Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible file-affecting virus, blue screens


  • This topic is locked This topic is locked
38 replies to this topic

#1 ss624

ss624

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 11 November 2012 - 01:42 PM

Hi,
Hoping you can help me clean up my home computer. It has had various issues for several weeks, like redirecting browser pages, blue-screening when I attempt to open MS files from an email, and now I am seeing icons change and files not being recognized when I try to open them. For example, some of the jpg picture files in a directory will have a different icon and when I try to open them I get "invalid image" or a message indicating the the file may be damaged or corrupted.

When I try to uninstall Google Chrome, the computer will blue-screen every time.

I recently tried emailing a word file to my work email account, but the file wouldn't go through -- it didn't meet my company's zip file criteria.

When I try to open certain MS files, I get a message "The file you are trying to open, 'filename', is in a different format than specified by the file extension. Verify that the file is not corrupted and is from a trusted source before opening the file. Do you want to open the file now? [Yes, No, Help]"
Also, many files show the same, recent date modified.

Prior to finding your site, I tried running Malwarebytes a couple times, it found things to quarantine both times, but am still having some of the issues. My son has downloaded files without me around to double check the sites. Live and learn. We have an external hard drive that we didn't get hooked up after replacing our CPU months ago, so some of the files are recoverable, but am interested in fixing the issue. Please help!

S

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 13 November 2012 - 02:24 AM

Hello, ss624
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Please post the logfile from malwarebytes, you will find it under the Log-tab when you open the program. Also please do this:



  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 19 November 2012 - 01:11 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 24 November 2012 - 04:20 AM

This topic has been re-opened at the request of the person who originally posted.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 ss624

ss624
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 November 2012 - 02:03 PM

Hi,
Here are the file contents.
Logfile from Malwarebytes from 11/23/2012:
2012/11/23 10:48:42 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 10:48:42 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 10:50:53 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 10:50:53 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 10:57:06 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 10:57:07 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 10:58:35 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 10:59:04 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 10:59:33 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 10:59:34 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:03:25 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:03:26 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:06:15 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:06:15 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:07:46 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:08:46 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:08:47 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:09:24 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:16:04 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:16:04 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:16:57 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:17:46 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:27:35 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:27:36 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:28:53 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:32:29 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:32:29 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:33:46 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:33:59 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:35:00 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:35:00 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:39:11 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:39:12 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:39:55 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:40:30 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:40:30 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:50:16 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:51:46 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:51:46 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 11:51:54 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:51:55 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:56:17 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 11:56:45 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:03:18 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:03:26 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:03:28 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:04:26 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:04:26 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:17:40 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:18:12 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:18:13 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:18:46 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:18:47 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:28:22 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:28:22 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:28:22 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:30:57 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:30:57 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:38:54 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:40:16 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:40:17 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 12:40:35 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:40:35 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:49:14 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:49:15 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 12:59:54 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:01:09 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:01:11 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:01:24 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:01:24 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:11:04 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:11:05 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:16:36 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:16:37 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:16:37 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:19:38 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:19:39 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:21:01 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:22:35 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:22:36 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 13:37:10 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:53:17 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 13:53:17 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:09:26 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:23:36 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:25:59 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 14:26:00 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n Trojan.0Access ALLOW
2012/11/23 14:29:50 -0600 DELL-PC Mom DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:29:51 -0600 DELL-PC Mom DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:31:54 -0600 DELL-PC Mom DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 14:43:23 -0600 DELL-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/11/23 14:44:18 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n Trojan.0Access ALLOW
2012/11/23 14:44:19 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 14:44:20 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:45:44 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 14:45:44 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 14:45:59 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 14:59:09 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:06:25 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:07:11 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:07:12 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:07:37 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:07:38 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:16:39 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:20:43 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:20:43 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:20:47 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:30:07 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:30:08 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:34:21 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:35:18 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:35:18 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:46:17 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:50:21 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:50:21 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:52:26 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:52:27 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 15:52:43 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 15:52:43 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:01:50 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:02:17 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:07:35 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:07:42 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:07:42 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:14:33 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:14:33 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:18:06 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:18:06 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:29:09 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:29:09 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:34:13 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:34:13 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:38:13 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:38:15 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 16:39:19 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:39:20 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 16:54:23 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 17:00:52 -0600 DELL-PC Kristian DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/11/23 17:00:52 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n Trojan.0Access ALLOW
2012/11/23 18:43:35 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 18:43:36 -0600 DELL-PC Kristian DETECTION C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@ Trojan.0Access ALLOW
2012/11/23 18:53:09 -0600 DELL-PC Mom MESSAGE Protection stopped

files from OTL:

OTL logfile created on: 11/23/2012 7:30:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 63.05% Memory free
15.83 Gb Paging File | 12.20 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 675.81 Gb Free Space | 73.73% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 19:30:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/07/11 09:50:32 | 001,810,016 | ---- | M] (We-Care.com) -- C:\ProgramData\WeCareReminder\ReminderHelper.exe
PRC - [2012/02/24 02:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 20:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/06 17:23:20 | 003,110,184 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
PRC - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 10:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/07 17:14:02 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
PRC - [2011/05/30 10:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 09:37:19 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/13 08:58:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 08:58:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 08:58:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 08:58:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 08:58:11 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/09 02:39:10 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/09 02:39:06 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/09 02:37:13 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/09 02:37:12 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 02:37:10 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/09 02:37:09 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/09 02:36:30 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/09 02:34:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 02:33:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 02:33:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll
MOD - [2012/05/09 02:33:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 02:33:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 02:33:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/05/30 10:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/05/30 10:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2011/05/30 10:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Services (SafeList) ==========

SRV:64bit: - [2011/01/21 12:37:44 | 000,179,008 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2011/01/21 12:37:40 | 000,119,104 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2011/01/21 12:37:32 | 000,121,152 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/11/09 00:38:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 22:16:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/24 21:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 16:36:54 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/10 16:36:54 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 16:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 17:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/21 12:45:28 | 000,173,376 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2011/01/21 12:45:26 | 001,465,664 | R--- | M] (Authentium, Inc) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/09 10:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
IE:64bit: - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm256YYUS&ptb=m57D3.dHlYhw2qms0BDTMQ&ind=2011071623&ptnrS=ZLxdm256YYUS&si=1579cid3&n=77de8487&psa=&st=sb&searchfor={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
IE - HKLM\..\SearchScopes\{4C967C34-494F-A273-F943-197462EBEB45}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = C7 40 87 05 E9 E4 21 46 B0 0D 7F F8 49 CF B2 5C [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10E158C6-DA5B-4A10-A083-9608AC2AA795}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120418,17118,0,18,0
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
IE - HKCU\..\SearchScopes\{4C967C34-494F-A273-F943-197462EBEB45}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=VIATDF
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm256YYUS&ptb=m57D3.dHlYhw2qms0BDTMQ&ind=2011071623&ptnrS=ZLxdm256YYUS&si=1579cid3&n=77de8487&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPIA_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={131891F9-0AFA-4121-8C35-485A3BFBB7DD}&mid=295cd4bd64a347d18748d15a95b77d1e-f0b9723cf3086398fec605bfd2e3f11284cfcf6a&lang=en&ds=ins10&pr=&d=2011-12-29 22:45:01&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NSS&chn=retail&geo=US&ver=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: SpeedDial = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: Google Search = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\iavlsp64.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{174BF5CD-9E9E-4C16-BCCB-831207D21C61}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8351f958-5a7e-11e1-a733-d4bed9c31e59}\Shell - "" = AutoRun
O33 - MountPoints2\{8351f958-5a7e-11e1-a733-d4bed9c31e59}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 19:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/11/21 20:53:55 | 000,000,000 | ---D | C] -- C:\Eclipse Minecraft
[2012/11/18 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\fontconfig
[2012/11/18 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\gegl-0.2
[2012/11/18 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\.gimp-2.8
[2012/11/18 14:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/11/18 14:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP 2
[2012/11/18 14:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Xyyp
[2012/11/11 13:33:49 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2012/11/09 19:10:37 | 000,000,000 | ---D | C] -- C:\Minecraft Modding
[2012/11/09 00:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/11/08 21:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/08 21:32:56 | 000,000,000 | -HSD | C] -- C:\found.001

========== Files - Modified Within 30 Days ==========

[2012/11/23 19:30:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/11/23 18:52:44 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 18:50:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-241259444-1052327761-1586698134-1003UA.job
[2012/11/23 18:50:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-241259444-1052327761-1586698134-1003Core.job
[2012/11/23 18:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 18:42:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 18:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 14:34:44 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/23 10:55:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 10:55:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 10:53:00 | 000,783,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 10:53:00 | 000,663,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 10:53:00 | 000,122,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/23 10:47:45 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/11/23 10:47:36 | 2078,769,151 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/17 18:51:11 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2012/11/11 12:07:41 | 341,261,887 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/09 09:33:46 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/08 21:50:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/29 20:48:46 | 000,546,982 | ---- | M] () -- C:\Users\Mom\Desktop\BettyNarvEddie_spouses.jpg
[2012/10/29 20:41:08 | 000,062,866 | ---- | M] () -- C:\Users\Mom\Documents\book_club_0809_2.com.rtf
[2012/10/29 20:41:06 | 000,011,002 | ---- | M] () -- C:\Users\Mom\Desktop\Zombatar_1.jpg
[2012/10/29 20:41:06 | 000,010,941 | ---- | M] () -- C:\Users\Mom\Desktop\Zombatar_2.jpg
[2012/10/29 20:41:05 | 073,894,886 | ---- | M] () -- C:\Users\Mom\Desktop\kitsolocut.wmv
[2012/10/29 20:41:05 | 000,423,936 | ---- | M] () -- C:\Users\Mom\Desktop\lfxO3.jpg
[2012/10/29 20:41:05 | 000,101,213 | ---- | M] () -- C:\Users\Mom\Desktop\ski2012.jpg
[2012/10/29 20:41:05 | 000,051,884 | ---- | M] () -- C:\Users\Mom\Desktop\FHmg3.jpg
[2012/10/29 20:41:05 | 000,016,047 | -HS- | M] () -- C:\Users\Mom\Desktop\Folder.jpg
[2012/10/29 20:41:05 | 000,006,831 | ---- | M] () -- C:\Users\Mom\Desktop\skijammers2012.jpg
[2012/10/29 20:41:05 | 000,003,306 | -HS- | M] () -- C:\Users\Mom\Desktop\AlbumArtSmall.jpg
[2012/10/29 20:41:05 | 000,003,306 | -HS- | M] () -- C:\Users\Mom\Desktop\AlbumArt_{F3138457-05CC-412F-918D-D5DB575A8B2E}_Small.jpg

========== Files Created - No Company Name ==========

[2012/11/17 18:51:11 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2012/11/08 21:50:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 17:28:08 | 000,546,982 | ---- | C] () -- C:\Users\Mom\Desktop\BettyNarvEddie_spouses.jpg
[2012/09/18 17:47:23 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2012/09/18 17:46:50 | 000,384,844 | ---- | C] () -- C:\Users\Mom\AppData\Local\funmoods-speeddial.crx
[2012/09/14 21:58:08 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2012/08/07 12:49:20 | 004,608,000 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/06/02 20:06:30 | 000,000,042 | ---- | C] () -- C:\Users\Mom\stuff.vbs
[2012/04/29 17:22:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/25 15:37:48 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/22 22:09:20 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/02/10 16:15:42 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/10 16:15:40 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/10 16:15:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 10:10:51 | 000,796,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2011/11/17 00:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\@
[2012/10/15 19:50:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\L
[2012/11/09 00:34:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U
[2012/10/16 18:37:03 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\L\00000004.@
[2012/10/04 17:02:38 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\00000004.@
[2012/10/16 18:37:01 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\80000032.@
[2012/10/16 18:37:03 | 000,073,216 | ---- | M] () -- C:\Windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\80000064.@
[2012/11/20 16:36:11 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\@
[2012/11/20 16:36:11 | 000,026,112 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n
[2012/10/17 17:07:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\L
[2012/11/21 15:50:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U
[2012/11/08 21:35:16 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\L\00000004.@
[2012/11/21 15:50:05 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\00000001.@
[2012/11/21 15:50:05 | 000,014,848 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\80000000.@
[2012/11/21 15:50:05 | 000,025,088 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\U\800000cb.@
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/11/08 21:35:16 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/11/08 21:35:16 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n -- [2012/11/20 16:36:11 | 000,026,112 | -HS- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/11 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\.minecraft
[2012/03/31 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012/02/25 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Blio
[2012/05/20 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2012/02/18 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Fingertapps
[2012/03/02 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iolo
[2012/03/30 18:58:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Oberon Media
[2012/11/22 22:55:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SoftGrid Client
[2012/11/09 20:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Synthesia
[2012/02/23 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\TP
[2012/04/11 19:07:03 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\wargaming.net
[2012/11/04 12:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2012/11/18 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Xyyp

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E92B63EF

< End of report >


OTL Extras logfile created on: 11/23/2012 7:30:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 63.05% Memory free
15.83 Gb Paging File | 12.20 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 675.81 Gb Free Space | 73.73% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F29D5E7-8C01-4695-8A38-9F94BC3EAD40}" = TurboTax 2011 wmniper
"{63661EBF-B4DC-4993-AF40-9F81178A3404}" = TurboTax 2011 wndiper
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119584190}" = Bejeweled 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{882362E0-C71A-411B-B16F-46D1B66E1890}_is1" = iolo technologies' System Shield
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = ASPCA Reminder by We-Care.com v4.1.18.1
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"Civilization V" = Sid Meier's Civilization V
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Google Chrome" = Google Chrome
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Speed Dial Utility" = Canon Speed Dial Utility
"Steam App 24860" = Battlefield 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Synthesia" = Synthesia (remove only)
"TurboTax 2011" = TurboTax 2011
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"WTA-0f721f18-26d3-40ef-b594-5ae0a3428f31" = SpongeBob SquarePants Krabby Quest
"WTA-1e5b8b96-007c-49b7-84e4-399f63288256" = SpongeBob Obstacle Odyssey 2
"WTA-842a8f41-fad0-41a4-8434-ccdbfe7fc881" = SpongeBob SquarePants 3D Obstacle Odyssey
"WTA-85c856e9-0ac2-4651-9218-4b09b5a896b7" = SpongeBob Typing
"WTA-ee32d554-c7fa-4e3a-9d88-21d04aa53262" = SpongeBob Diner Dash 2
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2012 10:45:40 AM | Computer Name = Dell-pc | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


