Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups and redirects


  • Please log in to reply
13 replies to this topic

#1 lopezri

lopezri

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 08 November 2012 - 01:46 PM

Note: split off from http://www.bleepingcomputer.com/forums/topic449925.html -AA

MiniToolBox by Farbar Version: 07-11-2012
Ran by Richard Lopez (administrator) on 08-11-2012 at 10:42:42
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

Edited by Andrew, 08 November 2012 - 02:34 PM.


BC AdBot (Login to Remove)

 


#2 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 08 November 2012 - 01:51 PM

10:47:47.0925 34124 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:47:48.0362 34124 ============================================================
10:47:48.0362 34124 Current date / time: 2012/11/08 10:47:48.0362
10:47:48.0362 34124 SystemInfo:
10:47:48.0362 34124
10:47:48.0362 34124 OS Version: 6.1.7601 ServicePack: 1.0
10:47:48.0362 34124 Product type: Workstation
10:47:48.0362 34124 ComputerName: RICHARDLOPEZ-PC
10:47:48.0362 34124 UserName: Richard Lopez
10:47:48.0362 34124 Windows directory: C:\Windows
10:47:48.0362 34124 System windows directory: C:\Windows
10:47:48.0362 34124 Running under WOW64
10:47:48.0362 34124 Processor architecture: Intel x64
10:47:48.0362 34124 Number of processors: 12
10:47:48.0362 34124 Page size: 0x1000
10:47:48.0362 34124 Boot type: Normal boot
10:47:48.0362 34124 ============================================================
10:47:49.0438 34124 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:53.0385 34124 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:47:53.0494 34124 ============================================================
10:47:53.0494 34124 \Device\Harddisk0\DR0:
10:47:53.0510 34124 MBR partitions:
10:47:53.0510 34124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:47:53.0510 34124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
10:47:53.0510 34124 \Device\Harddisk1\DR1:
10:47:53.0510 34124 MBR partitions:
10:47:53.0510 34124 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:47:53.0510 34124 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BBC31D0
10:47:53.0510 34124 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1BBF59D0, BlocksNum 0x15CE800
10:47:53.0510 34124 ============================================================
10:47:53.0510 34124 C: <-> \Device\Harddisk0\DR0\Partition2
10:47:53.0525 34124 E: <-> \Device\Harddisk1\DR1\Partition1
10:47:53.0557 34124 F: <-> \Device\Harddisk1\DR1\Partition2
10:47:53.0619 34124 G: <-> \Device\Harddisk1\DR1\Partition3
10:47:53.0619 34124 ============================================================
10:47:53.0619 34124 Initialize success
10:47:53.0619 34124 ============================================================
10:48:19.0234 6992 ============================================================
10:48:19.0234 6992 Scan started
10:48:19.0234 6992 Mode: Manual; TDLFS;
10:48:19.0234 6992 ============================================================
10:48:19.0624 6992 ================ Scan system memory ========================
10:48:19.0624 6992 System memory - ok
10:48:19.0624 6992 ================ Scan services =============================
10:48:19.0718 6992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:48:19.0718 6992 1394ohci - ok
10:48:19.0796 6992 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:48:19.0796 6992 ACDaemon - ok
10:48:19.0811 6992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:48:19.0811 6992 ACPI - ok
10:48:19.0843 6992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:48:19.0843 6992 AcpiPmi - ok
10:48:19.0921 6992 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:48:19.0921 6992 AdobeFlashPlayerUpdateSvc - ok
10:48:19.0936 6992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:48:19.0936 6992 adp94xx - ok
10:48:19.0952 6992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:48:19.0952 6992 adpahci - ok
10:48:19.0952 6992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:48:19.0952 6992 adpu320 - ok
10:48:19.0983 6992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:48:19.0983 6992 AeLookupSvc - ok
10:48:20.0014 6992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:48:20.0014 6992 AFD - ok
10:48:20.0030 6992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:48:20.0030 6992 agp440 - ok
10:48:20.0045 6992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:48:20.0045 6992 ALG - ok
10:48:20.0061 6992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:48:20.0061 6992 aliide - ok
10:48:20.0077 6992 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:48:20.0077 6992 AMD External Events Utility - ok
10:48:20.0092 6992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:48:20.0092 6992 amdide - ok
10:48:20.0092 6992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:48:20.0108 6992 AmdK8 - ok
10:48:20.0233 6992 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:48:20.0326 6992 amdkmdag - ok
10:48:20.0357 6992 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:48:20.0357 6992 amdkmdap - ok
10:48:20.0373 6992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:48:20.0373 6992 AmdPPM - ok
10:48:20.0389 6992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:48:20.0389 6992 amdsata - ok
10:48:20.0404 6992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:48:20.0404 6992 amdsbs - ok
10:48:20.0404 6992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:48:20.0420 6992 amdxata - ok
10:48:20.0435 6992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:48:20.0435 6992 AppID - ok
10:48:20.0451 6992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:48:20.0451 6992 AppIDSvc - ok
10:48:20.0467 6992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:48:20.0467 6992 Appinfo - ok
10:48:20.0482 6992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:48:20.0482 6992 arc - ok
10:48:20.0482 6992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:48:20.0498 6992 arcsas - ok
10:48:20.0529 6992 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:48:20.0529 6992 ArcSoftKsUFilter - ok
10:48:20.0576 6992 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
10:48:20.0576 6992 ASInsHelp - ok
10:48:20.0591 6992 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:48:20.0607 6992 AsIO - ok
10:48:20.0623 6992 aspnet_state - ok
10:48:20.0638 6992 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
10:48:20.0638 6992 AsSysCtrlService - ok
10:48:20.0669 6992 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
10:48:20.0669 6992 AsUpIO - ok
10:48:20.0685 6992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:48:20.0685 6992 AsyncMac - ok
10:48:20.0701 6992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:48:20.0701 6992 atapi - ok
10:48:20.0732 6992 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:48:20.0732 6992 AtiHdmiService - ok
10:48:20.0779 6992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:48:20.0779 6992 AudioEndpointBuilder - ok
10:48:20.0779 6992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:48:20.0779 6992 AudioSrv - ok
10:48:20.0825 6992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:48:20.0825 6992 AxInstSV - ok
10:48:20.0841 6992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:48:20.0857 6992 b06bdrv - ok
10:48:20.0872 6992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:48:20.0872 6992 b57nd60a - ok
10:48:20.0903 6992 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
10:48:20.0903 6992 BCUService - ok
10:48:20.0919 6992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:48:20.0919 6992 BDESVC - ok
10:48:20.0935 6992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:48:20.0935 6992 Beep - ok
10:48:20.0966 6992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:48:20.0981 6992 BFE - ok
10:48:20.0997 6992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:48:20.0997 6992 BITS - ok
10:48:21.0028 6992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:48:21.0028 6992 blbdrive - ok
10:48:21.0059 6992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:48:21.0059 6992 bowser - ok
10:48:21.0059 6992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:48:21.0059 6992 BrFiltLo - ok
