
07:20:16.0698 3520 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
07:20:16.0714 3520 UlSata - ok
07:20:16.0745 3520 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
07:20:16.0745 3520 ulsata2 - ok
07:20:16.0776 3520 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:20:16.0792 3520 umbus - ok
07:20:16.0823 3520 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
07:20:16.0839 3520 upnphost - ok
07:20:16.0901 3520 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:20:16.0901 3520 USBAAPL - ok
07:20:16.0932 3520 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:20:16.0932 3520 usbccgp - ok
07:20:16.0979 3520 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:20:16.0979 3520 usbcir - ok
07:20:17.0026 3520 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:20:17.0026 3520 usbehci - ok
07:20:17.0057 3520 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:20:17.0057 3520 usbhub - ok
07:20:17.0088 3520 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:20:17.0088 3520 usbohci - ok
07:20:17.0120 3520 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:20:17.0120 3520 usbprint - ok
07:20:17.0182 3520 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:20:17.0182 3520 usbscan - ok
07:20:17.0213 3520 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:20:17.0213 3520 USBSTOR - ok
07:20:17.0260 3520 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:20:17.0260 3520 usbuhci - ok
07:20:17.0307 3520 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
07:20:17.0307 3520 UxSms - ok
07:20:17.0354 3520 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
07:20:17.0354 3520 vds - ok
07:20:17.0385 3520 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:20:17.0385 3520 vga - ok
07:20:17.0416 3520 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
07:20:17.0416 3520 VgaSave - ok
07:20:17.0447 3520 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:20:17.0447 3520 viaagp - ok
07:20:17.0478 3520 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
07:20:17.0478 3520 ViaC7 - ok
07:20:17.0510 3520 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
07:20:17.0510 3520 viaide - ok
07:20:17.0572 3520 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:20:17.0572 3520 volmgr - ok
07:20:17.0619 3520 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:20:17.0619 3520 volmgrx - ok
07:20:17.0666 3520 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:20:17.0666 3520 volsnap - ok
07:20:17.0728 3520 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:20:17.0728 3520 vsmraid - ok
07:20:17.0822 3520 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
07:20:17.0853 3520 VSS - ok
07:20:17.0900 3520 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
07:20:17.0900 3520 W32Time - ok
07:20:17.0946 3520 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:20:17.0962 3520 WacomPen - ok
07:20:18.0009 3520 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
07:20:18.0009 3520 Wanarp - ok
07:20:18.0024 3520 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:20:18.0024 3520 Wanarpv6 - ok
07:20:18.0071 3520 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:20:18.0071 3520 wcncsvc - ok
07:20:18.0102 3520 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:20:18.0118 3520 WcsPlugInService - ok
07:20:18.0134 3520 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
07:20:18.0134 3520 Wd - ok
07:20:18.0180 3520 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:20:18.0180 3520 Wdf01000 - ok
07:20:18.0212 3520 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:20:18.0212 3520 WdiServiceHost - ok
07:20:18.0227 3520 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:20:18.0227 3520 WdiSystemHost - ok
07:20:18.0274 3520 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
07:20:18.0274 3520 WebClient - ok
07:20:18.0321 3520 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:20:18.0321 3520 Wecsvc - ok
07:20:18.0352 3520 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:20:18.0352 3520 wercplsupport - ok
07:20:18.0399 3520 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
07:20:18.0399 3520 WerSvc - ok
07:20:18.0446 3520 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:20:18.0461 3520 winachsf - ok
07:20:18.0524 3520 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:20:18.0524 3520 WinDefend - ok
07:20:18.0539 3520 WinHttpAutoProxySvc - ok
07:20:18.0617 3520 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:20:18.0617 3520 Winmgmt - ok
07:20:18.0680 3520 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
07:20:18.0726 3520 WinRM - ok
07:20:18.0804 3520 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:20:18.0820 3520 Wlansvc - ok
07:20:18.0914 3520 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:20:18.0960 3520 wlidsvc - ok
07:20:19.0007 3520 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:20:19.0007 3520 WmiAcpi - ok
07:20:19.0070 3520 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:20:19.0070 3520 wmiApSrv - ok
07:20:19.0257 3520 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:20:19.0288 3520 WMPNetworkSvc - ok
07:20:19.0335 3520 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:20:19.0382 3520 WPCSvc - ok
07:20:19.0397 3520 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:20:19.0413 3520 WPDBusEnum - ok
07:20:19.0444 3520 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
07:20:19.0444 3520 WpdUsb - ok
07:20:20.0037 3520 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:20:20.0068 3520 WPFFontCache_v0400 - ok
07:20:20.0193 3520 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:20:20.0302 3520 ws2ifsl - ok
07:20:20.0661 3520 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
07:20:20.0754 3520 wscsvc - ok
07:20:20.0770 3520 WSearch - ok
07:20:21.0082 3520 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:20:21.0550 3520 wuauserv - ok
07:20:21.0690 3520 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:20:21.0753 3520 WUDFRd - ok
07:20:21.0815 3520 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:20:21.0831 3520 wudfsvc - ok
07:20:21.0909 3520 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
07:20:21.0909 3520 XAudio - ok
07:20:22.0002 3520 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
07:20:22.0002 3520 XAudioService - ok
07:20:22.0096 3520 ================ Scan global ===============================
07:20:22.0127 3520 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
07:20:22.0174 3520 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:20:22.0205 3520 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
07:20:22.0299 3520 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
07:20:22.0299 3520 [Global] - ok
07:20:22.0299 3520 ================ Scan MBR ==================================
07:20:22.0314 3520 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
07:20:22.0907 3520 \Device\Harddisk0\DR0 - ok
07:20:22.0907 3520 ================ Scan VBR ==================================
07:20:22.0938 3520 [ A431838945CA4AEAD0B42711B8CA0E9B ] \Device\Harddisk0\DR0\Partition1
07:20:22.0954 3520 \Device\Harddisk0\DR0\Partition1 - ok
07:20:22.0970 3520 [ 3CEFF41578917A35C2D9C79A15B1D276 ] \Device\Harddisk0\DR0\Partition2
07:20:22.0985 3520 \Device\Harddisk0\DR0\Partition2 - ok
07:20:23.0001 3520 ============================================================
07:20:23.0001 3520 Scan finished
07:20:23.0001 3520 ============================================================
07:20:23.0016 3464 Detected object count: 1
07:20:23.0016 3464 Actual detected object count: 1
07:20:28.0991 3464 MpKsl35979285 ( ForgedFile.Multi.Generic ) - skipped by user
07:20:28.0991 3464 MpKsl35979285 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:20:32.0798 3512 Deinitialize success