Error - 11/9/2012 11:09:15 AM | Computer Name = Dell-pc | Source = WinMgmt | ID = 10
Description =

Error - 11/9/2012 11:18:10 AM | Computer Name = Dell-pc | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


Error - 11/9/2012 11:36:05 AM | Computer Name = Dell-pc | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time
stamp: 0x50372c8a Exception code: 0xc0000005 Fault offset: 0x001d9ad6 Faulting process
id: 0xb7c Faulting application start time: 0x01cdbe8c203c14b0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 2c1c0f39-2a83-11e2-bc88-d4bed9c31e59

Error - 11/9/2012 11:41:41 AM | Computer Name = Dell-pc | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: Flash32_11_5_502_110.ocx, version: 11.5.502.110,
time stamp: 0x508de0c5 Exception code: 0xc0000005 Fault offset: 0x004a82f9 Faulting
process id: 0x1ee4 Faulting application start time: 0x01cdbe90031bd919 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_110.ocx
Report
Id: f490279d-2a83-11e2-bc88-d4bed9c31e59

Error - 11/9/2012 12:08:21 PM | Computer Name = Dell-pc | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time
stamp: 0x50372c8a Exception code: 0xc0000005 Fault offset: 0x001d9ad6 Faulting process
id: 0x71c Faulting application start time: 0x01cdbe90d4517864 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: ae38804c-2a87-11e2-bc88-d4bed9c31e59

Error - 11/9/2012 12:59:19 PM | Computer Name = Dell-pc | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time
stamp: 0x50372c8a Exception code: 0xc0000005 Fault offset: 0x001d9ad6 Faulting process
id: 0x884 Faulting application start time: 0x01cdbe9527821f43 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: ccd394e6-2a8e-11e2-bc88-d4bed9c31e59

Error - 11/9/2012 1:53:53 PM | Computer Name = Dell-pc | Source = .NET Runtime | ID = 1023
Description =

Error - 11/9/2012 1:53:55 PM | Computer Name = Dell-pc | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: coreclr.dll, version: 4.1.10329.0, time
stamp: 0x4f740d41 Exception code: 0xc0000005 Fault offset: 0x0001e26a Faulting process
id: 0x126c Faulting application start time: 0x01cdbe9ba497849d Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: c:\Program Files
(x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll Report Id: 6d421786-2a96-11e2-bc88-d4bed9c31e59

Error - 11/9/2012 2:12:50 PM | Computer Name = Dell-pc | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 10/5/2012 11:01:58 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/5/2012 11:01:58 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 10/5/2012 11:03:59 PM | Computer Name = Dell-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:02:35 PM on ?10/?5/?2012 was unexpected.

Error - 10/5/2012 11:04:00 PM | Computer Name = DELL-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/5/2012 11:04:03 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7000
Description = The Active Malware Protection Support Driver service failed to start
due to the following error: %%2

Error - 10/5/2012 11:04:03 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 10/5/2012 11:04:03 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7003
Description = The iolo System Service service depends the following service: BITS.
This service might not be installed.

Error - 10/5/2012 11:04:03 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/5/2012 11:04:04 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 10/5/2012 11:04:06 PM | Computer Name = Dell-pc | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >


After installing and running the scan on aswMBR, the computer bluescreened during the scan. I then reran it; file contents are shown here:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-23 19:58:21
-----------------------------
19:58:21.002 OS Version: Windows x64 6.1.7601 Service Pack 1
19:58:21.002 Number of processors: 4 586 0x2A07
19:58:21.002 ComputerName: DELL-PC UserName: Mom
19:58:23.857 Initialize success
19:59:02.599 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-23 20:00:27
-----------------------------
20:00:27.669 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:27.669 Number of processors: 4 586 0x2A07
20:00:27.670 ComputerName: DELL-PC UserName: Mom
20:01:14.195 Initialze error C000010E - driver not loaded
20:01:14.205 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
20:02:19.569 AVAST engine defs: 12112302
20:02:49.994 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

Let me know if I forgot anything or if you would rather have the actual files attached.

ss

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 01 December 2012 - 01:39 PM

Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 ss624

ss624
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 02 December 2012 - 10:46 AM

Here is the combofix text file:

ComboFix 12-12-01.02 - Mom 12/02/2012 9:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.6488 [GMT -6:00]
Running from: c:\users\Mom\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\@
c:\$recycle.bin\S-1-5-18\$bacd7749a4494b33b7e661d3df88444f\n
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\programdata\wxDfast
c:\programdata\wxDfast\bhoclass.dll
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\data\content.js
c:\programdata\wxDfast\data\jsondb.js
c:\programdata\wxDfast\settings.ini
c:\users\dad\WINDOWS
c:\users\Kristian\WINDOWS
c:\users\Kristian\WINDOWS\windows movie macker.msi
c:\users\MJN\WINDOWS
c:\users\Mom\WINDOWS
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\@
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\L\00000004.@
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\L\201d3dde
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\00000004.@
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\80000032.@
c:\windows\Installer\{bacd7749-a449-4b33-b7e6-61d3df88444f}\U\80000064.@
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 15:18 . 2012-12-02 15:18 -------- d-----w- c:\users\MJN\AppData\Local\temp
2012-12-02 15:18 . 2012-12-02 15:18 -------- d-----w- c:\users\Kristian\AppData\Local\temp
2012-12-02 15:18 . 2012-12-02 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 15:18 . 2012-12-02 15:18 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-11-30 23:17 . 2012-11-30 23:17 -------- d-sh--w- c:\users\MJN\PrivacIE
2012-11-30 23:17 . 2012-11-30 23:17 -------- d-----w- c:\users\MJN\AppData\Roaming\Apple Computer
2012-11-23 16:53 . 2012-11-23 16:53 -------- d-----w- c:\users\Kristian\AppData\Roaming\Notepad++
2012-11-22 02:53 . 2012-11-22 02:55 -------- d-----w- C:\Eclipse Minecraft
2012-11-18 21:08 . 2012-11-18 21:08 -------- d-----w- c:\users\Kristian\AppData\Local\webkit
2012-11-18 20:47 . 2012-11-18 20:47 -------- d-----w- c:\users\Kristian\.thumbnails
2012-11-18 20:21 . 2012-11-18 20:21 -------- d-----w- c:\users\Kristian\AppData\Local\fontconfig
2012-11-18 20:21 . 2012-11-22 00:49 -------- d-----w- c:\users\Kristian\.gimp-2.8
2012-11-18 20:21 . 2012-11-18 20:21 -------- d-----w- c:\users\Kristian\AppData\Local\gegl-0.2
2012-11-18 20:17 . 2012-11-18 20:17 -------- d-----w- c:\users\Mom\AppData\Local\fontconfig
2012-11-18 20:17 . 2012-11-18 20:19 -------- d-----w- c:\users\Mom\.gimp-2.8
2012-11-18 20:17 . 2012-11-18 20:17 -------- d-----w- c:\users\Mom\AppData\Local\gegl-0.2
2012-11-18 20:17 . 2012-11-23 01:30 -------- d-----w- c:\program files\GIMP 2
2012-11-18 20:12 . 2012-11-23 01:30 -------- d-----w- c:\program files (x86)\GIMP 2
2012-11-18 20:09 . 2012-11-18 20:10 -------- d-----w- c:\users\Mom\AppData\Roaming\Xyyp
2012-11-18 18:01 . 2012-11-18 18:01 -------- d-----w- c:\users\Kristian\AppData\Roaming\Veir
2012-11-17 23:06 . 2012-11-17 23:06 -------- d-----w- c:\users\Kristian\AppData\Roaming\dclogs
2012-11-11 19:33 . 2012-11-11 19:34 -------- d-----w- c:\users\Mom\AppData\Roaming\.minecraft
2012-11-10 01:10 . 2012-11-10 01:11 -------- d-----w- C:\Minecraft Modding
2012-11-09 03:32 . 2012-11-09 03:32 -------- d-----w- C:\found.001
2012-11-05 01:34 . 2012-11-05 01:34 -------- d-----w- c:\users\dad\AppData\Local\My Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 07:01 . 2012-12-02 15:31 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DD6A30D-AF4E-4627-8329-EA6745A056CF}\mpengine.dll
2012-11-09 06:38 . 2012-04-11 03:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 06:38 . 2012-02-10 20:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 02:48 . 2012-04-14 02:48 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-30 01:54 . 2012-10-07 17:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 08:02 . 2012-02-23 03:59 64462936 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-05-11 21:59 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2009-07-14 646144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1255736]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-06 722616]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:38]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 22:49]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 22:49]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-241259444-1052327761-1586698134-1003Core.job
- c:\users\dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 05:10]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-241259444-1052327761-1586698134-1003UA.job
- c:\users\dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 05:10]
.
2012-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-12-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0CtAtC0EyDzyyEtB0AzztN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1088973111
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=22c05ab5-4a4a-47a4-860f-4f34470c83d2&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll
Toolbar-Locked - (no file)
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\progra~2\Funmoods\1.5.23.22\escorTlbr.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,38,12,82,71,d1,
a0,ac,a3,a0,0f,d9,e4,d6,18,c2,ac,da,e7
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,
71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fe,54,28,76,73,96,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\programdata\WeCareReminder\ReminderHelper.exe
.
**************************************************************************
.
Completion time: 2012-12-02 09:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-02 15:41
.
Pre-Run: 730,093,776,896 bytes free
Post-Run: 737,550,958,592 bytes free
.
- - End Of File - - C66BBF301C13111E4382D66B70749A86

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 03 December 2012 - 02:20 AM

Hi,

How is it running now?

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 ss624

ss624
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 04 December 2012 - 11:04 PM

Seems to be running fine, but I haven't used it much lately.
When I rshut down after the last session using combofix, there were a number of updates that were installing, then the next time I booted up I got a window saying the computer was applying update operations. Apparently MS Windows Malicious SW Removal tool? and it detected "Trojan: DOS/Alureon.A"

There is also an annoying "funmoods toolbar" add-on that keeps wanting me to enable it.

Anyway, thanks for all your help here.
The contents of the TDSSKiller log:

1:54:28.0454 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:54:28.0804 3968 ============================================================
21:54:28.0804 3968 Current date / time: 2012/12/04 21:54:28.0804
21:54:28.0804 3968 SystemInfo:
21:54:28.0804 3968
21:54:28.0804 3968 OS Version: 6.1.7601 ServicePack: 1.0
21:54:28.0804 3968 Product type: Workstation
21:54:28.0804 3968 ComputerName: DELL-PC
21:54:28.0804 3968 UserName: Mom
21:54:28.0804 3968 Windows directory: C:\Windows
21:54:28.0804 3968 System windows directory: C:\Windows
21:54:28.0804 3968 Running under WOW64
21:54:28.0804 3968 Processor architecture: Intel x64
21:54:28.0804 3968 Number of processors: 4
21:54:28.0804 3968 Page size: 0x1000
21:54:28.0804 3968 Boot type: Normal boot
21:54:28.0804 3968 ============================================================
21:54:35.0569 3968 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:54:35.0585 3968 ============================================================
21:54:35.0585 3968 \Device\Harddisk0\DR0:
21:54:35.0595 3968 MBR partitions:
21:54:35.0595 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
21:54:35.0595 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
21:54:35.0595 3968 ============================================================
21:54:35.0983 3968 C: <-> \Device\Harddisk0\DR0\Partition2
21:54:35.0983 3968 ============================================================
21:54:35.0983 3968 Initialize success
21:54:35.0983 3968 ============================================================
21:54:57.0558 6776 ============================================================
21:54:57.0558 6776 Scan started
21:54:57.0558 6776 Mode: Manual;
21:54:57.0558 6776 ============================================================
21:55:12.0114 6776 ================ Scan system memory ========================
21:55:12.0114 6776 System memory - ok
21:55:12.0114 6776 ================ Scan services =============================
21:55:13.0376 6776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:55:13.0409 6776 1394ohci - ok
21:55:13.0459 6776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:55:13.0469 6776 ACPI - ok
21:55:13.0546 6776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:55:13.0548 6776 AcpiPmi - ok
21:55:13.0944 6776 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:14.0450 6776 AdobeFlashPlayerUpdateSvc - ok
21:55:15.0656 6776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:55:15.0671 6776 adp94xx - ok
21:55:15.0694 6776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:55:15.0698 6776 adpahci - ok
21:55:15.0711 6776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:55:15.0713 6776 adpu320 - ok
21:55:15.0743 6776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:55:15.0745 6776 AeLookupSvc - ok
21:55:15.0801 6776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:55:15.0805 6776 AFD - ok
21:55:15.0841 6776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:55:15.0843 6776 agp440 - ok
21:55:15.0914 6776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:55:15.0947 6776 ALG - ok
21:55:15.0980 6776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:55:15.0981 6776 aliide - ok
21:55:15.0993 6776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:55:15.0995 6776 amdide - ok
21:55:16.0002 6776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:55:16.0078 6776 AmdK8 - ok
21:55:16.0101 6776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:55:16.0103 6776 AmdPPM - ok
21:55:16.0523 6776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:55:16.0773 6776 amdsata - ok
21:55:16.0866 6776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:55:16.0882 6776 amdsbs - ok
21:55:16.0899 6776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:55:16.0900 6776 amdxata - ok
21:55:16.0955 6776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:55:16.0967 6776 AppID - ok
21:55:16.0984 6776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:55:16.0989 6776 AppIDSvc - ok
21:55:17.0038 6776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:55:17.0040 6776 Appinfo - ok
21:55:17.0179 6776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:55:17.0189 6776 arc - ok
21:55:17.0225 6776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:55:17.0227 6776 arcsas - ok
21:55:17.0426 6776 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:55:17.0449 6776 aspnet_state - ok
21:55:17.0472 6776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:17.0489 6776 AsyncMac - ok
21:55:17.0585 6776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:55:17.0586 6776 atapi - ok
21:55:17.0639 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:55:17.0645 6776 AudioEndpointBuilder - ok
21:55:17.0708 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:55:17.0711 6776 AudioSrv - ok
21:55:17.0749 6776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:55:17.0777 6776 AxInstSV - ok
21:55:17.0851 6776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:55:17.0893 6776 b06bdrv - ok
21:55:17.0951 6776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:17.0954 6776 b57nd60a - ok
21:55:18.0067 6776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:55:18.0068 6776 BDESVC - ok
21:55:18.0080 6776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:55:18.0081 6776 Beep - ok
21:55:18.0172 6776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:55:18.0193 6776 BFE - ok
21:55:18.0434 6776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:55:18.0458 6776 BITS - ok
21:55:18.0526 6776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:18.0527 6776 blbdrive - ok
21:55:18.0687 6776 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:55:18.0737 6776 Bonjour Service - ok
21:55:18.0840 6776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:55:18.0876 6776 bowser - ok
21:55:18.0889 6776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:55:18.0891 6776 BrFiltLo - ok
21:55:18.0898 6776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:55:18.0899 6776 BrFiltUp - ok
21:55:18.0908 6776 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:55:18.0911 6776 BridgeMP - ok
21:55:18.0948 6776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:55:18.0949 6776 Browser - ok
21:55:18.0963 6776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:55:18.0966 6776 Brserid - ok
21:55:18.0978 6776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:18.0980 6776 BrSerWdm - ok
21:55:18.0982 6776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:18.0982 6776 BrUsbMdm - ok
21:55:18.0995 6776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:18.0997 6776 BrUsbSer - ok
21:55:19.0014 6776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:55:19.0015 6776 BTHMODEM - ok
21:55:19.0046 6776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:55:19.0047 6776 bthserv - ok
21:55:19.0059 6776 catchme - ok
21:55:19.0072 6776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:55:19.0073 6776 cdfs - ok
21:55:19.0084 6776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:55:19.0085 6776 cdrom - ok
21:55:19.0107 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:55:19.0108 6776 CertPropSvc - ok
21:55:19.0121 6776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:55:19.0122 6776 circlass - ok
21:55:19.0137 6776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:55:19.0140 6776 CLFS - ok
21:55:19.0177 6776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:19.0178 6776 clr_optimization_v2.0.50727_32 - ok
21:55:19.0193 6776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:55:19.0195 6776 clr_optimization_v2.0.50727_64 - ok
21:55:19.0227 6776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:19.0228 6776 clr_optimization_v4.0.30319_32 - ok
21:55:19.0245 6776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:55:19.0299 6776 clr_optimization_v4.0.30319_64 - ok
21:55:19.0302 6776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:55:19.0303 6776 CmBatt - ok
21:55:19.0323 6776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:55:19.0324 6776 cmdide - ok
21:55:19.0444 6776 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:55:19.0449 6776 CNG - ok
21:55:19.0664 6776 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:55:19.0670 6776 CnxtHdAudService - ok
21:55:19.0722 6776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:55:19.0723 6776 Compbatt - ok
21:55:19.0746 6776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:55:19.0747 6776 CompositeBus - ok
21:55:19.0753 6776 COMSysApp - ok
21:55:19.0762 6776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:55:19.0763 6776 crcdisk - ok
21:55:19.0852 6776 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:55:19.0853 6776 CryptSvc - ok
21:55:20.0066 6776 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:55:20.0073 6776 cvhsvc - ok
21:55:20.0361 6776 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:55:20.0554 6776 dc3d - ok
21:55:20.0846 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:55:20.0886 6776 DcomLaunch - ok
21:55:20.0966 6776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:55:20.0978 6776 defragsvc - ok
21:55:20.0996 6776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:55:21.0056 6776 DfsC - ok
21:55:21.0092 6776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:55:21.0096 6776 Dhcp - ok
21:55:21.0148 6776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:55:21.0148 6776 discache - ok
21:55:21.0214 6776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:55:21.0215 6776 Disk - ok
21:55:21.0337 6776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:55:21.0396 6776 Dnscache - ok
21:55:21.0425 6776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:55:21.0469 6776 dot3svc - ok
21:55:21.0521 6776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:55:21.0524 6776 DPS - ok
21:55:21.0619 6776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:55:21.0620 6776 drmkaud - ok
21:55:21.0854 6776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:55:21.0858 6776 DXGKrnl - ok
21:55:21.0899 6776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:55:21.0901 6776 EapHost - ok
21:55:22.0948 6776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:55:23.0140 6776 ebdrv - ok
21:55:23.0268 6776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:55:23.0270 6776 EFS - ok
21:55:23.0323 6776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:55:23.0334 6776 ehRecvr - ok
21:55:23.0367 6776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:55:23.0377 6776 ehSched - ok
21:55:23.0426 6776 [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
21:55:23.0426 6776 ElRawDisk - ok
21:55:23.0458 6776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:55:23.0467 6776 elxstor - ok
21:55:23.0486 6776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:55:23.0487 6776 ErrDev - ok
21:55:23.0669 6776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:55:23.0728 6776 EventSystem - ok
21:55:23.0756 6776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:55:23.0758 6776 exfat - ok
21:55:23.0781 6776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:55:23.0789 6776 fastfat - ok
21:55:23.0837 6776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:55:24.0185 6776 Fax - ok
21:55:24.0204 6776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:55:24.0218 6776 fdc - ok
21:55:24.0260 6776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:55:24.0268 6776 fdPHost - ok
21:55:24.0291 6776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:55:24.0292 6776 FDResPub - ok
21:55:24.0309 6776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:55:24.0311 6776 FileInfo - ok
21:55:24.0322 6776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:55:24.0323 6776 Filetrace - ok
21:55:24.0350 6776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:55:24.0351 6776 flpydisk - ok
21:55:24.0369 6776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:55:24.0372 6776 FltMgr - ok
21:55:24.0762 6776 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:55:24.0928 6776 FontCache - ok
21:55:25.0114 6776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:55:25.0114 6776 FontCache3.0.0.0 - ok
21:55:25.0155 6776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:55:25.0157 6776 FsDepends - ok
21:55:25.0208 6776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:55:25.0208 6776 Fs_Rec - ok
21:55:25.0251 6776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:55:25.0255 6776 fvevol - ok
21:55:25.0271 6776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:55:25.0273 6776 gagp30kx - ok
21:55:25.0643 6776 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:55:25.0754 6776 GamesAppService - ok
21:55:25.0833 6776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:55:25.0841 6776 gpsvc - ok
21:55:26.0189 6776 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:55:26.0193 6776 gupdate - ok
21:55:26.0508 6776 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:55:26.0509 6776 gupdatem - ok
21:55:26.0747 6776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:26.0756 6776 gusvc - ok
21:55:26.0814 6776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:55:26.0816 6776 hcw85cir - ok
21:55:26.0865 6776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:26.0902 6776 HDAudBus - ok
21:55:26.0923 6776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:55:26.0939 6776 HidBatt - ok
21:55:26.0964 6776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:55:26.0986 6776 HidBth - ok
21:55:27.0023 6776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:55:27.0030 6776 HidIr - ok
21:55:27.0112 6776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:55:27.0114 6776 hidserv - ok
21:55:27.0136 6776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:55:27.0137 6776 HidUsb - ok
21:55:27.0188 6776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:55:27.0204 6776 hkmsvc - ok
21:55:27.0309 6776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:55:27.0326 6776 HomeGroupListener - ok
21:55:27.0394 6776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:55:27.0414 6776 HomeGroupProvider - ok
21:55:27.0435 6776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:55:27.0437 6776 HpSAMD - ok
21:55:27.0462 6776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:55:27.0469 6776 HTTP - ok
21:55:27.0474 6776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:55:27.0474 6776 hwpolicy - ok
21:55:27.0492 6776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:55:27.0494 6776 i8042prt - ok
21:55:27.0514 6776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:55:27.0519 6776 iaStorV - ok
21:55:27.0629 6776 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:55:27.0631 6776 IDriverT - ok
21:55:27.0658 6776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:55:27.0666 6776 idsvc - ok
21:55:28.0075 6776 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:55:28.0248 6776 igfx - ok
21:55:28.0287 6776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:55:28.0290 6776 iirsp - ok
21:55:28.0480 6776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:55:28.0554 6776 IKEEXT - ok
21:55:28.0720 6776 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:55:28.0731 6776 IntcDAud - ok
21:55:28.0795 6776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:55:28.0796 6776 intelide - ok
21:55:28.0834 6776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:55:28.0835 6776 intelppm - ok
21:55:29.0059 6776 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:55:29.0059 6776 IntuitUpdateServiceV4 - ok
21:55:29.0139 6776 [ 8C2D445F874CB05773B813ED853607CF ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
21:55:29.0142 6776 ioloSystemService - ok
21:55:29.0155 6776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:55:29.0158 6776 IPBusEnum - ok
21:55:29.0166 6776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:29.0169 6776 IpFilterDriver - ok
21:55:29.0237 6776 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:55:29.0243 6776 iphlpsvc - ok
21:55:29.0260 6776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:55:29.0262 6776 IPMIDRV - ok
21:55:29.0278 6776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:55:29.0281 6776 IPNAT - ok
21:55:29.0298 6776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:55:29.0300 6776 IRENUM - ok
21:55:29.0312 6776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:55:29.0314 6776 isapnp - ok
21:55:29.0327 6776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:55:29.0330 6776 iScsiPrt - ok
21:55:29.0349 6776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:29.0349 6776 kbdclass - ok
21:55:29.0367 6776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:29.0368 6776 kbdhid - ok
21:55:29.0379 6776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:55:29.0380 6776 KeyIso - ok
21:55:29.0421 6776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:55:29.0431 6776 KSecDD - ok
21:55:29.0463 6776 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:55:29.0465 6776 KSecPkg - ok
21:55:29.0495 6776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:55:29.0496 6776 ksthunk - ok
21:55:29.0515 6776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:55:29.0521 6776 KtmRm - ok
21:55:29.0560 6776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:55:29.0564 6776 LanmanServer - ok
21:55:30.0580 6776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:55:30.0589 6776 LanmanWorkstation - ok
21:55:30.0938 6776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:55:30.0946 6776 lltdio - ok
21:55:31.0289 6776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:55:31.0344 6776 lltdsvc - ok
21:55:31.0390 6776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:55:31.0391 6776 lmhosts - ok
21:55:31.0440 6776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:55:31.0512 6776 LSI_FC - ok
21:55:31.0585 6776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:55:31.0596 6776 LSI_SAS - ok
21:55:31.0606 6776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:55:31.0607 6776 LSI_SAS2 - ok
21:55:31.0621 6776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:55:31.0623 6776 LSI_SCSI - ok
21:55:31.0634 6776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:55:31.0636 6776 luafv - ok
21:55:31.0653 6776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:55:31.0655 6776 Mcx2Svc - ok
21:55:31.0668 6776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:55:31.0669 6776 megasas - ok
21:55:31.0685 6776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:55:31.0687 6776 MegaSR - ok
21:55:31.0721 6776 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:55:31.0722 6776 MEIx64 - ok
21:55:31.0873 6776 Microsoft SharePoint Workspace Audit Service - ok
21:55:31.0908 6776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:55:31.0916 6776 MMCSS - ok
21:55:31.0926 6776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:55:31.0927 6776 Modem - ok
21:55:31.0943 6776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:55:31.0943 6776 monitor - ok
21:55:31.0952 6776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:55:31.0952 6776 mouclass - ok
21:55:31.0962 6776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:55:31.0963 6776 mouhid - ok
21:55:31.0975 6776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:55:31.0977 6776 mountmgr - ok
21:55:31.0986 6776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:55:31.0988 6776 mpio - ok
21:55:32.0011 6776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:55:32.0012 6776 mpsdrv - ok
21:55:32.0048 6776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:55:32.0055 6776 MpsSvc - ok
21:55:32.0078 6776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:55:32.0080 6776 MRxDAV - ok
21:55:32.0108 6776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:32.0109 6776 mrxsmb - ok
21:55:32.0124 6776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:32.0127 6776 mrxsmb10 - ok
21:55:32.0140 6776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:32.0141 6776 mrxsmb20 - ok
21:55:32.0165 6776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:55:32.0166 6776 msahci - ok
21:55:32.0187 6776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:55:32.0194 6776 msdsm - ok
21:55:32.0215 6776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:55:32.0223 6776 MSDTC - ok
21:55:32.0233 6776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:55:32.0240 6776 Msfs - ok
21:55:32.0255 6776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:55:32.0262 6776 mshidkmdf - ok
21:55:32.0279 6776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:55:32.0279 6776 msisadrv - ok
21:55:32.0303 6776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:55:32.0305 6776 MSiSCSI - ok
21:55:32.0307 6776 msiserver - ok
21:55:32.0323 6776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:55:32.0324 6776 MSKSSRV - ok
21:55:32.0326 6776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:32.0327 6776 MSPCLOCK - ok
21:55:32.0329 6776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:55:32.0330 6776 MSPQM - ok
21:55:32.0344 6776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:55:32.0347 6776 MsRPC - ok
21:55:32.0566 6776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:32.0567 6776 mssmbios - ok
21:55:32.0571 6776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:55:32.0572 6776 MSTEE - ok
21:55:32.0584 6776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:55:32.0584 6776 MTConfig - ok
21:55:32.0608 6776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:55:32.0608 6776 Mup - ok
21:55:32.0639 6776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:55:32.0645 6776 napagent - ok
21:55:32.0702 6776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:55:32.0705 6776 NativeWifiP - ok
21:55:32.0808 6776 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:55:32.0814 6776 NAUpdate - ok
21:55:32.0868 6776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:55:32.0876 6776 NDIS - ok
21:55:32.0897 6776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:32.0898 6776 NdisCap - ok
21:55:32.0914 6776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:32.0915 6776 NdisTapi - ok
21:55:32.0931 6776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:32.0940 6776 Ndisuio - ok
21:55:33.0018 6776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:33.0021 6776 NdisWan - ok
21:55:33.0056 6776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:55:33.0095 6776 NDProxy - ok
21:55:33.0163 6776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:55:33.0172 6776 NetBIOS - ok
21:55:33.0230 6776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:55:33.0235 6776 NetBT - ok