10:48:21.0059 6992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:48:21.0059 6992 BrFiltUp - ok
10:48:21.0091 6992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:48:21.0091 6992 Browser - ok
10:48:21.0106 6992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:48:21.0106 6992 Brserid - ok
10:48:21.0106 6992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:48:21.0106 6992 BrSerWdm - ok
10:48:21.0106 6992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:48:21.0106 6992 BrUsbMdm - ok
10:48:21.0122 6992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:48:21.0122 6992 BrUsbSer - ok
10:48:21.0122 6992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:48:21.0122 6992 BTHMODEM - ok
10:48:21.0122 6992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:48:21.0122 6992 bthserv - ok
10:48:21.0137 6992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:48:21.0137 6992 cdfs - ok
10:48:21.0153 6992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:48:21.0153 6992 cdrom - ok
10:48:21.0184 6992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:48:21.0184 6992 CertPropSvc - ok
10:48:21.0200 6992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:48:21.0200 6992 circlass - ok
10:48:21.0231 6992 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
10:48:21.0231 6992 CLBStor - ok
10:48:21.0247 6992 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
10:48:21.0247 6992 CLBUDF - ok
10:48:21.0278 6992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:48:21.0278 6992 CLFS - ok
10:48:21.0293 6992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:48:21.0293 6992 clr_optimization_v2.0.50727_32 - ok
10:48:21.0340 6992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:48:21.0340 6992 clr_optimization_v2.0.50727_64 - ok
10:48:21.0403 6992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:48:21.0403 6992 clr_optimization_v4.0.30319_32 - ok
10:48:21.0418 6992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:48:21.0418 6992 clr_optimization_v4.0.30319_64 - ok
10:48:21.0434 6992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:48:21.0434 6992 CmBatt - ok
10:48:21.0434 6992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:48:21.0434 6992 cmdide - ok
10:48:21.0465 6992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:48:21.0465 6992 CNG - ok
10:48:21.0481 6992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:48:21.0481 6992 Compbatt - ok
10:48:21.0512 6992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:48:21.0512 6992 CompositeBus - ok
10:48:21.0512 6992 COMSysApp - ok
10:48:21.0512 6992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:48:21.0512 6992 crcdisk - ok
10:48:21.0543 6992 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:48:21.0543 6992 CryptSvc - ok
10:48:21.0590 6992 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
10:48:21.0590 6992 dc3d - ok
10:48:21.0637 6992 [ 87A70750325AFC300F0977DC3137A350 ] DCamUSBNovatek C:\Windows\system32\Drivers\nvtcam.sys
10:48:21.0683 6992 DCamUSBNovatek - ok
10:48:21.0715 6992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:48:21.0730 6992 DcomLaunch - ok
10:48:21.0746 6992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:48:21.0746 6992 defragsvc - ok
10:48:21.0777 6992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:48:21.0777 6992 DfsC - ok
10:48:21.0793 6992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:48:21.0793 6992 Dhcp - ok
10:48:21.0808 6992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:48:21.0808 6992 discache - ok
10:48:21.0808 6992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:48:21.0808 6992 Disk - ok
10:48:21.0839 6992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:48:21.0839 6992 Dnscache - ok
10:48:21.0871 6992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:48:21.0871 6992 dot3svc - ok
10:48:21.0917 6992 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:48:21.0917 6992 Dot4 - ok
10:48:21.0949 6992 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:48:21.0949 6992 Dot4Print - ok
10:48:21.0980 6992 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:48:21.0980 6992 dot4usb - ok
10:48:22.0011 6992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:48:22.0011 6992 DPS - ok
10:48:22.0027 6992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:48:22.0027 6992 drmkaud - ok
10:48:22.0042 6992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:48:22.0042 6992 DXGKrnl - ok
10:48:22.0058 6992 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
10:48:22.0058 6992 e1yexpress - ok
10:48:22.0073 6992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:48:22.0073 6992 EapHost - ok
10:48:22.0120 6992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:48:22.0167 6992 ebdrv - ok
10:48:22.0198 6992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:48:22.0198 6992 EFS - ok
10:48:22.0229 6992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:48:22.0229 6992 ehRecvr - ok
10:48:22.0245 6992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:48:22.0245 6992 ehSched - ok
10:48:22.0261 6992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:48:22.0261 6992 elxstor - ok
10:48:22.0292 6992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:48:22.0292 6992 ErrDev - ok
10:48:22.0307 6992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:48:22.0307 6992 EventSystem - ok
10:48:22.0307 6992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:48:22.0307 6992 exfat - ok
10:48:22.0307 6992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:48:22.0307 6992 fastfat - ok
10:48:22.0339 6992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:48:22.0339 6992 Fax - ok
10:48:22.0339 6992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:48:22.0339 6992 fdc - ok
10:48:22.0354 6992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:48:22.0354 6992 fdPHost - ok
10:48:22.0370 6992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:48:22.0370 6992 FDResPub - ok
10:48:22.0370 6992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:48:22.0370 6992 FileInfo - ok
10:48:22.0385 6992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:48:22.0385 6992 Filetrace - ok
10:48:22.0385 6992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:48:22.0385 6992 flpydisk - ok
10:48:22.0401 6992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:48:22.0401 6992 FltMgr - ok
10:48:22.0432 6992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:48:22.0448 6992 FontCache - ok
10:48:22.0495 6992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:48:22.0495 6992 FontCache3.0.0.0 - ok
10:48:22.0510 6992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:48:22.0510 6992 FsDepends - ok
10:48:22.0526 6992 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:48:22.0526 6992 fssfltr - ok
10:48:22.0588 6992 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:48:22.0604 6992 fsssvc - ok
10:48:22.0635 6992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:48:22.0635 6992 Fs_Rec - ok
10:48:22.0666 6992 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
10:48:22.0666 6992 FTDIBUS - ok
10:48:22.0697 6992 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
10:48:22.0697 6992 FTSER2K - ok
10:48:22.0713 6992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:48:22.0713 6992 fvevol - ok
10:48:22.0744 6992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:48:22.0744 6992 gagp30kx - ok
10:48:22.0760 6992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:48:22.0775 6992 gpsvc - ok
10:48:22.0869 6992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:48:22.0869 6992 gupdate - ok
10:48:22.0869 6992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:48:22.0869 6992 gupdatem - ok
10:48:22.0885 6992 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:48:22.0885 6992 gusvc - ok
10:48:22.0900 6992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:48:22.0900 6992 hcw85cir - ok
10:48:22.0931 6992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:48:22.0931 6992 HdAudAddService - ok
10:48:22.0947 6992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:48:22.0947 6992 HDAudBus - ok