Ran aswmbr, here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-29 07:31:31
-----------------------------
07:31:31.983 OS Version: Windows 6.0.6002 Service Pack 2
07:31:31.983 Number of processors: 1 586 0x1601
07:31:31.983 ComputerName: HOMEPC UserName: Bryce
07:32:45.054 Initialize success
07:34:18.820 AVAST engine defs: 12102900
07:35:31.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:35:31.890 Disk 0 Vendor: WDC_WD1200BEVT-75ZCT2 11.01A11 Size: 114473MB BusType: 3
07:35:31.937 Disk 0 MBR read successfully
07:35:31.937 Disk 0 MBR scan
07:35:32.342 Disk 0 Windows VISTA default MBR code
07:35:32.342 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:35:32.467 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
07:35:32.498 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 104433 MB offset 20560325
07:35:32.966 Disk 0 scanning sectors +234439600
07:35:33.856 Disk 0 scanning C:\Windows\system32\drivers
07:36:44.960 Service scanning
07:37:21.231 Service MpKsl2b84f781 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl2b84f781.sys **LOCKED** 32
07:37:46.659 Modules scanning
07:38:14.755 Disk 0 trace - called modules:
07:38:14.817 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys watchdog.sys
07:38:14.817 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d5a290]
07:38:14.833 3 CLASSPNP.SYS[865ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83d59528]
07:38:16.268 AVAST engine scan C:\Windows
07:38:29.481 AVAST engine scan C:\Windows\system32
07:39:07.592 File: C:\Windows\system32\ConTest.dll **INFECTED** Win32:Malware-gen
07:46:17.097 AVAST engine scan C:\Windows\system32\drivers
07:47:11.536 AVAST engine scan C:\Users\Bryce
07:50:58.532 File: C:\Users\Bryce\AppData\Local\Temp\FA76.tmp **INFECTED** Win32:Alureon-AXX [Trj]
08:28:35.725 AVAST engine scan C:\ProgramData
08:30:52.330 Scan finished successfully
08:33:11.337 Disk 0 MBR has been saved successfully to "C:\Users\Bryce\Desktop\MBR.dat"
08:33:11.384 The log file has been saved successfully to "C:\Users\Bryce\Desktop\aswMBR.txt"


Ran ESET, here is the list of found threats:

C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe Win32/Adware.Ascentive application cleaned by deleting - quarantined
C:\Program Files\Ascentive\Performance Center\ApcMain.exe Win32/Adware.Ascentive application cleaned by deleting - quarantined
C:\Program Files\Object\bho_project.dll probably a variant of Win32/Adware.Facetheme.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_16.52.53\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_16.52.53\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_16.52.53\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_17.24.15\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_17.24.15\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.10.2012_17.24.15\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Default\aaencfomliljiinnjodnfnlfionpjgpk\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Bryce\AppData\Local\Temp\is-SDFOM.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\ConTest.dll Win32/Adware.Ascentive application cleaned by deleting - quarantined


Ran malwarebytes, here is the log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.29.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bryce :: HOMEPC [administrator]

10/29/2012 12:48:18 PM
mbam-log-2012-10-29 (12-48-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353110
Time elapsed: 1 hour(s), 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thank you.

4

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 29 October 2012 - 09:24 PM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 30 October 2012 - 10:46 AM

narenxp,

Here is the mimitoolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Bryce (administrator) on 30-10-2012 at 08:02:01
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : homePC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-17-C4-4F-52-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e081:8cd:190f:2822%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.150(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 30, 2012 7:41:12 AM
Lease Expires . . . . . . . . . . : Tuesday, November 06, 2012 6:21:11 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 201332676
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-C9-51-1A-00-22-19-DA-36-67
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-22-19-DA-36-67
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B11BCD9F-97CB-41B4-8D36-2A45C4429991}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2089:29f2:3f57:fd69(Preferred)
Link-local IPv6 Address . . . . . : fe80::2089:29f2:3f57:fd69%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.wa.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:400a:800::1005
173.194.33.46
173.194.33.37
173.194.33.32
173.194.33.36
173.194.33.39
173.194.33.40
173.194.33.38
173.194.33.35
173.194.33.33
173.194.33.41
173.194.33.34



Pinging google.com [173.194.33.3] with 32 bytes of data:

Reply from 173.194.33.3: bytes=32 time=25ms TTL=56

Reply from 173.194.33.3: bytes=32 time=14ms TTL=56



Ping statistics for 173.194.33.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 25ms, Average = 19ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=110ms TTL=50

Reply from 98.138.253.109: bytes=32 time=90ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 110ms, Average = 100ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 17 c4 4f 52 5c ...... Atheros AR5007EG Wireless Network Adapter
11 ...00 22 19 da 36 67 ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.{B11BCD9F-97CB-41B4-8D36-2A45C4429991}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
17 ...00 00 00 00 00 00 00 e0 isatap.hsd1.wa.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.150 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.150 281
192.168.2.150 255.255.255.255 On-link 192.168.2.150 281
192.168.2.255 255.255.255.255 On-link 192.168.2.150 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.150 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.150 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:2089:29f2:3f57:fd69/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::2089:29f2:3f57:fd69/128
On-link
12 281 fe80::e081:8cd:190f:2822/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/30/2012 07:42:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2012 07:18:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 05:01:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 05:00:29 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:52:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:51:45 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:49:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:37:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:36:28 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:26:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/30/2012 07:42:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2012 07:18:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 05:01:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 05:00:29 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:52:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:51:45 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:49:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:37:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2012 04:36:28 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/28/2012 04:26:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.609.0)
Bluetooth Stack for Windows by Toshiba (Version: v6.01.05(D))
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Carbonite Online Backup Setup (Version: 3.7.3)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.57.0.50)
Dell Touchpad (Version: 7.1.104.2)
EA Download Manager (Version: 7.0.0.74)
Free Studio version 5.1.6
Free YouTube Download version 3.1.39.1015 (Version: 3.1.39.1015)
Free YouTube to iPod Converter version 3.10.17.221 (Version: 3.10.17.221)
Free YouTube to MP3 Converter version 3.11.26.706 (Version: 3.11.26.706)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.74.00.50)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
ParetoLogic DriverCure (Version: 1.6.1.0)
PC SpeedScan Pro (Version: 7.1.2)
PowerDVD (Version: 8.0)
QuickTime (Version: 7.72.80.56)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Screensavers.com Content
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Star Wars Galactic Battlegrounds: Saga
The Sims™ 3 (Version: 1.22.9)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
uTorrentControl2 Toolbar (Version: 6.8.9.0)
VLC media player 1.1.10 (Version: 1.1.10)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 1013.64 MB
Available physical RAM: 304.09 MB
Total Pagefile: 2289.62 MB
Available Pagefile: 1362.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.48 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:101.99 GB) (Free:18.12 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:8.87 GB) NTFS