21:55:33.0258 6776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:55:33.0259 6776 Netlogon - ok
21:55:33.0335 6776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:55:33.0376 6776 Netman - ok
21:55:33.0443 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0486 6776 NetMsmqActivator - ok
21:55:33.0520 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0521 6776 NetPipeActivator - ok
21:55:33.0579 6776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:55:33.0595 6776 netprofm - ok
21:55:33.0605 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0606 6776 NetTcpActivator - ok
21:55:33.0647 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0648 6776 NetTcpPortSharing - ok
21:55:33.0668 6776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:55:33.0675 6776 nfrd960 - ok
21:55:33.0807 6776 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:55:33.0834 6776 NlaSvc - ok
21:55:34.0198 6776 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:55:34.0310 6776 NOBU - ok
21:55:34.0343 6776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:55:34.0345 6776 Npfs - ok
21:55:34.0383 6776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:55:34.0390 6776 nsi - ok
21:55:34.0420 6776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:55:34.0420 6776 nsiproxy - ok
21:55:34.0552 6776 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:55:34.0610 6776 Ntfs - ok
21:55:34.0622 6776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:55:34.0623 6776 Null - ok
21:55:34.0644 6776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:55:34.0647 6776 nvraid - ok
21:55:34.0704 6776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:55:34.0706 6776 nvstor - ok
21:55:34.0721 6776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:55:34.0724 6776 nv_agp - ok
21:55:34.0747 6776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:55:34.0749 6776 ohci1394 - ok
21:55:34.0825 6776 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:34.0827 6776 ose - ok
21:55:35.0596 6776 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:55:35.0672 6776 osppsvc - ok
21:55:35.0712 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:55:35.0720 6776 p2pimsvc - ok
21:55:35.0912 6776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:55:35.0962 6776 p2psvc - ok
21:55:36.0026 6776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:55:36.0215 6776 Parport - ok
21:55:36.0282 6776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:55:36.0286 6776 partmgr - ok
21:55:36.0451 6776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:55:36.0546 6776 PcaSvc - ok
21:55:36.0598 6776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:55:36.0605 6776 pci - ok
21:55:36.0662 6776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:55:36.0663 6776 pciide - ok
21:55:36.0717 6776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:55:36.0720 6776 pcmcia - ok
21:55:36.0925 6776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:55:36.0926 6776 pcw - ok
21:55:37.0010 6776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:55:37.0062 6776 PEAUTH - ok
21:55:37.0256 6776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:55:37.0258 6776 PerfHost - ok
21:55:37.0285 6776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:55:37.0310 6776 pla - ok
21:55:37.0346 6776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:55:37.0350 6776 PlugPlay - ok
21:55:37.0361 6776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:55:37.0363 6776 PNRPAutoReg - ok
21:55:37.0376 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:55:37.0378 6776 PNRPsvc - ok
21:55:37.0407 6776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:55:37.0412 6776 PolicyAgent - ok
21:55:37.0440 6776 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:55:37.0442 6776 Power - ok
21:55:37.0464 6776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:55:37.0465 6776 PptpMiniport - ok
21:55:37.0480 6776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:55:37.0481 6776 Processor - ok
21:55:37.0513 6776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:55:37.0515 6776 ProfSvc - ok
21:55:37.0528 6776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:55:37.0529 6776 ProtectedStorage - ok
21:55:37.0544 6776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:55:37.0545 6776 Psched - ok
21:55:37.0580 6776 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:55:37.0581 6776 PxHlpa64 - ok
21:55:37.0615 6776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:55:37.0648 6776 ql2300 - ok
21:55:37.0664 6776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:55:37.0675 6776 ql40xx - ok
21:55:37.0693 6776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:55:37.0696 6776 QWAVE - ok
21:55:37.0707 6776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:55:37.0707 6776 QWAVEdrv - ok
21:55:37.0718 6776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:55:37.0719 6776 RasAcd - ok
21:55:37.0752 6776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:37.0753 6776 RasAgileVpn - ok
21:55:37.0762 6776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:55:37.0764 6776 RasAuto - ok
21:55:37.0774 6776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:37.0776 6776 Rasl2tp - ok
21:55:37.0786 6776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:55:37.0790 6776 RasMan - ok
21:55:37.0802 6776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:37.0805 6776 RasPppoe - ok
21:55:37.0814 6776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:55:37.0816 6776 RasSstp - ok
21:55:37.0827 6776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:55:37.0830 6776 rdbss - ok
21:55:37.0844 6776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:55:37.0845 6776 rdpbus - ok
21:55:37.0855 6776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:37.0855 6776 RDPCDD - ok
21:55:37.0871 6776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:55:37.0871 6776 RDPENCDD - ok
21:55:37.0879 6776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:55:37.0879 6776 RDPREFMP - ok
21:55:37.0954 6776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:55:37.0957 6776 RDPWD - ok
21:55:37.0971 6776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:55:37.0973 6776 rdyboost - ok
21:55:37.0990 6776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:55:37.0992 6776 RemoteAccess - ok
21:55:38.0010 6776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:55:38.0014 6776 RemoteRegistry - ok
21:55:38.0421 6776 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:55:38.0452 6776 RoxMediaDB12OEM - ok
21:55:38.0523 6776 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:55:38.0706 6776 RoxWatch12 - ok
21:55:38.0802 6776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:55:38.0807 6776 RpcEptMapper - ok
21:55:38.0844 6776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:55:38.0846 6776 RpcLocator - ok
21:55:38.0969 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
21:55:38.0972 6776 RpcSs - ok
21:55:39.0056 6776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:55:39.0057 6776 rspndr - ok
21:55:39.0139 6776 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:55:39.0141 6776 RTL8167 - ok
21:55:39.0151 6776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:55:39.0152 6776 SamSs - ok
21:55:39.0185 6776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:55:39.0186 6776 sbp2port - ok
21:55:39.0202 6776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:55:39.0204 6776 SCardSvr - ok
21:55:39.0215 6776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:55:39.0216 6776 scfilter - ok
21:55:39.0267 6776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:55:39.0284 6776 Schedule - ok
21:55:39.0310 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:55:39.0311 6776 SCPolicySvc - ok
21:55:39.0321 6776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:55:39.0324 6776 SDRSVC - ok
21:55:39.0344 6776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:55:39.0345 6776 secdrv - ok
21:55:39.0356 6776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:55:39.0358 6776 seclogon - ok
21:55:39.0379 6776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:55:39.0381 6776 SENS - ok
21:55:39.0400 6776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:55:39.0402 6776 SensrSvc - ok
21:55:39.0413 6776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:55:39.0414 6776 Serenum - ok
21:55:39.0523 6776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:55:39.0564 6776 Serial - ok
21:55:39.0618 6776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:55:39.0624 6776 sermouse - ok
21:55:39.0657 6776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:55:39.0796 6776 SessionEnv - ok
21:55:39.0820 6776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:55:39.0821 6776 sffdisk - ok
21:55:39.0873 6776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:55:39.0874 6776 sffp_mmc - ok
21:55:39.0888 6776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:55:39.0890 6776 sffp_sd - ok
21:55:39.0905 6776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:55:39.0906 6776 sfloppy - ok
21:55:39.0954 6776 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:55:39.0957 6776 Sftfs - ok
21:55:40.0051 6776 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:55:40.0056 6776 sftlist - ok
21:55:40.0222 6776 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:55:40.0223 6776 Sftplay - ok
21:55:40.0272 6776 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:55:40.0272 6776 Sftredir - ok
21:55:40.0977 6776 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:55:41.0016 6776 SftService - ok
21:55:41.0081 6776 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:55:41.0081 6776 Sftvol - ok
21:55:41.0138 6776 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:55:41.0140 6776 sftvsa - ok
21:55:41.0286 6776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:55:41.0290 6776 SharedAccess - ok
21:55:41.0321 6776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:55:41.0325 6776 ShellHWDetection - ok
21:55:41.0384 6776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:55:41.0405 6776 SiSRaid2 - ok
21:55:41.0430 6776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:55:41.0441 6776 SiSRaid4 - ok
21:55:41.0511 6776 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:41.0516 6776 SkypeUpdate - ok
21:55:41.0587 6776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:55:41.0632 6776 Smb - ok
21:55:41.0703 6776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:55:41.0724 6776 SNMPTRAP - ok
21:55:41.0785 6776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:55:41.0785 6776 spldr - ok
21:55:42.0007 6776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:55:42.0039 6776 Spooler - ok
21:55:42.0629 6776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:55:42.0645 6776 sppsvc - ok
21:55:42.0666 6776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:55:42.0669 6776 sppuinotify - ok
21:55:42.0739 6776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:55:42.0743 6776 srv - ok
21:55:42.0830 6776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:55:42.0885 6776 srv2 - ok
21:55:42.0949 6776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:55:42.0951 6776 srvnet - ok
21:55:42.0995 6776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:55:42.0999 6776 SSDPSRV - ok
21:55:43.0056 6776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:55:43.0059 6776 SstpSvc - ok
21:55:43.0207 6776 Steam Client Service - ok
21:55:43.0263 6776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:55:43.0265 6776 stexstor - ok
21:55:43.0366 6776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:55:43.0373 6776 stisvc - ok
21:55:43.0496 6776 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:55:43.0515 6776 stllssvr - ok
21:55:43.0554 6776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:55:43.0554 6776 swenum - ok
21:55:43.0725 6776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:55:43.0758 6776 swprv - ok
21:55:43.0796 6776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:55:43.0822 6776 SysMain - ok
21:55:43.0833 6776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:55:43.0836 6776 TabletInputService - ok
21:55:43.0848 6776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:55:43.0853 6776 TapiSrv - ok
21:55:43.0862 6776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:55:43.0865 6776 TBS - ok
21:55:44.0343 6776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:55:44.0374 6776 Tcpip - ok
21:55:44.0856 6776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:55:44.0863 6776 TCPIP6 - ok
21:55:45.0011 6776 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:55:45.0013 6776 tcpipreg - ok
21:55:45.0086 6776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:55:45.0087 6776 TDPIPE - ok
21:55:45.0161 6776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:55:45.0175 6776 TDTCP - ok
21:55:45.0193 6776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:55:45.0195 6776 tdx - ok
21:55:45.0202 6776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:55:45.0203 6776 TermDD - ok
21:55:45.0225 6776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:55:45.0231 6776 TermService - ok
21:55:45.0244 6776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:55:45.0246 6776 Themes - ok
21:55:45.0260 6776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:55:45.0261 6776 THREADORDER - ok
21:55:45.0267 6776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:55:45.0269 6776 TrkWks - ok
21:55:45.0309 6776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:55:45.0311 6776 TrustedInstaller - ok
21:55:45.0322 6776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:45.0323 6776 tssecsrv - ok
21:55:45.0350 6776 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:55:45.0351 6776 TsUsbFlt - ok
21:55:45.0360 6776 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:55:45.0361 6776 TsUsbGD - ok
21:55:45.0387 6776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:55:45.0389 6776 tunnel - ok
21:55:45.0405 6776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:55:45.0407 6776 uagp35 - ok
21:55:45.0429 6776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:55:45.0432 6776 udfs - ok
21:55:45.0442 6776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:55:45.0443 6776 UI0Detect - ok
21:55:45.0453 6776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:55:45.0455 6776 uliagpkx - ok
21:55:45.0472 6776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:55:45.0473 6776 umbus - ok
21:55:45.0482 6776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:55:45.0483 6776 UmPass - ok
21:55:45.0498 6776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:55:45.0503 6776 upnphost - ok
21:55:45.0554 6776 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:55:45.0555 6776 usbaudio - ok
21:55:45.0567 6776 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:45.0569 6776 usbccgp - ok
21:55:45.0590 6776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:55:45.0592 6776 usbcir - ok
21:55:45.0607 6776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:55:45.0608 6776 usbehci - ok
21:55:45.0653 6776 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:55:45.0656 6776 usbhub - ok
21:55:45.0669 6776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:55:45.0670 6776 usbohci - ok
21:55:45.0678 6776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:55:45.0679 6776 usbprint - ok
21:55:45.0691 6776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:45.0692 6776 USBSTOR - ok
21:55:45.0717 6776 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:55:45.0718 6776 usbuhci - ok
21:55:45.0753 6776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:55:45.0756 6776 usbvideo - ok
21:55:45.0774 6776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:55:45.0776 6776 UxSms - ok
21:55:45.0786 6776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:55:45.0787 6776 VaultSvc - ok
21:55:45.0789 6776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:55:45.0789 6776 vdrvroot - ok
21:55:45.0817 6776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:55:45.0822 6776 vds - ok
21:55:45.0831 6776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:45.0833 6776 vga - ok
21:55:45.0844 6776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:55:45.0845 6776 VgaSave - ok
21:55:45.0860 6776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:55:45.0862 6776 vhdmp - ok
21:55:45.0871 6776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:55:45.0873 6776 viaide - ok
21:55:45.0882 6776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:55:45.0883 6776 volmgr - ok
21:55:45.0897 6776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:55:45.0900 6776 volmgrx - ok
21:55:45.0911 6776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:55:45.0913 6776 volsnap - ok
21:55:45.0938 6776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:55:45.0940 6776 vsmraid - ok
21:55:45.0972 6776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:55:45.0998 6776 VSS - ok
21:55:46.0013 6776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:55:46.0014 6776 vwifibus - ok
21:55:46.0033 6776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:55:46.0038 6776 W32Time - ok
21:55:46.0049 6776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:55:46.0050 6776 WacomPen - ok
21:55:46.0063 6776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:55:46.0064 6776 WANARP - ok
21:55:46.0067 6776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:55:46.0067 6776 Wanarpv6 - ok
21:55:46.0108 6776 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:55:46.0125 6776 WatAdminSvc - ok
21:55:46.0156 6776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:55:46.0181 6776 wbengine - ok
21:55:46.0189 6776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:55:46.0192 6776 WbioSrvc - ok
21:55:46.0203 6776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:55:46.0207 6776 wcncsvc - ok
21:55:46.0219 6776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:55:46.0227 6776 WcsPlugInService - ok
21:55:46.0233 6776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:55:46.0234 6776 Wd - ok
21:55:46.0313 6776 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:55:46.0330 6776 Wdf01000 - ok
21:55:46.0339 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:55:46.0341 6776 WdiServiceHost - ok
21:55:46.0343 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:55:46.0345 6776 WdiSystemHost - ok
21:55:46.0357 6776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:55:46.0361 6776 WebClient - ok
21:55:46.0373 6776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:55:46.0381 6776 Wecsvc - ok
21:55:46.0413 6776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:55:46.0420 6776 wercplsupport - ok
21:55:46.0430 6776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:55:46.0432 6776 WerSvc - ok
21:55:46.0444 6776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:46.0445 6776 WfpLwf - ok
21:55:46.0565 6776 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:55:46.0581 6776 WimFltr - ok
21:55:46.0619 6776 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:55:46.0654 6776 WIMMount - ok
21:55:46.0679 6776 WinDefend - ok
21:55:46.0683 6776 WinHttpAutoProxySvc - ok
21:55:46.0985 6776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:55:47.0023 6776 Winmgmt - ok
21:55:47.0212 6776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:55:47.0271 6776 WinRM - ok
21:55:47.0410 6776 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:47.0412 6776 WinUsb - ok
21:55:47.0454 6776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:55:47.0469 6776 Wlansvc - ok
21:55:47.0513 6776 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:55:47.0515 6776 wlcrasvc - ok
21:55:47.0751 6776 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:55:47.0785 6776 wlidsvc - ok
21:55:47.0798 6776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:55:47.0800 6776 WmiAcpi - ok
21:55:47.0810 6776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:55:47.0812 6776 wmiApSrv - ok
21:55:47.0836 6776 WMPNetworkSvc - ok
21:55:47.0857 6776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:55:47.0859 6776 WPCSvc - ok
21:55:47.0875 6776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:55:47.0878 6776 WPDBusEnum - ok
21:55:47.0891 6776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:55:47.0893 6776 ws2ifsl - ok
21:55:47.0977 6776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:55:47.0980 6776 wscsvc - ok
21:55:47.0982 6776 WSearch - ok
21:55:48.0625 6776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:55:48.0692 6776 wuauserv - ok
21:55:48.0775 6776 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:55:48.0794 6776 WudfPf - ok
21:55:49.0094 6776 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:49.0097 6776 WUDFRd - ok
21:55:49.0145 6776 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:55:49.0176 6776 wudfsvc - ok
21:55:49.0216 6776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:55:49.0245 6776 WwanSvc - ok
21:55:49.0251 6776 ================ Scan global ===============================
21:55:49.0290 6776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:55:49.0351 6776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:55:49.0448 6776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:55:49.0534 6776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:55:49.0581 6776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:55:49.0598 6776 [Global] - ok
21:55:49.0598 6776 ================ Scan MBR ==================================
21:55:49.0604 6776 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:55:49.0604 6776 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:55:49.0782 6776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:55:49.0782 6776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:55:49.0782 6776 ================ Scan VBR ==================================
21:55:49.0793 6776 [ CA03A91B6CFBDE7DB1EB2F4B97FF444F ] \Device\Harddisk0\DR0\Partition1
21:55:49.0818 6776 \Device\Harddisk0\DR0\Partition1 - ok
21:55:49.0843 6776 [ 2BB052776FE950E7876DCDC7CBF5731E ] \Device\Harddisk0\DR0\Partition2
21:55:49.0846 6776 \Device\Harddisk0\DR0\Partition2 - ok
21:55:49.0846 6776 ============================================================
21:55:49.0846 6776 Scan finished
21:55:49.0846 6776 ============================================================
21:55:49.0851 3268 Detected object count: 1
21:55:49.0851 3268 Actual detected object count: 1
21:56:05.0127 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
21:56:05.0127 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