10:48:22.0963 6992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:48:22.0963 6992 HidBatt - ok
10:48:22.0963 6992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:48:22.0963 6992 HidBth - ok
10:48:22.0978 6992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:48:22.0978 6992 HidIr - ok
10:48:22.0994 6992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:48:22.0994 6992 hidserv - ok
10:48:23.0009 6992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:48:23.0009 6992 HidUsb - ok
10:48:23.0041 6992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:48:23.0041 6992 hkmsvc - ok
10:48:23.0072 6992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:48:23.0072 6992 HomeGroupListener - ok
10:48:23.0072 6992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:48:23.0072 6992 HomeGroupProvider - ok
10:48:23.0087 6992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:48:23.0103 6992 HpSAMD - ok
10:48:23.0119 6992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:48:23.0134 6992 HTTP - ok
10:48:23.0134 6992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:48:23.0134 6992 hwpolicy - ok
10:48:23.0165 6992 [ 4B7423FCC37664954460AC3E71752B62 ] hxctlflt C:\Windows\system32\Drivers\hxctlflt.sys
10:48:23.0165 6992 hxctlflt - ok
10:48:23.0181 6992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:48:23.0181 6992 i8042prt - ok
10:48:23.0197 6992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:48:23.0197 6992 iaStorV - ok
10:48:23.0228 6992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:48:23.0243 6992 idsvc - ok
10:48:23.0259 6992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:48:23.0259 6992 iirsp - ok
10:48:23.0275 6992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:48:23.0275 6992 IKEEXT - ok
10:48:23.0337 6992 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:48:23.0368 6992 IntcAzAudAddService - ok
10:48:23.0368 6992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:48:23.0384 6992 intelide - ok
10:48:23.0384 6992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:48:23.0384 6992 intelppm - ok
10:48:23.0415 6992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:48:23.0415 6992 IPBusEnum - ok
10:48:23.0431 6992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:48:23.0446 6992 IpFilterDriver - ok
10:48:23.0462 6992 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:48:23.0462 6992 iphlpsvc - ok
10:48:23.0477 6992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:48:23.0477 6992 IPMIDRV - ok
10:48:23.0477 6992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:48:23.0493 6992 IPNAT - ok
10:48:23.0509 6992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:48:23.0509 6992 IRENUM - ok
10:48:23.0509 6992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:48:23.0509 6992 isapnp - ok
10:48:23.0524 6992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:48:23.0524 6992 iScsiPrt - ok
10:48:23.0571 6992 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
10:48:23.0571 6992 JRAID - ok
10:48:23.0587 6992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:48:23.0587 6992 kbdclass - ok
10:48:23.0587 6992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:48:23.0587 6992 kbdhid - ok
10:48:23.0602 6992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:48:23.0602 6992 KeyIso - ok
10:48:23.0634 6992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:48:23.0634 6992 KSecDD - ok
10:48:23.0665 6992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:48:23.0665 6992 KSecPkg - ok
10:48:23.0680 6992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:48:23.0680 6992 ksthunk - ok
10:48:23.0680 6992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:48:23.0696 6992 KtmRm - ok
10:48:23.0696 6992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:48:23.0696 6992 LanmanServer - ok
10:48:23.0727 6992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:48:23.0727 6992 LanmanWorkstation - ok
10:48:23.0790 6992 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:48:23.0790 6992 LightScribeService - ok
10:48:23.0805 6992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:48:23.0805 6992 lltdio - ok
10:48:23.0821 6992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:48:23.0821 6992 lltdsvc - ok
10:48:23.0836 6992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:48:23.0836 6992 lmhosts - ok
10:48:23.0852 6992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:48:23.0852 6992 LSI_FC - ok
10:48:23.0852 6992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:48:23.0868 6992 LSI_SAS - ok
10:48:23.0868 6992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:48:23.0868 6992 LSI_SAS2 - ok
10:48:23.0868 6992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:48:23.0883 6992 LSI_SCSI - ok
10:48:23.0899 6992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:48:23.0899 6992 luafv - ok
10:48:23.0930 6992 [ 25A11073B949D290D1F5478E882E7C1C ] Marvell RAID C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
10:48:23.0930 6992 Marvell RAID - ok
10:48:23.0992 6992 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
10:48:23.0992 6992 McComponentHostService - ok
10:48:24.0024 6992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:48:24.0024 6992 Mcx2Svc - ok
10:48:24.0039 6992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:48:24.0039 6992 megasas - ok
10:48:24.0055 6992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:48:24.0055 6992 MegaSR - ok
10:48:24.0070 6992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:48:24.0070 6992 MMCSS - ok
10:48:24.0070 6992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:48:24.0070 6992 Modem - ok
10:48:24.0102 6992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:48:24.0102 6992 monitor - ok
10:48:24.0133 6992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:48:24.0133 6992 mouclass - ok
10:48:24.0148 6992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:48:24.0148 6992 mouhid - ok
10:48:24.0180 6992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:48:24.0180 6992 mountmgr - ok
10:48:24.0211 6992 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:48:24.0211 6992 MpFilter - ok
10:48:24.0226 6992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:48:24.0226 6992 mpio - ok
10:48:24.0242 6992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:48:24.0242 6992 mpsdrv - ok
10:48:24.0289 6992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:48:24.0289 6992 MpsSvc - ok
10:48:24.0336 6992 [ 8881574868E648689B7AA88A88716E17 ] MRUWebService C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
10:48:24.0336 6992 MRUWebService - ok
10:48:24.0367 6992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:48:24.0382 6992 MRxDAV - ok
10:48:24.0398 6992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:48:24.0398 6992 mrxsmb - ok
10:48:24.0429 6992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:48:24.0445 6992 mrxsmb10 - ok
10:48:24.0445 6992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:48:24.0445 6992 mrxsmb20 - ok
10:48:24.0460 6992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:48:24.0460 6992 msahci - ok
10:48:24.0476 6992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:48:24.0476 6992 msdsm - ok
10:48:24.0492 6992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:48:24.0492 6992 MSDTC - ok
10:48:24.0507 6992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:48:24.0507 6992 Msfs - ok
10:48:24.0507 6992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:48:24.0507 6992 mshidkmdf - ok
10:48:24.0523 6992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:48:24.0523 6992 msisadrv - ok
10:48:24.0538 6992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:48:24.0538 6992 MSiSCSI - ok
10:48:24.0538 6992 msiserver - ok
10:48:24.0554 6992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:48:24.0554 6992 MSKSSRV - ok
10:48:24.0648 6992 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:48:24.0648 6992 MsMpSvc - ok
10:48:24.0648 6992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:48:24.0663 6992 MSPCLOCK - ok
10:48:24.0663 6992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:48:24.0663 6992 MSPQM - ok
10:48:24.0694 6992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:48:24.0694 6992 MsRPC - ok