========================= Users: ========================================

User accounts for \\HOMEPC

Administrator Bryce Guest

========================= Restore Points ==================================

24-10-2012 04:53:51 Windows Update
29-10-2012 14:34:49 Windows Update

**** End of log ****

Here is the FSS log:

Farbar Service Scanner Version: 27-10-2012
Ran by Bryce (administrator) on 30-10-2012 at 08:07:07
Running from "C:\Users\Bryce\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 19:33] - [2008-01-20 19:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Here is the adware cleaner log:

# AdwCleaner v2.005 - Logfile created 10/30/2012 at 08:08:55
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Bryce - HOMEPC
# Boot Mode : Normal
# Running from : C:\Users\Bryce\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Object
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Bryce\AppData\Local\Conduit
Folder Deleted : C:\Users\Bryce\AppData\Local\Temp\PremierOpinion
Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bryce\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Bryce\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Bryce\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Bryce\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A7AC3DD-668F-4D78-BA68-92AE810755BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A17D5D5B-524A-4574-9014-2F31A07530A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startsearcher.com --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Redirect Cache] = hxxp://www.startsearcher.com --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5960 octets] - [30/10/2012 08:08:55]

########## EOF - C:\AdwCleaner[S1].txt - [6020 octets] ##########

Here is the Junkware log:

Junkware Removal Tool (JRT) by Thisisu
Version: 2.2.8 (10.29.2012)
OS: Windows Vista ™ Home Basic x86
Ran by Bryce on Tue 10/30/2012 at 8:14:52.89
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Users\Bryce\AppData\Roaming\dvdvideosoft"
Successfully deleted: [FOLDER] "C:\Users\Bryce\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [FOLDER] "C:\Program Files\Common Files\dvdvideosoft"
Successfully deleted: [FOLDER] "C:\Program Files\dvdvideosoft"



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Tue 10/30/2012 at 8:27:00.24
End of Report

Here is the rkill log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/30/2012 08:30:11 AM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/30/2012 08:30:32 AM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

Here is the autoruns log:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "ITSecMng" "IT Security Manager for Toshiba Stack" " TOSHIBA CORPORATION" "c:\program files\toshiba\bluetooth toshiba stack\itsecmng.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth Manager.lnk" "TosBtMng1" "TOSHIBA CORPORATION." "c:\program files\toshiba\bluetooth toshiba stack\tosbtmng1.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files\common files\apple\internet services\icloudservices.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files\common files\apple\internet services\ubd.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "Dell Inc." "c:\program files\dell\bae\bae.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\DriverCure" "DriverCure" "ParetoLogic" "c:\program files\paretologic\drivercure\drivercure.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\ParetoLogic Registration3" "ParetoLogic Update Component" "" "c:\program files\common files\paretologic\uus3\uus3.dll"
+ "\ParetoLogic Update Version3" "ParetoLogic Update Application" "ParetoLogic Inc." "c:\program files\common files\paretologic\uus3\pareto_update3.exe"
+ "\{49CC22B8-2D5B-4410-91BF-8DF4EC9E7DD6}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{C1623C0A-A3E8-4434-8A4F-92981A80C36C}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate1c98d7fe7a444c3" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "TOSHIBA Bluetooth Service" "TOSHIBA Bluetooth Service" "TOSHIBA CORPORATION" "c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athr.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "CnxtHdAudService" "High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt32.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys"
+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MpKsl35979285" "" "" "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl35979285.sys"
+ "MpKsl8aaf85ae" "" "" "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsl8aaf85ae.sys"
+ "MpKsldfa6aa49" "" "" "File not found: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE353409-C21E-4E36-9522-5811D5B77C13}\MpKsldfa6aa49.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh86.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "tosporte" "TOSHIBA Bluetooth Port Emulation Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosporte.sys"
+ "Tosrfcom" "Bluetooth RFCOMM Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfcom.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® Audio Decoder 4.2" "SonicHDAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VideoDecoder 4.1" "CinemasterVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav" "SonicHDNav" "" "c:\program files\common files\sonic shared\sonichdnav.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" "Google Desktop" "Google" "c:\progra~1\google\google~3\goec62~1.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3l4v2" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l4v2.dll"
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll"
+ "Toshiba Bluetooth Monitor" "" "TOSHIBA CORPORATION." "c:\windows\system32\tbtmon.dll"
"C:\Users\Bryce\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"


Whew,,,,that was a lot of scanning.

4

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 30 October 2012 - 02:15 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 30 October 2012 - 02:57 PM

Thank you narenxp,

I will follow the rest of your instructions.

Much appreciated.

4

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 PM

Posted 30 October 2012 - 03:36 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users