Seems to be running fine, but I haven't used it much lately.
When I rshut down after the last session using combofix, there were a number of updates that were installing, then the next time I booted up I got a window saying the computer was applying update operations. Apparently MS Windows Malicious SW Removal tool? and it detected "Trojan: DOS/Alureon.A"

There is also an annoying "funmoods toolbar" add-on that keeps wanting me to enable it.

Anyway, thanks for all your help here.
The contents of the TDSSKiller log:

1:54:28.0454 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:54:28.0804 3968 ============================================================
21:54:28.0804 3968 Current date / time: 2012/12/04 21:54:28.0804
21:54:28.0804 3968 SystemInfo:
21:54:28.0804 3968
21:54:28.0804 3968 OS Version: 6.1.7601 ServicePack: 1.0
21:54:28.0804 3968 Product type: Workstation
21:54:28.0804 3968 ComputerName: DELL-PC
21:54:28.0804 3968 UserName: Mom
21:54:28.0804 3968 Windows directory: C:\Windows
21:54:28.0804 3968 System windows directory: C:\Windows
21:54:28.0804 3968 Running under WOW64
21:54:28.0804 3968 Processor architecture: Intel x64
21:54:28.0804 3968 Number of processors: 4
21:54:28.0804 3968 Page size: 0x1000
21:54:28.0804 3968 Boot type: Normal boot
21:54:28.0804 3968 ============================================================
21:54:35.0569 3968 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:54:35.0585 3968 ============================================================
21:54:35.0585 3968 \Device\Harddisk0\DR0:
21:54:35.0595 3968 MBR partitions:
21:54:35.0595 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
21:54:35.0595 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
21:54:35.0595 3968 ============================================================
21:54:35.0983 3968 C: <-> \Device\Harddisk0\DR0\Partition2
21:54:35.0983 3968 ============================================================
21:54:35.0983 3968 Initialize success
21:54:35.0983 3968 ============================================================
21:54:57.0558 6776 ============================================================
21:54:57.0558 6776 Scan started
21:54:57.0558 6776 Mode: Manual;
21:54:57.0558 6776 ============================================================
21:55:12.0114 6776 ================ Scan system memory ========================
21:55:12.0114 6776 System memory - ok
21:55:12.0114 6776 ================ Scan services =============================
21:55:13.0376 6776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:55:13.0409 6776 1394ohci - ok
21:55:13.0459 6776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:55:13.0469 6776 ACPI - ok
21:55:13.0546 6776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:55:13.0548 6776 AcpiPmi - ok
21:55:13.0944 6776 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:14.0450 6776 AdobeFlashPlayerUpdateSvc - ok
21:55:15.0656 6776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:55:15.0671 6776 adp94xx - ok
21:55:15.0694 6776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:55:15.0698 6776 adpahci - ok
21:55:15.0711 6776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:55:15.0713 6776 adpu320 - ok
21:55:15.0743 6776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:55:15.0745 6776 AeLookupSvc - ok
21:55:15.0801 6776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:55:15.0805 6776 AFD - ok
21:55:15.0841 6776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:55:15.0843 6776 agp440 - ok
21:55:15.0914 6776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:55:15.0947 6776 ALG - ok
21:55:15.0980 6776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:55:15.0981 6776 aliide - ok
21:55:15.0993 6776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:55:15.0995 6776 amdide - ok
21:55:16.0002 6776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:55:16.0078 6776 AmdK8 - ok
21:55:16.0101 6776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:55:16.0103 6776 AmdPPM - ok
21:55:16.0523 6776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:55:16.0773 6776 amdsata - ok
21:55:16.0866 6776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:55:16.0882 6776 amdsbs - ok
21:55:16.0899 6776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:55:16.0900 6776 amdxata - ok
21:55:16.0955 6776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:55:16.0967 6776 AppID - ok
21:55:16.0984 6776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:55:16.0989 6776 AppIDSvc - ok
21:55:17.0038 6776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:55:17.0040 6776 Appinfo - ok
21:55:17.0179 6776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:55:17.0189 6776 arc - ok
21:55:17.0225 6776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:55:17.0227 6776 arcsas - ok
21:55:17.0426 6776 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:55:17.0449 6776 aspnet_state - ok
21:55:17.0472 6776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:17.0489 6776 AsyncMac - ok
21:55:17.0585 6776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:55:17.0586 6776 atapi - ok
21:55:17.0639 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:55:17.0645 6776 AudioEndpointBuilder - ok
21:55:17.0708 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:55:17.0711 6776 AudioSrv - ok
21:55:17.0749 6776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:55:17.0777 6776 AxInstSV - ok
21:55:17.0851 6776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:55:17.0893 6776 b06bdrv - ok
21:55:17.0951 6776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:17.0954 6776 b57nd60a - ok
21:55:18.0067 6776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:55:18.0068 6776 BDESVC - ok
21:55:18.0080 6776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:55:18.0081 6776 Beep - ok
21:55:18.0172 6776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:55:18.0193 6776 BFE - ok
21:55:18.0434 6776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:55:18.0458 6776 BITS - ok
21:55:18.0526 6776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:18.0527 6776 blbdrive - ok
21:55:18.0687 6776 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:55:18.0737 6776 Bonjour Service - ok
21:55:18.0840 6776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:55:18.0876 6776 bowser - ok
21:55:18.0889 6776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:55:18.0891 6776 BrFiltLo - ok
21:55:18.0898 6776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:55:18.0899 6776 BrFiltUp - ok
21:55:18.0908 6776 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:55:18.0911 6776 BridgeMP - ok
21:55:18.0948 6776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:55:18.0949 6776 Browser - ok
21:55:18.0963 6776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:55:18.0966 6776 Brserid - ok
21:55:18.0978 6776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:18.0980 6776 BrSerWdm - ok
21:55:18.0982 6776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:18.0982 6776 BrUsbMdm - ok
21:55:18.0995 6776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:18.0997 6776 BrUsbSer - ok
21:55:19.0014 6776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:55:19.0015 6776 BTHMODEM - ok
21:55:19.0046 6776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:55:19.0047 6776 bthserv - ok
21:55:19.0059 6776 catchme - ok
21:55:19.0072 6776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:55:19.0073 6776 cdfs - ok
21:55:19.0084 6776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:55:19.0085 6776 cdrom - ok
21:55:19.0107 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:55:19.0108 6776 CertPropSvc - ok
21:55:19.0121 6776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:55:19.0122 6776 circlass - ok
21:55:19.0137 6776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:55:19.0140 6776 CLFS - ok
21:55:19.0177 6776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:19.0178 6776 clr_optimization_v2.0.50727_32 - ok
21:55:19.0193 6776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:55:19.0195 6776 clr_optimization_v2.0.50727_64 - ok
21:55:19.0227 6776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:19.0228 6776 clr_optimization_v4.0.30319_32 - ok
21:55:19.0245 6776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:55:19.0299 6776 clr_optimization_v4.0.30319_64 - ok
21:55:19.0302 6776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:55:19.0303 6776 CmBatt - ok
21:55:19.0323 6776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:55:19.0324 6776 cmdide - ok
21:55:19.0444 6776 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:55:19.0449 6776 CNG - ok
21:55:19.0664 6776 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:55:19.0670 6776 CnxtHdAudService - ok
21:55:19.0722 6776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:55:19.0723 6776 Compbatt - ok
21:55:19.0746 6776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:55:19.0747 6776 CompositeBus - ok
21:55:19.0753 6776 COMSysApp - ok
21:55:19.0762 6776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:55:19.0763 6776 crcdisk - ok
21:55:19.0852 6776 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:55:19.0853 6776 CryptSvc - ok
21:55:20.0066 6776 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:55:20.0073 6776 cvhsvc - ok
21:55:20.0361 6776 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:55:20.0554 6776 dc3d - ok
21:55:20.0846 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:55:20.0886 6776 DcomLaunch - ok
21:55:20.0966 6776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:55:20.0978 6776 defragsvc - ok
21:55:20.0996 6776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:55:21.0056 6776 DfsC - ok
21:55:21.0092 6776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:55:21.0096 6776 Dhcp - ok
21:55:21.0148 6776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:55:21.0148 6776 discache - ok
21:55:21.0214 6776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:55:21.0215 6776 Disk - ok
21:55:21.0337 6776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:55:21.0396 6776 Dnscache - ok
21:55:21.0425 6776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:55:21.0469 6776 dot3svc - ok
21:55:21.0521 6776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:55:21.0524 6776 DPS - ok
21:55:21.0619 6776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:55:21.0620 6776 drmkaud - ok
21:55:21.0854 6776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:55:21.0858 6776 DXGKrnl - ok
21:55:21.0899 6776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:55:21.0901 6776 EapHost - ok
21:55:22.0948 6776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:55:23.0140 6776 ebdrv - ok
21:55:23.0268 6776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:55:23.0270 6776 EFS - ok
21:55:23.0323 6776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:55:23.0334 6776 ehRecvr - ok
21:55:23.0367 6776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:55:23.0377 6776 ehSched - ok
21:55:23.0426 6776 [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
21:55:23.0426 6776 ElRawDisk - ok
21:55:23.0458 6776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:55:23.0467 6776 elxstor - ok
21:55:23.0486 6776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:55:23.0487 6776 ErrDev - ok
21:55:23.0669 6776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:55:23.0728 6776 EventSystem - ok
21:55:23.0756 6776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:55:23.0758 6776 exfat - ok
21:55:23.0781 6776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:55:23.0789 6776 fastfat - ok
21:55:23.0837 6776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:55:24.0185 6776 Fax - ok
21:55:24.0204 6776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:55:24.0218 6776 fdc - ok
21:55:24.0260 6776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:55:24.0268 6776 fdPHost - ok
21:55:24.0291 6776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:55:24.0292 6776 FDResPub - ok
21:55:24.0309 6776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:55:24.0311 6776 FileInfo - ok
21:55:24.0322 6776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:55:24.0323 6776 Filetrace - ok
21:55:24.0350 6776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:55:24.0351 6776 flpydisk - ok
21:55:24.0369 6776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:55:24.0372 6776 FltMgr - ok
21:55:24.0762 6776 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:55:24.0928 6776 FontCache - ok
21:55:25.0114 6776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:55:25.0114 6776 FontCache3.0.0.0 - ok
21:55:25.0155 6776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:55:25.0157 6776 FsDepends - ok
21:55:25.0208 6776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:55:25.0208 6776 Fs_Rec - ok
21:55:25.0251 6776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:55:25.0255 6776 fvevol - ok
21:55:25.0271 6776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:55:25.0273 6776 gagp30kx - ok
21:55:25.0643 6776 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:55:25.0754 6776 GamesAppService - ok
21:55:25.0833 6776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:55:25.0841 6776 gpsvc - ok
21:55:26.0189 6776 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:55:26.0193 6776 gupdate - ok
21:55:26.0508 6776 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:55:26.0509 6776 gupdatem - ok
21:55:26.0747 6776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:26.0756 6776 gusvc - ok
21:55:26.0814 6776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:55:26.0816 6776 hcw85cir - ok
21:55:26.0865 6776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:26.0902 6776 HDAudBus - ok
21:55:26.0923 6776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:55:26.0939 6776 HidBatt - ok
21:55:26.0964 6776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:55:26.0986 6776 HidBth - ok
21:55:27.0023 6776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:55:27.0030 6776 HidIr - ok
21:55:27.0112 6776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:55:27.0114 6776 hidserv - ok
21:55:27.0136 6776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:55:27.0137 6776 HidUsb - ok
21:55:27.0188 6776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:55:27.0204 6776 hkmsvc - ok
21:55:27.0309 6776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:55:27.0326 6776 HomeGroupListener - ok
21:55:27.0394 6776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:55:27.0414 6776 HomeGroupProvider - ok
21:55:27.0435 6776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:55:27.0437 6776 HpSAMD - ok
21:55:27.0462 6776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:55:27.0469 6776 HTTP - ok
21:55:27.0474 6776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:55:27.0474 6776 hwpolicy - ok
21:55:27.0492 6776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:55:27.0494 6776 i8042prt - ok
21:55:27.0514 6776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:55:27.0519 6776 iaStorV - ok
21:55:27.0629 6776 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:55:27.0631 6776 IDriverT - ok
21:55:27.0658 6776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:55:27.0666 6776 idsvc - ok