10:48:24.0710 6992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:48:24.0710 6992 mssmbios - ok
10:48:24.0726 6992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:48:24.0726 6992 MSTEE - ok
10:48:24.0726 6992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:48:24.0726 6992 MTConfig - ok
10:48:24.0741 6992 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:48:24.0741 6992 MTsensor - ok
10:48:24.0757 6992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:48:24.0757 6992 Mup - ok
10:48:24.0757 6992 [ 6AF2640B5D7202FA0D96467318D4592E ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys
10:48:24.0757 6992 mv91cons - ok
10:48:24.0804 6992 [ 34D08C9C64F657D194961E96C47E9C69 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
10:48:24.0804 6992 mv91xx - ok
10:48:24.0835 6992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:48:24.0835 6992 napagent - ok
10:48:24.0850 6992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:48:24.0866 6992 NativeWifiP - ok
10:48:24.0897 6992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:48:24.0897 6992 NDIS - ok
10:48:24.0913 6992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:48:24.0913 6992 NdisCap - ok
10:48:24.0944 6992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:48:24.0944 6992 NdisTapi - ok
10:48:24.0975 6992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:48:24.0975 6992 Ndisuio - ok
10:48:25.0006 6992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:48:25.0006 6992 NdisWan - ok
10:48:25.0022 6992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:48:25.0022 6992 NDProxy - ok
10:48:25.0038 6992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:48:25.0038 6992 NetBIOS - ok
10:48:25.0053 6992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:48:25.0053 6992 NetBT - ok
10:48:25.0053 6992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:48:25.0053 6992 Netlogon - ok
10:48:25.0069 6992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:48:25.0084 6992 Netman - ok
10:48:25.0084 6992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:48:25.0084 6992 netprofm - ok
10:48:25.0131 6992 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
10:48:25.0147 6992 netr28ux - ok
10:48:25.0162 6992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:48:25.0162 6992 NetTcpPortSharing - ok
10:48:25.0178 6992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:48:25.0178 6992 nfrd960 - ok
10:48:25.0209 6992 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:48:25.0209 6992 NisDrv - ok
10:48:25.0225 6992 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:48:25.0225 6992 NisSrv - ok
10:48:25.0240 6992 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:48:25.0240 6992 NlaSvc - ok
10:48:25.0256 6992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:48:25.0256 6992 Npfs - ok
10:48:25.0256 6992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:48:25.0272 6992 nsi - ok
10:48:25.0272 6992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:48:25.0272 6992 nsiproxy - ok
10:48:25.0318 6992 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:48:25.0334 6992 Ntfs - ok
10:48:25.0350 6992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:48:25.0350 6992 Null - ok
10:48:25.0396 6992 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:48:25.0396 6992 nusb3hub - ok
10:48:25.0428 6992 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:48:25.0428 6992 nusb3xhc - ok
10:48:25.0459 6992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:48:25.0474 6992 nvraid - ok
10:48:25.0474 6992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:48:25.0474 6992 nvstor - ok
10:48:25.0490 6992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:48:25.0490 6992 nv_agp - ok
10:48:25.0521 6992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:48:25.0521 6992 ohci1394 - ok
10:48:25.0552 6992 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:48:25.0552 6992 ose - ok
10:48:25.0568 6992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:48:25.0584 6992 p2pimsvc - ok
10:48:25.0599 6992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:48:25.0599 6992 p2psvc - ok
10:48:25.0615 6992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:48:25.0615 6992 Parport - ok
10:48:25.0646 6992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:48:25.0646 6992 partmgr - ok
10:48:25.0662 6992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:48:25.0662 6992 PcaSvc - ok
10:48:25.0677 6992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:48:25.0677 6992 pci - ok
10:48:25.0693 6992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:48:25.0693 6992 pciide - ok
10:48:25.0708 6992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:48:25.0708 6992 pcmcia - ok
10:48:25.0724 6992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:48:25.0724 6992 pcw - ok
10:48:25.0740 6992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:48:25.0740 6992 PEAUTH - ok
10:48:25.0786 6992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:48:25.0786 6992 PerfHost - ok
10:48:25.0818 6992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:48:25.0833 6992 pla - ok
10:48:25.0880 6992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:48:25.0880 6992 PlugPlay - ok
10:48:25.0896 6992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:48:25.0896 6992 PNRPAutoReg - ok
10:48:25.0896 6992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:48:25.0896 6992 PNRPsvc - ok
10:48:25.0927 6992 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
10:48:25.0927 6992 Point64 - ok
10:48:25.0942 6992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:48:25.0942 6992 PolicyAgent - ok
10:48:25.0958 6992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:48:25.0974 6992 Power - ok
10:48:25.0989 6992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:48:26.0005 6992 PptpMiniport - ok
10:48:26.0005 6992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:48:26.0005 6992 Processor - ok
10:48:26.0036 6992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:48:26.0036 6992 ProfSvc - ok
10:48:26.0052 6992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:48:26.0052 6992 ProtectedStorage - ok
10:48:26.0067 6992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:48:26.0083 6992 Psched - ok
10:48:26.0130 6992 [ 0F1F42C39AB2B16DB957A7A1756FEFFB ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:48:26.0130 6992 QBCFMonitorService - ok
10:48:26.0161 6992 [ 92AA40E2B692E8637D45FB2D01137D17 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:48:26.0176 6992 QBFCService - ok
10:48:26.0192 6992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:48:26.0223 6992 ql2300 - ok
10:48:26.0223 6992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:48:26.0239 6992 ql40xx - ok
10:48:26.0239 6992 QuickBooksDB17 - ok
10:48:26.0254 6992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:48:26.0254 6992 QWAVE - ok
10:48:26.0270 6992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:48:26.0270 6992 QWAVEdrv - ok
10:48:26.0270 6992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:48:26.0270 6992 RasAcd - ok
10:48:26.0286 6992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:48:26.0286 6992 RasAgileVpn - ok
10:48:26.0301 6992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:48:26.0301 6992 RasAuto - ok
10:48:26.0301 6992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:48:26.0301 6992 Rasl2tp - ok
10:48:26.0332 6992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:48:26.0348 6992 RasMan - ok
10:48:26.0348 6992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:48:26.0348 6992 RasPppoe - ok
10:48:26.0348 6992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:48:26.0348 6992 RasSstp - ok
10:48:26.0364 6992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:48:26.0364 6992 rdbss - ok
10:48:26.0379 6992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:48:26.0379 6992 rdpbus - ok
10:48:26.0379 6992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:48:26.0379 6992 RDPCDD - ok
10:48:26.0395 6992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:48:26.0395 6992 RDPENCDD - ok
10:48:26.0395 6992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:48:26.0395 6992 RDPREFMP - ok
10:48:26.0410 6992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:48:26.0410 6992 RDPWD - ok
10:48:26.0442 6992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:48:26.0442 6992 rdyboost - ok
10:48:26.0457 6992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:48:26.0457 6992 RemoteAccess - ok
10:48:26.0473 6992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:48:26.0473 6992 RemoteRegistry - ok
10:48:26.0504 6992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:48:26.0504 6992 RpcEptMapper - ok
10:48:26.0504 6992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:48:26.0504 6992 RpcLocator - ok
10:48:26.0535 6992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:48:26.0535 6992 RpcSs - ok
10:48:26.0535 6992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:48:26.0535 6992 rspndr - ok
10:48:26.0551 6992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:48:26.0551 6992 SamSs - ok
10:48:26.0566 6992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:48:26.0582 6992 sbp2port - ok
10:48:26.0644 6992 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:48:26.0644 6992 SBSDWSCService - ok
10:48:26.0660 6992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:48:26.0660 6992 SCardSvr - ok
10:48:26.0676 6992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:48:26.0676 6992 scfilter - ok
10:48:26.0707 6992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:48:26.0722 6992 Schedule - ok
10:48:26.0754 6992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:48:26.0754 6992 SCPolicySvc - ok
10:48:26.0785 6992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:48:26.0785 6992 SDRSVC - ok
10:48:26.0800 6992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:48:26.0800 6992 secdrv - ok
10:48:26.0800 6992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:48:26.0816 6992 seclogon - ok
10:48:26.0816 6992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:48:26.0816 6992 SENS - ok
10:48:26.0832 6992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:48:26.0832 6992 SensrSvc - ok
10:48:26.0832 6992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:48:26.0832 6992 Serenum - ok
10:48:26.0847 6992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:48:26.0847 6992 Serial - ok
10:48:26.0863 6992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:48:26.0863 6992 sermouse - ok
10:48:26.0894 6992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:48:26.0894 6992 SessionEnv - ok
10:48:26.0894 6992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:48:26.0910 6992 sffdisk - ok
10:48:26.0910 6992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:48:26.0910 6992 sffp_mmc - ok
10:48:26.0910 6992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:48:26.0910 6992 sffp_sd - ok
10:48:26.0925 6992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:48:26.0925 6992 sfloppy - ok
10:48:26.0925 6992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:48:26.0941 6992 SharedAccess - ok
10:48:26.0941 6992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:48:26.0956 6992 ShellHWDetection - ok
10:48:26.0972 6992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:48:26.0972 6992 SiSRaid2 - ok
10:48:26.0972 6992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:48:26.0972 6992 SiSRaid4 - ok
10:48:27.0019 6992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:48:27.0019 6992 SkypeUpdate - ok
10:48:27.0034 6992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:48:27.0034 6992 Smb - ok
10:48:27.0034 6992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:48:27.0050 6992 SNMPTRAP - ok
10:48:27.0128 6992 [ BA2E864CDC01731A4F144019FB3BF598 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:48:27.0159 6992 SNP2UVC - ok
10:48:27.0190 6992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:48:27.0190 6992 spldr - ok
10:48:27.0222 6992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:48:27.0237 6992 Spooler - ok
10:48:27.0284 6992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:48:27.0300 6992 sppsvc - ok
10:48:27.0315 6992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:48:27.0315 6992 sppuinotify - ok
10:48:27.0346 6992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:48:27.0346 6992 srv - ok
10:48:27.0378 6992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:48:27.0378 6992 srv2 - ok
10:48:27.0393 6992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:48:27.0393 6992 srvnet - ok
10:48:27.0409 6992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:48:27.0409 6992 SSDPSRV - ok
10:48:27.0409 6992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:48:27.0409 6992 SstpSvc - ok
10:48:27.0424 6992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:48:27.0424 6992 stexstor - ok
10:48:27.0456 6992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:48:27.0471 6992 stisvc - ok
10:48:27.0487 6992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:48:27.0487 6992 swenum - ok
10:48:27.0502 6992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:48:27.0518 6992 swprv - ok
10:48:27.0549 6992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:48:27.0580 6992 SysMain - ok
10:48:27.0596 6992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:48:27.0596 6992 TabletInputService - ok
10:48:27.0627 6992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:48:27.0627 6992 TapiSrv - ok
10:48:27.0643 6992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:48:27.0643 6992 TBS - ok
10:48:27.0690 6992 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:48:27.0705 6992 Tcpip - ok
10:48:27.0752 6992 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:48:27.0752 6992 TCPIP6 - ok
10:48:27.0783 6992 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:48:27.0783 6992 tcpipreg - ok
10:48:27.0783 6992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:48:27.0783 6992 TDPIPE - ok
10:48:27.0814 6992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:48:27.0814 6992 TDTCP - ok
10:48:27.0846 6992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:48:27.0846 6992 tdx - ok
10:48:27.0861 6992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:48:27.0861 6992 TermDD - ok
10:48:27.0892 6992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:48:27.0908 6992 TermService - ok
10:48:27.0908 6992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:48:27.0908 6992 Themes - ok
10:48:27.0924 6992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:48:27.0924 6992 THREADORDER - ok
10:48:27.0939 6992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:48:27.0939 6992 TrkWks - ok
10:48:27.0955 6992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:48:27.0955 6992 TrustedInstaller - ok
10:48:27.0986 6992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:48:27.0986 6992 tssecsrv - ok
10:48:28.0002 6992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:48:28.0002 6992 TsUsbFlt - ok
10:48:28.0048 6992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:48:28.0048 6992 tunnel - ok
10:48:28.0048 6992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:48:28.0048 6992 uagp35 - ok
10:48:28.0126 6992 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
10:48:28.0126 6992 uCamMonitor - ok
10:48:28.0142 6992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:48:28.0142 6992 udfs - ok
10:48:28.0158 6992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:48:28.0158 6992 UI0Detect - ok
10:48:28.0173 6992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:48:28.0173 6992 uliagpkx - ok
10:48:28.0204 6992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:48:28.0204 6992 umbus - ok
10:48:28.0204 6992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:48:28.0204 6992 UmPass - ok
10:48:28.0220 6992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:48:28.0220 6992 upnphost - ok
10:48:28.0251 6992 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:48:28.0251 6992 usbaudio - ok
10:48:28.0267 6992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:48:28.0267 6992 usbccgp - ok
10:48:28.0298 6992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:48:28.0298 6992 usbcir - ok