21:55:28.0075 6776 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:55:28.0248 6776 igfx - ok
21:55:28.0287 6776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:55:28.0290 6776 iirsp - ok
21:55:28.0480 6776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:55:28.0554 6776 IKEEXT - ok
21:55:28.0720 6776 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:55:28.0731 6776 IntcDAud - ok
21:55:28.0795 6776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:55:28.0796 6776 intelide - ok
21:55:28.0834 6776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:55:28.0835 6776 intelppm - ok
21:55:29.0059 6776 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:55:29.0059 6776 IntuitUpdateServiceV4 - ok
21:55:29.0139 6776 [ 8C2D445F874CB05773B813ED853607CF ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
21:55:29.0142 6776 ioloSystemService - ok
21:55:29.0155 6776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:55:29.0158 6776 IPBusEnum - ok
21:55:29.0166 6776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:29.0169 6776 IpFilterDriver - ok
21:55:29.0237 6776 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:55:29.0243 6776 iphlpsvc - ok
21:55:29.0260 6776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:55:29.0262 6776 IPMIDRV - ok
21:55:29.0278 6776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:55:29.0281 6776 IPNAT - ok
21:55:29.0298 6776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:55:29.0300 6776 IRENUM - ok
21:55:29.0312 6776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:55:29.0314 6776 isapnp - ok
21:55:29.0327 6776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:55:29.0330 6776 iScsiPrt - ok
21:55:29.0349 6776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:29.0349 6776 kbdclass - ok
21:55:29.0367 6776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:29.0368 6776 kbdhid - ok
21:55:29.0379 6776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:55:29.0380 6776 KeyIso - ok
21:55:29.0421 6776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:55:29.0431 6776 KSecDD - ok
21:55:29.0463 6776 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:55:29.0465 6776 KSecPkg - ok
21:55:29.0495 6776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:55:29.0496 6776 ksthunk - ok
21:55:29.0515 6776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:55:29.0521 6776 KtmRm - ok
21:55:29.0560 6776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:55:29.0564 6776 LanmanServer - ok
21:55:30.0580 6776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:55:30.0589 6776 LanmanWorkstation - ok
21:55:30.0938 6776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:55:30.0946 6776 lltdio - ok
21:55:31.0289 6776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:55:31.0344 6776 lltdsvc - ok
21:55:31.0390 6776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:55:31.0391 6776 lmhosts - ok
21:55:31.0440 6776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:55:31.0512 6776 LSI_FC - ok
21:55:31.0585 6776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:55:31.0596 6776 LSI_SAS - ok
21:55:31.0606 6776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:55:31.0607 6776 LSI_SAS2 - ok
21:55:31.0621 6776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:55:31.0623 6776 LSI_SCSI - ok
21:55:31.0634 6776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:55:31.0636 6776 luafv - ok
21:55:31.0653 6776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:55:31.0655 6776 Mcx2Svc - ok
21:55:31.0668 6776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:55:31.0669 6776 megasas - ok
21:55:31.0685 6776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:55:31.0687 6776 MegaSR - ok
21:55:31.0721 6776 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:55:31.0722 6776 MEIx64 - ok
21:55:31.0873 6776 Microsoft SharePoint Workspace Audit Service - ok
21:55:31.0908 6776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:55:31.0916 6776 MMCSS - ok
21:55:31.0926 6776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:55:31.0927 6776 Modem - ok
21:55:31.0943 6776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:55:31.0943 6776 monitor - ok
21:55:31.0952 6776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:55:31.0952 6776 mouclass - ok
21:55:31.0962 6776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:55:31.0963 6776 mouhid - ok
21:55:31.0975 6776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:55:31.0977 6776 mountmgr - ok
21:55:31.0986 6776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:55:31.0988 6776 mpio - ok
21:55:32.0011 6776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:55:32.0012 6776 mpsdrv - ok
21:55:32.0048 6776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:55:32.0055 6776 MpsSvc - ok
21:55:32.0078 6776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:55:32.0080 6776 MRxDAV - ok
21:55:32.0108 6776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:32.0109 6776 mrxsmb - ok
21:55:32.0124 6776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:32.0127 6776 mrxsmb10 - ok
21:55:32.0140 6776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:32.0141 6776 mrxsmb20 - ok
21:55:32.0165 6776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:55:32.0166 6776 msahci - ok
21:55:32.0187 6776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:55:32.0194 6776 msdsm - ok
21:55:32.0215 6776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:55:32.0223 6776 MSDTC - ok
21:55:32.0233 6776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:55:32.0240 6776 Msfs - ok
21:55:32.0255 6776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:55:32.0262 6776 mshidkmdf - ok
21:55:32.0279 6776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:55:32.0279 6776 msisadrv - ok
21:55:32.0303 6776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:55:32.0305 6776 MSiSCSI - ok
21:55:32.0307 6776 msiserver - ok
21:55:32.0323 6776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:55:32.0324 6776 MSKSSRV - ok
21:55:32.0326 6776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:32.0327 6776 MSPCLOCK - ok
21:55:32.0329 6776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:55:32.0330 6776 MSPQM - ok
21:55:32.0344 6776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:55:32.0347 6776 MsRPC - ok
21:55:32.0566 6776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:32.0567 6776 mssmbios - ok
21:55:32.0571 6776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:55:32.0572 6776 MSTEE - ok
21:55:32.0584 6776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:55:32.0584 6776 MTConfig - ok
21:55:32.0608 6776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:55:32.0608 6776 Mup - ok
21:55:32.0639 6776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:55:32.0645 6776 napagent - ok
21:55:32.0702 6776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:55:32.0705 6776 NativeWifiP - ok
21:55:32.0808 6776 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:55:32.0814 6776 NAUpdate - ok
21:55:32.0868 6776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:55:32.0876 6776 NDIS - ok
21:55:32.0897 6776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:32.0898 6776 NdisCap - ok
21:55:32.0914 6776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:32.0915 6776 NdisTapi - ok
21:55:32.0931 6776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:32.0940 6776 Ndisuio - ok
21:55:33.0018 6776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:33.0021 6776 NdisWan - ok
21:55:33.0056 6776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:55:33.0095 6776 NDProxy - ok
21:55:33.0163 6776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:55:33.0172 6776 NetBIOS - ok
21:55:33.0230 6776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:55:33.0235 6776 NetBT - ok
21:55:33.0258 6776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:55:33.0259 6776 Netlogon - ok
21:55:33.0335 6776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:55:33.0376 6776 Netman - ok
21:55:33.0443 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0486 6776 NetMsmqActivator - ok
21:55:33.0520 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0521 6776 NetPipeActivator - ok
21:55:33.0579 6776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:55:33.0595 6776 netprofm - ok
21:55:33.0605 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0606 6776 NetTcpActivator - ok
21:55:33.0647 6776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:33.0648 6776 NetTcpPortSharing - ok
21:55:33.0668 6776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:55:33.0675 6776 nfrd960 - ok
21:55:33.0807 6776 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:55:33.0834 6776 NlaSvc - ok
21:55:34.0198 6776 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:55:34.0310 6776 NOBU - ok
21:55:34.0343 6776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:55:34.0345 6776 Npfs - ok
21:55:34.0383 6776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:55:34.0390 6776 nsi - ok
21:55:34.0420 6776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:55:34.0420 6776 nsiproxy - ok
21:55:34.0552 6776 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:55:34.0610 6776 Ntfs - ok
21:55:34.0622 6776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:55:34.0623 6776 Null - ok
21:55:34.0644 6776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:55:34.0647 6776 nvraid - ok
21:55:34.0704 6776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:55:34.0706 6776 nvstor - ok
21:55:34.0721 6776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:55:34.0724 6776 nv_agp - ok
21:55:34.0747 6776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:55:34.0749 6776 ohci1394 - ok
21:55:34.0825 6776 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:34.0827 6776 ose - ok
21:55:35.0596 6776 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:55:35.0672 6776 osppsvc - ok
21:55:35.0712 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:55:35.0720 6776 p2pimsvc - ok
21:55:35.0912 6776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:55:35.0962 6776 p2psvc - ok
21:55:36.0026 6776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:55:36.0215 6776 Parport - ok
21:55:36.0282 6776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:55:36.0286 6776 partmgr - ok
21:55:36.0451 6776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:55:36.0546 6776 PcaSvc - ok
21:55:36.0598 6776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:55:36.0605 6776 pci - ok
21:55:36.0662 6776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:55:36.0663 6776 pciide - ok
21:55:36.0717 6776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:55:36.0720 6776 pcmcia - ok
21:55:36.0925 6776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:55:36.0926 6776 pcw - ok
21:55:37.0010 6776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:55:37.0062 6776 PEAUTH - ok
21:55:37.0256 6776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:55:37.0258 6776 PerfHost - ok
21:55:37.0285 6776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:55:37.0310 6776 pla - ok
21:55:37.0346 6776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:55:37.0350 6776 PlugPlay - ok
21:55:37.0361 6776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:55:37.0363 6776 PNRPAutoReg - ok
21:55:37.0376 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:55:37.0378 6776 PNRPsvc - ok
21:55:37.0407 6776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:55:37.0412 6776 PolicyAgent - ok
21:55:37.0440 6776 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:55:37.0442 6776 Power - ok
21:55:37.0464 6776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:55:37.0465 6776 PptpMiniport - ok
21:55:37.0480 6776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:55:37.0481 6776 Processor - ok
21:55:37.0513 6776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:55:37.0515 6776 ProfSvc - ok
21:55:37.0528 6776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:55:37.0529 6776 ProtectedStorage - ok
21:55:37.0544 6776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:55:37.0545 6776 Psched - ok
21:55:37.0580 6776 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:55:37.0581 6776 PxHlpa64 - ok
21:55:37.0615 6776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:55:37.0648 6776 ql2300 - ok
21:55:37.0664 6776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:55:37.0675 6776 ql40xx - ok
21:55:37.0693 6776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:55:37.0696 6776 QWAVE - ok
21:55:37.0707 6776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:55:37.0707 6776 QWAVEdrv - ok
21:55:37.0718 6776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:55:37.0719 6776 RasAcd - ok
21:55:37.0752 6776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:37.0753 6776 RasAgileVpn - ok
21:55:37.0762 6776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:55:37.0764 6776 RasAuto - ok
21:55:37.0774 6776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:37.0776 6776 Rasl2tp - ok
21:55:37.0786 6776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:55:37.0790 6776 RasMan - ok
21:55:37.0802 6776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:37.0805 6776 RasPppoe - ok
21:55:37.0814 6776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:55:37.0816 6776 RasSstp - ok
21:55:37.0827 6776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:55:37.0830 6776 rdbss - ok
21:55:37.0844 6776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:55:37.0845 6776 rdpbus - ok
21:55:37.0855 6776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:37.0855 6776 RDPCDD - ok
21:55:37.0871 6776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:55:37.0871 6776 RDPENCDD - ok
21:55:37.0879 6776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:55:37.0879 6776 RDPREFMP - ok
21:55:37.0954 6776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:55:37.0957 6776 RDPWD - ok
21:55:37.0971 6776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:55:37.0973 6776 rdyboost - ok
21:55:37.0990 6776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:55:37.0992 6776 RemoteAccess - ok
21:55:38.0010 6776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:55:38.0014 6776 RemoteRegistry - ok
21:55:38.0421 6776 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:55:38.0452 6776 RoxMediaDB12OEM - ok
21:55:38.0523 6776 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:55:38.0706 6776 RoxWatch12 - ok
21:55:38.0802 6776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:55:38.0807 6776 RpcEptMapper - ok
21:55:38.0844 6776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:55:38.0846 6776 RpcLocator - ok
21:55:38.0969 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
21:55:38.0972 6776 RpcSs - ok
21:55:39.0056 6776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:55:39.0057 6776 rspndr - ok
21:55:39.0139 6776 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:55:39.0141 6776 RTL8167 - ok
21:55:39.0151 6776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:55:39.0152 6776 SamSs - ok
21:55:39.0185 6776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:55:39.0186 6776 sbp2port - ok