10:48:28.0314 6992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:48:28.0314 6992 usbehci - ok
10:48:28.0329 6992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:48:28.0329 6992 usbhub - ok
10:48:28.0345 6992 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:48:28.0345 6992 usbohci - ok
10:48:28.0345 6992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:48:28.0345 6992 usbprint - ok
10:48:28.0360 6992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:48:28.0360 6992 USBSTOR - ok
10:48:28.0376 6992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:48:28.0376 6992 usbuhci - ok
10:48:28.0376 6992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:48:28.0376 6992 UxSms - ok
10:48:28.0392 6992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:48:28.0392 6992 VaultSvc - ok
10:48:28.0392 6992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:48:28.0407 6992 vdrvroot - ok
10:48:28.0423 6992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:48:28.0423 6992 vds - ok
10:48:28.0438 6992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:48:28.0438 6992 vga - ok
10:48:28.0454 6992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:48:28.0454 6992 VgaSave - ok
10:48:28.0470 6992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:48:28.0470 6992 vhdmp - ok
10:48:28.0470 6992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:48:28.0470 6992 viaide - ok
10:48:28.0485 6992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:48:28.0485 6992 volmgr - ok
10:48:28.0516 6992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:48:28.0516 6992 volmgrx - ok
10:48:28.0532 6992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:48:28.0532 6992 volsnap - ok
10:48:28.0548 6992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:48:28.0548 6992 vsmraid - ok
10:48:28.0579 6992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:48:28.0610 6992 VSS - ok
10:48:28.0641 6992 [ DC067801E8E3B664F25FF7D3E501926E ] vvftav211 C:\Windows\system32\drivers\vvftav211.sys
10:48:28.0672 6992 vvftav211 - ok
10:48:28.0688 6992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:48:28.0688 6992 vwifibus - ok
10:48:28.0688 6992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:48:28.0704 6992 vwififlt - ok
10:48:28.0719 6992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:48:28.0719 6992 vwifimp - ok
10:48:28.0735 6992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:48:28.0735 6992 W32Time - ok
10:48:28.0735 6992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:48:28.0735 6992 WacomPen - ok
10:48:28.0750 6992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0750 6992 WANARP - ok
10:48:28.0750 6992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0750 6992 Wanarpv6 - ok
10:48:28.0813 6992 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:48:28.0813 6992 WatAdminSvc - ok
10:48:28.0844 6992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:48:28.0875 6992 wbengine - ok
10:48:28.0891 6992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:48:28.0891 6992 WbioSrvc - ok
10:48:28.0891 6992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:48:28.0906 6992 wcncsvc - ok
10:48:28.0906 6992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:48:28.0906 6992 WcsPlugInService - ok
10:48:28.0922 6992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:48:28.0922 6992 Wd - ok
10:48:28.0938 6992 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:48:28.0938 6992 Wdf01000 - ok
10:48:28.0953 6992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:48:28.0953 6992 WdiServiceHost - ok
10:48:28.0953 6992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:48:28.0953 6992 WdiSystemHost - ok
10:48:28.0969 6992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:48:28.0969 6992 WebClient - ok
10:48:28.0969 6992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:48:28.0984 6992 Wecsvc - ok
10:48:28.0984 6992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:48:28.0984 6992 wercplsupport - ok
10:48:29.0000 6992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:48:29.0016 6992 WerSvc - ok
10:48:29.0016 6992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:48:29.0016 6992 WfpLwf - ok
10:48:29.0031 6992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:48:29.0031 6992 WIMMount - ok
10:48:29.0047 6992 WinDefend - ok
10:48:29.0047 6992 WinHttpAutoProxySvc - ok
10:48:29.0078 6992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:48:29.0078 6992 Winmgmt - ok
10:48:29.0109 6992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:48:29.0125 6992 WinRM - ok
10:48:29.0156 6992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:48:29.0172 6992 Wlansvc - ok
10:48:29.0203 6992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:48:29.0203 6992 wlcrasvc - ok
10:48:29.0296 6992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:48:29.0328 6992 wlidsvc - ok
10:48:29.0374 6992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:48:29.0374 6992 WmiAcpi - ok
10:48:29.0374 6992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:48:29.0390 6992 wmiApSrv - ok
10:48:29.0390 6992 WMPNetworkSvc - ok
10:48:29.0390 6992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:48:29.0390 6992 WPCSvc - ok
10:48:29.0406 6992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:48:29.0406 6992 WPDBusEnum - ok
10:48:29.0406 6992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:48:29.0406 6992 ws2ifsl - ok
10:48:29.0421 6992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:48:29.0421 6992 wscsvc - ok
10:48:29.0421 6992 WSearch - ok
10:48:29.0468 6992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:48:29.0499 6992 wuauserv - ok
10:48:29.0515 6992 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:48:29.0515 6992 WudfPf - ok
10:48:29.0546 6992 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:48:29.0546 6992 WUDFRd - ok
10:48:29.0577 6992 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:48:29.0577 6992 wudfsvc - ok
10:48:29.0577 6992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:48:29.0593 6992 WwanSvc - ok
10:48:29.0624 6992 [ 147BDC27EA865754CBB7F2BD11DB2E00 ] ZSMC30x C:\Windows\system32\Drivers\ZS211.sys
10:48:29.0655 6992 ZSMC30x - ok
10:48:29.0718 6992 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
10:48:29.0718 6992 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
10:48:29.0718 6992 ================ Scan global ===============================
10:48:29.0733 6992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:48:29.0764 6992 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:48:29.0764 6992 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:48:29.0780 6992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:48:29.0796 6992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:48:29.0796 6992 [Global] - ok
10:48:29.0796 6992 ================ Scan MBR ==================================
10:48:29.0811 6992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:48:30.0045 6992 \Device\Harddisk0\DR0 - ok
10:48:30.0045 6992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:48:30.0981 6992 \Device\Harddisk1\DR1 - ok
10:48:30.0981 6992 ================ Scan VBR ==================================
10:48:30.0997 6992 [ DC140545327231BA3B802039C3586056 ] \Device\Harddisk0\DR0\Partition1
10:48:30.0997 6992 \Device\Harddisk0\DR0\Partition1 - ok
10:48:30.0997 6992 [ 6E585D3A32242ED4845D7EE959C64EC6 ] \Device\Harddisk0\DR0\Partition2
10:48:30.0997 6992 \Device\Harddisk0\DR0\Partition2 - ok
10:48:31.0028 6992 [ F916F820FB25220A8B47DA0A5C05CA59 ] \Device\Harddisk1\DR1\Partition1
10:48:31.0028 6992 \Device\Harddisk1\DR1\Partition1 - ok
10:48:31.0044 6992 [ 0FD4E7EA06F2FE6CC9DDDA26FB30B9BB ] \Device\Harddisk1\DR1\Partition2
10:48:31.0044 6992 \Device\Harddisk1\DR1\Partition2 - ok
10:48:31.0075 6992 [ 05660AB62AFE6D8F4B52F8897D15CC2F ] \Device\Harddisk1\DR1\Partition3
10:48:31.0075 6992 \Device\Harddisk1\DR1\Partition3 - ok
10:48:31.0075 6992 ============================================================
10:48:31.0075 6992 Scan finished
10:48:31.0075 6992 ============================================================
10:48:31.0090 25760 Detected object count: 0
10:48:31.0090 25760 Actual detected object count: 0