21:55:39.0202 6776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:55:39.0204 6776 SCardSvr - ok
21:55:39.0215 6776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:55:39.0216 6776 scfilter - ok
21:55:39.0267 6776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:55:39.0284 6776 Schedule - ok
21:55:39.0310 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:55:39.0311 6776 SCPolicySvc - ok
21:55:39.0321 6776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:55:39.0324 6776 SDRSVC - ok
21:55:39.0344 6776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:55:39.0345 6776 secdrv - ok
21:55:39.0356 6776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:55:39.0358 6776 seclogon - ok
21:55:39.0379 6776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:55:39.0381 6776 SENS - ok
21:55:39.0400 6776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:55:39.0402 6776 SensrSvc - ok
21:55:39.0413 6776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:55:39.0414 6776 Serenum - ok
21:55:39.0523 6776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:55:39.0564 6776 Serial - ok
21:55:39.0618 6776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:55:39.0624 6776 sermouse - ok
21:55:39.0657 6776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:55:39.0796 6776 SessionEnv - ok
21:55:39.0820 6776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:55:39.0821 6776 sffdisk - ok
21:55:39.0873 6776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:55:39.0874 6776 sffp_mmc - ok
21:55:39.0888 6776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:55:39.0890 6776 sffp_sd - ok
21:55:39.0905 6776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:55:39.0906 6776 sfloppy - ok
21:55:39.0954 6776 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:55:39.0957 6776 Sftfs - ok
21:55:40.0051 6776 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:55:40.0056 6776 sftlist - ok
21:55:40.0222 6776 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:55:40.0223 6776 Sftplay - ok
21:55:40.0272 6776 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:55:40.0272 6776 Sftredir - ok
21:55:40.0977 6776 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:55:41.0016 6776 SftService - ok
21:55:41.0081 6776 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:55:41.0081 6776 Sftvol - ok
21:55:41.0138 6776 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:55:41.0140 6776 sftvsa - ok
21:55:41.0286 6776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:55:41.0290 6776 SharedAccess - ok
21:55:41.0321 6776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:55:41.0325 6776 ShellHWDetection - ok
21:55:41.0384 6776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:55:41.0405 6776 SiSRaid2 - ok
21:55:41.0430 6776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:55:41.0441 6776 SiSRaid4 - ok
21:55:41.0511 6776 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:41.0516 6776 SkypeUpdate - ok
21:55:41.0587 6776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:55:41.0632 6776 Smb - ok
21:55:41.0703 6776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:55:41.0724 6776 SNMPTRAP - ok
21:55:41.0785 6776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:55:41.0785 6776 spldr - ok
21:55:42.0007 6776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:55:42.0039 6776 Spooler - ok
21:55:42.0629 6776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:55:42.0645 6776 sppsvc - ok
21:55:42.0666 6776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:55:42.0669 6776 sppuinotify - ok
21:55:42.0739 6776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:55:42.0743 6776 srv - ok
21:55:42.0830 6776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:55:42.0885 6776 srv2 - ok
21:55:42.0949 6776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:55:42.0951 6776 srvnet - ok
21:55:42.0995 6776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:55:42.0999 6776 SSDPSRV - ok
21:55:43.0056 6776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:55:43.0059 6776 SstpSvc - ok
21:55:43.0207 6776 Steam Client Service - ok
21:55:43.0263 6776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:55:43.0265 6776 stexstor - ok
21:55:43.0366 6776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:55:43.0373 6776 stisvc - ok
21:55:43.0496 6776 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:55:43.0515 6776 stllssvr - ok
21:55:43.0554 6776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:55:43.0554 6776 swenum - ok
21:55:43.0725 6776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:55:43.0758 6776 swprv - ok
21:55:43.0796 6776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:55:43.0822 6776 SysMain - ok
21:55:43.0833 6776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:55:43.0836 6776 TabletInputService - ok
21:55:43.0848 6776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:55:43.0853 6776 TapiSrv - ok
21:55:43.0862 6776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:55:43.0865 6776 TBS - ok
21:55:44.0343 6776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:55:44.0374 6776 Tcpip - ok
21:55:44.0856 6776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:55:44.0863 6776 TCPIP6 - ok
21:55:45.0011 6776 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:55:45.0013 6776 tcpipreg - ok
21:55:45.0086 6776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:55:45.0087 6776 TDPIPE - ok
21:55:45.0161 6776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:55:45.0175 6776 TDTCP - ok
21:55:45.0193 6776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:55:45.0195 6776 tdx - ok
21:55:45.0202 6776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:55:45.0203 6776 TermDD - ok
21:55:45.0225 6776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:55:45.0231 6776 TermService - ok
21:55:45.0244 6776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:55:45.0246 6776 Themes - ok
21:55:45.0260 6776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:55:45.0261 6776 THREADORDER - ok
21:55:45.0267 6776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:55:45.0269 6776 TrkWks - ok
21:55:45.0309 6776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:55:45.0311 6776 TrustedInstaller - ok
21:55:45.0322 6776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:45.0323 6776 tssecsrv - ok
21:55:45.0350 6776 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:55:45.0351 6776 TsUsbFlt - ok
21:55:45.0360 6776 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:55:45.0361 6776 TsUsbGD - ok
21:55:45.0387 6776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:55:45.0389 6776 tunnel - ok
21:55:45.0405 6776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:55:45.0407 6776 uagp35 - ok
21:55:45.0429 6776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:55:45.0432 6776 udfs - ok
21:55:45.0442 6776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:55:45.0443 6776 UI0Detect - ok
21:55:45.0453 6776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:55:45.0455 6776 uliagpkx - ok
21:55:45.0472 6776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:55:45.0473 6776 umbus - ok
21:55:45.0482 6776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:55:45.0483 6776 UmPass - ok
21:55:45.0498 6776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:55:45.0503 6776 upnphost - ok
21:55:45.0554 6776 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:55:45.0555 6776 usbaudio - ok
21:55:45.0567 6776 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:45.0569 6776 usbccgp - ok
21:55:45.0590 6776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:55:45.0592 6776 usbcir - ok
21:55:45.0607 6776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:55:45.0608 6776 usbehci - ok
21:55:45.0653 6776 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:55:45.0656 6776 usbhub - ok
21:55:45.0669 6776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:55:45.0670 6776 usbohci - ok
21:55:45.0678 6776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:55:45.0679 6776 usbprint - ok
21:55:45.0691 6776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:45.0692 6776 USBSTOR - ok
21:55:45.0717 6776 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:55:45.0718 6776 usbuhci - ok
21:55:45.0753 6776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:55:45.0756 6776 usbvideo - ok
21:55:45.0774 6776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:55:45.0776 6776 UxSms - ok
21:55:45.0786 6776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:55:45.0787 6776 VaultSvc - ok
21:55:45.0789 6776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:55:45.0789 6776 vdrvroot - ok
21:55:45.0817 6776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:55:45.0822 6776 vds - ok
21:55:45.0831 6776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:45.0833 6776 vga - ok
21:55:45.0844 6776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:55:45.0845 6776 VgaSave - ok
21:55:45.0860 6776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:55:45.0862 6776 vhdmp - ok
21:55:45.0871 6776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:55:45.0873 6776 viaide - ok
21:55:45.0882 6776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:55:45.0883 6776 volmgr - ok
21:55:45.0897 6776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:55:45.0900 6776 volmgrx - ok
21:55:45.0911 6776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:55:45.0913 6776 volsnap - ok
21:55:45.0938 6776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:55:45.0940 6776 vsmraid - ok
21:55:45.0972 6776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:55:45.0998 6776 VSS - ok
21:55:46.0013 6776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:55:46.0014 6776 vwifibus - ok
21:55:46.0033 6776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:55:46.0038 6776 W32Time - ok
21:55:46.0049 6776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:55:46.0050 6776 WacomPen - ok
21:55:46.0063 6776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:55:46.0064 6776 WANARP - ok
21:55:46.0067 6776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:55:46.0067 6776 Wanarpv6 - ok
21:55:46.0108 6776 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:55:46.0125 6776 WatAdminSvc - ok
21:55:46.0156 6776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:55:46.0181 6776 wbengine - ok
21:55:46.0189 6776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:55:46.0192 6776 WbioSrvc - ok
21:55:46.0203 6776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:55:46.0207 6776 wcncsvc - ok
21:55:46.0219 6776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:55:46.0227 6776 WcsPlugInService - ok
21:55:46.0233 6776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:55:46.0234 6776 Wd - ok
21:55:46.0313 6776 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:55:46.0330 6776 Wdf01000 - ok
21:55:46.0339 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:55:46.0341 6776 WdiServiceHost - ok
21:55:46.0343 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:55:46.0345 6776 WdiSystemHost - ok
21:55:46.0357 6776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:55:46.0361 6776 WebClient - ok
21:55:46.0373 6776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:55:46.0381 6776 Wecsvc - ok
21:55:46.0413 6776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:55:46.0420 6776 wercplsupport - ok
21:55:46.0430 6776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:55:46.0432 6776 WerSvc - ok
21:55:46.0444 6776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:46.0445 6776 WfpLwf - ok
21:55:46.0565 6776 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:55:46.0581 6776 WimFltr - ok
21:55:46.0619 6776 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:55:46.0654 6776 WIMMount - ok
21:55:46.0679 6776 WinDefend - ok
21:55:46.0683 6776 WinHttpAutoProxySvc - ok
21:55:46.0985 6776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:55:47.0023 6776 Winmgmt - ok
21:55:47.0212 6776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:55:47.0271 6776 WinRM - ok
21:55:47.0410 6776 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:47.0412 6776 WinUsb - ok
21:55:47.0454 6776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:55:47.0469 6776 Wlansvc - ok
21:55:47.0513 6776 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:55:47.0515 6776 wlcrasvc - ok
21:55:47.0751 6776 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:55:47.0785 6776 wlidsvc - ok
21:55:47.0798 6776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:55:47.0800 6776 WmiAcpi - ok
21:55:47.0810 6776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:55:47.0812 6776 wmiApSrv - ok
21:55:47.0836 6776 WMPNetworkSvc - ok
21:55:47.0857 6776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:55:47.0859 6776 WPCSvc - ok
21:55:47.0875 6776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:55:47.0878 6776 WPDBusEnum - ok
21:55:47.0891 6776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:55:47.0893 6776 ws2ifsl - ok
21:55:47.0977 6776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:55:47.0980 6776 wscsvc - ok
21:55:47.0982 6776 WSearch - ok
21:55:48.0625 6776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:55:48.0692 6776 wuauserv - ok
21:55:48.0775 6776 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:55:48.0794 6776 WudfPf - ok
21:55:49.0094 6776 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:49.0097 6776 WUDFRd - ok
21:55:49.0145 6776 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:55:49.0176 6776 wudfsvc - ok
21:55:49.0216 6776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:55:49.0245 6776 WwanSvc - ok
21:55:49.0251 6776 ================ Scan global ===============================
21:55:49.0290 6776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:55:49.0351 6776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:55:49.0448 6776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:55:49.0534 6776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:55:49.0581 6776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:55:49.0598 6776 [Global] - ok
21:55:49.0598 6776 ================ Scan MBR ==================================
21:55:49.0604 6776 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:55:49.0604 6776 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:55:49.0782 6776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:55:49.0782 6776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:55:49.0782 6776 ================ Scan VBR ==================================
21:55:49.0793 6776 [ CA03A91B6CFBDE7DB1EB2F4B97FF444F ] \Device\Harddisk0\DR0\Partition1
21:55:49.0818 6776 \Device\Harddisk0\DR0\Partition1 - ok
21:55:49.0843 6776 [ 2BB052776FE950E7876DCDC7CBF5731E ] \Device\Harddisk0\DR0\Partition2
21:55:49.0846 6776 \Device\Harddisk0\DR0\Partition2 - ok
21:55:49.0846 6776 ============================================================
21:55:49.0846 6776 Scan finished
21:55:49.0846 6776 ============================================================
21:55:49.0851 3268 Detected object count: 1
21:55:49.0851 3268 Actual detected object count: 1
21:56:05.0127 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
21:56:05.0127 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 05 December 2012 - 02:41 AM