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 08 November 2012 - 02:36 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#4 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 09 November 2012 - 10:12 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-09 18:45:11
-----------------------------
18:45:11.478 OS Version: Windows x64 6.1.7601 Service Pack 1
18:45:11.478 Number of processors: 12 586 0x2C02
18:45:11.478 ComputerName: RICHARDLOPEZ-PC UserName: Richard Lopez
18:45:14.582 Initialize success
19:08:44.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:44.612 Disk 0 Vendor: ST32000641AS CC13 Size: 1907729MB BusType: 3
19:08:44.612 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
19:08:44.628 Disk 1 Vendor: Hitachi_HDP725025GLA380 GM2OA57A Size: 238475MB BusType: 3
19:08:44.628 Disk 0 MBR read successfully
19:08:44.628 Disk 0 MBR scan
19:08:44.644 Disk 0 Windows 7 default MBR code
19:08:44.644 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:08:44.659 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
19:08:44.675 Disk 0 scanning C:\Windows\system32\drivers
19:08:51.008 Service scanning
19:09:01.398 Modules scanning
19:09:01.398 Disk 0 trace - called modules:
19:09:01.414 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:09:01.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800de1d790]
19:09:01.429 3 CLASSPNP.SYS[fffff880013ae43f] -> nt!IofCallDriver -> [0xfffffa800cd32e40]
19:09:01.429 5 ACPI.sys[fffff88000ecc7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800dbe4060]
19:09:01.445 Scan finished successfully
19:09:35.063 Disk 0 MBR has been saved successfully to "C:\Users\Richard Lopez\Documents\MBR.dat"
19:09:35.094 The log file has been saved successfully to "C:\Users\Richard Lopez\Documents\aswMBR.txt"

#5 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 09 November 2012 - 10:14 PM

C:\C\Users\Richard Lopez\Desktop\BitZipperH2010.v12473332.TrialSetupEn.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\4zEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\4zEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud28.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud44.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud54.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Richard Lopez\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\493cfab3-44baa1f4 Java/Exploit.CVE-2012-4681.P trojan deleted - quarantined
F:\Users\Richard Lopez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRGKQ0L7\SoftonicDownloader_for_avipreview[1].exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
F:\Users\Richard Lopez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZX0BATW4\6701-anyone-do-all-day-ball-stretching[1].html HTML/ScrInject.B.Gen virus deleted - quarantined
F:\Users\Richard Lopez\Desktop\BitZipperH2010.v12473332.TrialSetupEn.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 09 November 2012 - 10:45 PM

Malwarebytes log?

#7 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 10 November 2012 - 01:36 PM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Richard Lopez :: RICHARDLOPEZ-PC [administrator]

Protection: Enabled

11/9/2012 7:12:17 PM
mbam-log-2012-11-09 (19-12-17).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1030197
Time elapsed: 2 hour(s), 52 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 10 November 2012 - 01:43 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#9 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2012 - 07:03 PM

MiniToolBox by Farbar Version: 07-11-2012
Ran by Richard Lopez (administrator) on 13-11-2012 at 16:02:33
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#10 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2012 - 07:10 PM

Farbar Service Scanner Version: 09-11-2012
Ran by Richard Lopez (administrator) on 13-11-2012 at 16:09:17
Running from "C:\Users\Richard Lopez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L12WAQ83"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2012 - 07:15 PM

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 16:11:29
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Richard Lopez - RICHARDLOPEZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Richard Lopez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7Q1ZKAD\2-adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\VisualBee_New
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Richard Lopez\AppData\Local\Conduit
Folder Deleted : C:\Users\Richard Lopez\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Richard Lopez\AppData\Local\vghd
Folder Deleted : C:\Users\Richard Lopez\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Richard Lopez\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Richard Lopez\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Richard Lopez\AppData\LocalLow\VisualBee_New
Folder Deleted : C:\Users\Richard Lopez\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2231EB1-EF1A-4961-B96D-2D7E2D1A9424}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2929250
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247429
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2231EB1-EF1A-4961-B96D-2D7E2D1A9424}
Key Deleted : HKLM\Software\VisualBee_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2231EB1-EF1A-4961-B96D-2D7E2D1A9424}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1F558AE-DF57-4ED7-8334-8DD266AFF7BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EBD40894-682F-4693-ADBD-4C38F57FEE7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_New Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E8600F42-11E6-43BC-9BE1-CCA4FE85D358}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [5530 octets] - [13/11/2012 16:11:29]

########## EOF - C:\AdwCleaner[S1].txt - [5590 octets] ##########

#12 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2012 - 07:22 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.8 (11.13.2012)
OS: Windows 7 Home Premium x64
Ran by Richard Lopez on Tue 11/13/2012 at 16:18:17.07
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Richard Lopez\appdata\local\visi_coupon"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/13/2012 at 16:20:47.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 lopezri

lopezri
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 November 2012 - 07:25 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2012 04:24:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Program Files (x86)\HP\Button Manager\BM.exe (PID: 4332) [Mal-GEN]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Richard Lopez\Desktop\rkill\rkill-11-13-2012-04-24-47.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/13/2012 04:24:55 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 AM

Posted 13 November 2012 - 09:03 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users