Execute TDSSKiller.exe and press Start Scan.
  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 ss624

ss624
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 07 December 2012 - 07:35 PM

contents of log file:
18:16:53.0740 5356 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:16:54.0052 5356 ============================================================
18:16:54.0052 5356 Current date / time: 2012/12/07 18:16:54.0052
18:16:54.0052 5356 SystemInfo:
18:16:54.0052 5356
18:16:54.0052 5356 OS Version: 6.1.7601 ServicePack: 1.0
18:16:54.0052 5356 Product type: Workstation
18:16:54.0052 5356 ComputerName: DELL-PC
18:16:54.0052 5356 UserName: Mom
18:16:54.0052 5356 Windows directory: C:\Windows
18:16:54.0052 5356 System windows directory: C:\Windows
18:16:54.0052 5356 Running under WOW64
18:16:54.0052 5356 Processor architecture: Intel x64
18:16:54.0052 5356 Number of processors: 4
18:16:54.0052 5356 Page size: 0x1000
18:16:54.0052 5356 Boot type: Normal boot
18:16:54.0052 5356 ============================================================
18:17:18.0513 5356 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:17:18.0544 5356 ============================================================
18:17:18.0544 5356 \Device\Harddisk0\DR0:
18:17:18.0575 5356 MBR partitions:
18:17:18.0575 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
18:17:18.0575 5356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
18:17:18.0575 5356 ============================================================
18:17:18.0794 5356 C: <-> \Device\Harddisk0\DR0\Partition2
18:17:18.0794 5356 ============================================================
18:17:18.0794 5356 Initialize success
18:17:18.0794 5356 ============================================================
18:17:25.0798 6140 ============================================================
18:17:25.0798 6140 Scan started
18:17:25.0798 6140 Mode: Manual;
18:17:25.0798 6140 ============================================================
18:17:42.0568 6140 ================ Scan system memory ========================
18:17:42.0568 6140 System memory - ok
18:17:42.0584 6140 ================ Scan services =============================
18:17:43.0925 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:17:43.0941 6140 1394ohci - ok
18:17:44.0081 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:17:44.0097 6140 ACPI - ok
18:17:44.0159 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:17:44.0175 6140 AcpiPmi - ok
18:17:45.0719 6140 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:17:45.0751 6140 AdobeFlashPlayerUpdateSvc - ok
18:17:46.0156 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:17:46.0156 6140 adp94xx - ok
18:17:46.0312 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:17:46.0328 6140 adpahci - ok
18:17:46.0359 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:17:46.0390 6140 adpu320 - ok
18:17:46.0421 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:17:46.0437 6140 AeLookupSvc - ok
18:17:46.0562 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:17:46.0593 6140 AFD - ok
18:17:46.0640 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:17:46.0655 6140 agp440 - ok
18:17:46.0687 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:17:46.0718 6140 ALG - ok
18:17:46.0796 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:17:46.0811 6140 aliide - ok
18:17:46.0858 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:17:46.0874 6140 amdide - ok
18:17:46.0952 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:17:46.0967 6140 AmdK8 - ok
18:17:47.0014 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:17:47.0030 6140 AmdPPM - ok
18:17:47.0061 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:17:47.0092 6140 amdsata - ok
18:17:47.0139 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:17:47.0155 6140 amdsbs - ok
18:17:47.0186 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:17:47.0186 6140 amdxata - ok
18:17:47.0326 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:17:47.0342 6140 AppID - ok
18:17:47.0451 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:17:47.0498 6140 AppIDSvc - ok
18:17:47.0654 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:17:47.0669 6140 Appinfo - ok
18:17:47.0872 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:17:47.0903 6140 arc - ok
18:17:47.0981 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:17:48.0044 6140 arcsas - ok
18:17:48.0637 6140 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:17:48.0777 6140 aspnet_state - ok
18:17:48.0839 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:17:48.0855 6140 AsyncMac - ok
18:17:48.0902 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:17:48.0902 6140 atapi - ok
18:17:49.0151 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:17:49.0198 6140 AudioEndpointBuilder - ok
18:17:49.0323 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:17:49.0323 6140 AudioSrv - ok
18:17:49.0479 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:17:49.0510 6140 AxInstSV - ok
18:17:49.0666 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:17:49.0713 6140 b06bdrv - ok
18:17:49.0900 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:17:49.0916 6140 b57nd60a - ok
18:17:50.0041 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:17:50.0072 6140 BDESVC - ok
18:17:50.0165 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:17:50.0165 6140 Beep - ok
18:17:50.0618 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:17:50.0665 6140 BFE - ok
18:17:50.0914 6140 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:17:50.0945 6140 BITS - ok
18:17:51.0086 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:17:51.0117 6140 blbdrive - ok
18:17:51.0913 6140 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:17:51.0959 6140 Bonjour Service - ok
18:17:52.0412 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:17:52.0459 6140 bowser - ok
18:17:52.0724 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:17:52.0833 6140 BrFiltLo - ok
18:17:53.0488 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:17:53.0566 6140 BrFiltUp - ok
18:17:53.0785 6140 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:17:53.0816 6140 BridgeMP - ok
18:17:54.0097 6140 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:17:54.0128 6140 Browser - ok
18:17:54.0237 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:17:54.0284 6140 Brserid - ok
18:17:54.0362 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:17:54.0424 6140 BrSerWdm - ok
18:17:54.0487 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:17:54.0533 6140 BrUsbMdm - ok
18:17:54.0674 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:17:54.0845 6140 BrUsbSer - ok
18:17:54.0939 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:17:55.0001 6140 BTHMODEM - ok
18:17:55.0173 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:17:55.0189 6140 bthserv - ok
18:17:55.0376 6140 catchme - ok
18:17:55.0469 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:17:55.0501 6140 cdfs - ok
18:17:55.0688 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:17:55.0750 6140 cdrom - ok
18:17:56.0000 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:17:56.0031 6140 CertPropSvc - ok
18:17:56.0265 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:17:56.0312 6140 circlass - ok
18:17:56.0546 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:17:56.0577 6140 CLFS - ok
18:17:57.0217 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:57.0279 6140 clr_optimization_v2.0.50727_32 - ok
18:17:57.0591 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:17:57.0856 6140 clr_optimization_v2.0.50727_64 - ok
18:17:58.0558 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:17:59.0073 6140 clr_optimization_v4.0.30319_32 - ok
18:17:59.0182 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:17:59.0697 6140 clr_optimization_v4.0.30319_64 - ok
18:17:59.0853 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:17:59.0915 6140 CmBatt - ok
18:17:59.0993 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:18:00.0025 6140 cmdide - ok
18:18:00.0337 6140 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:18:00.0352 6140 CNG - ok
18:18:00.0742 6140 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:18:00.0742 6140 CnxtHdAudService - ok
18:18:00.0914 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:18:00.0992 6140 Compbatt - ok
18:18:01.0195 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:18:01.0210 6140 CompositeBus - ok
18:18:01.0257 6140 COMSysApp - ok
18:18:01.0382 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:18:01.0397 6140 crcdisk - ok
18:18:01.0569 6140 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:18:01.0585 6140 CryptSvc - ok
18:18:02.0287 6140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:18:02.0318 6140 cvhsvc - ok
18:18:02.0427 6140 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:18:02.0458 6140 dc3d - ok
18:18:02.0630 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:18:02.0677 6140 DcomLaunch - ok
18:18:02.0833 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:18:02.0895 6140 defragsvc - ok
18:18:03.0004 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:18:03.0020 6140 DfsC - ok
18:18:03.0207 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:18:03.0269 6140 Dhcp - ok
18:18:03.0363 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:18:03.0379 6140 discache - ok
18:18:03.0613 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:18:03.0644 6140 Disk - ok
18:18:03.0909 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:18:03.0987 6140 Dnscache - ok
18:18:04.0159 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:18:04.0190 6140 dot3svc - ok
18:18:04.0299 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:18:04.0330 6140 DPS - ok
18:18:04.0471 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:18:04.0486 6140 drmkaud - ok
18:18:04.0845 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:18:04.0845 6140 DXGKrnl - ok
18:18:04.0939 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:18:04.0954 6140 EapHost - ok
18:18:05.0921 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:18:06.0062 6140 ebdrv - ok
18:18:06.0155 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:18:06.0171 6140 EFS - ok
18:18:06.0514 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:18:06.0592 6140 ehRecvr - ok
18:18:06.0639 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:18:06.0670 6140 ehSched - ok
18:18:06.0795 6140 [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
18:18:06.0795 6140 ElRawDisk - ok
18:18:07.0076 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:18:07.0123 6140 elxstor - ok
18:18:07.0154 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:18:07.0185 6140 ErrDev - ok
18:18:07.0450 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:18:07.0466 6140 EventSystem - ok
18:18:07.0575 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:18:07.0591 6140 exfat - ok
18:18:07.0700 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:18:07.0731 6140 fastfat - ok
18:18:08.0152 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:18:08.0230 6140 Fax - ok
18:18:08.0339 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:18:08.0402 6140 fdc - ok
18:18:08.0511 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:18:08.0558 6140 fdPHost - ok
18:18:08.0683 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:18:08.0714 6140 FDResPub - ok
18:18:08.0839 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:18:08.0885 6140 FileInfo - ok
18:18:08.0948 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:18:08.0979 6140 Filetrace - ok
18:18:09.0369 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:18:09.0400 6140 flpydisk - ok
18:18:09.0494 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:18:09.0556 6140 FltMgr - ok
18:18:09.0962 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:18:10.0009 6140 FontCache - ok
18:18:10.0258 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:10.0274 6140 FontCache3.0.0.0 - ok
18:18:10.0321 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:18:10.0336 6140 FsDepends - ok
18:18:10.0430 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:18:10.0430 6140 Fs_Rec - ok
18:18:10.0508 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:18:10.0539 6140 fvevol - ok
18:18:10.0633 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:18:10.0991 6140 gagp30kx - ok
18:18:11.0335 6140 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:18:11.0522 6140 GamesAppService - ok
18:18:11.0865 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:18:11.0912 6140 gpsvc - ok
18:18:12.0349 6140 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:18:12.0380 6140 gupdate - ok
18:18:12.0551 6140 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:18:12.0551 6140 gupdatem - ok
18:18:12.0848 6140 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:18:12.0957 6140 gusvc - ok
18:18:13.0051 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:18:13.0082 6140 hcw85cir - ok
18:18:13.0207 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:18:13.0222 6140 HDAudBus - ok
18:18:13.0425 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:18:13.0456 6140 HidBatt - ok
18:18:13.0503 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:18:13.0550 6140 HidBth - ok
18:18:13.0612 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:18:13.0628 6140 HidIr - ok
18:18:13.0721 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:18:13.0753 6140 hidserv - ok
18:18:13.0846 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:18:13.0877 6140 HidUsb - ok
18:18:13.0940 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:18:13.0971 6140 hkmsvc - ok
18:18:14.0143 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:18:14.0174 6140 HomeGroupListener - ok
18:18:14.0299 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:18:14.0314 6140 HomeGroupProvider - ok
18:18:14.0392 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:18:14.0439 6140 HpSAMD - ok
18:18:14.0626 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:18:14.0642 6140 HTTP - ok
18:18:14.0751 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:18:14.0751 6140 hwpolicy - ok
18:18:14.0892 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:18:14.0907 6140 i8042prt - ok
18:18:15.0687 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:18:15.0781 6140 iaStorV - ok
18:18:16.0218 6140 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:18:16.0264 6140 IDriverT - ok
18:18:16.0764 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:18:16.0857 6140 idsvc - ok
18:18:18.0339 6140 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:18:18.0526 6140 igfx - ok
18:18:18.0573 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:18:18.0589 6140 iirsp - ok
18:18:18.0792 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:18:18.0823 6140 IKEEXT - ok
18:18:18.0979 6140 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:18:18.0994 6140 IntcDAud - ok
18:18:19.0088 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:18:19.0088 6140 intelide - ok
18:18:19.0135 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:18:19.0135 6140 intelppm - ok
18:18:19.0416 6140 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:18:19.0462 6140 IntuitUpdateServiceV4 - ok
18:18:19.0712 6140 [ 8C2D445F874CB05773B813ED853607CF ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
18:18:19.0728 6140 ioloSystemService - ok
18:18:19.0759 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:18:19.0790 6140 IPBusEnum - ok
18:18:19.0852 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:19.0899 6140 IpFilterDriver - ok
18:18:20.0118 6140 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:18:20.0149 6140 iphlpsvc - ok
18:18:20.0196 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:18:20.0227 6140 IPMIDRV - ok
18:18:20.0305 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:18:20.0320 6140 IPNAT - ok
18:18:20.0367 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:18:20.0383 6140 IRENUM - ok
18:18:20.0476 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:18:20.0476 6140 isapnp - ok
18:18:20.0882 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:18:20.0929 6140 iScsiPrt - ok
18:18:21.0116 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:18:21.0116 6140 kbdclass - ok
18:18:21.0163 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:18:21.0163 6140 kbdhid - ok
18:18:21.0210 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:18:21.0210 6140 KeyIso - ok
18:18:21.0334 6140 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:18:21.0350 6140 KSecDD - ok
18:18:21.0428 6140 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:18:21.0522 6140 KSecPkg - ok
18:18:21.0615 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:18:21.0678 6140 ksthunk - ok
18:18:22.0146 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:18:22.0224 6140 KtmRm - ok
18:18:22.0395 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:18:22.0411 6140 LanmanServer - ok
18:18:22.0504 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:18:22.0520 6140 LanmanWorkstation - ok
18:18:22.0629 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:18:22.0645 6140 lltdio - ok
18:18:22.0738 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:18:22.0754 6140 lltdsvc - ok
18:18:22.0816 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:18:22.0848 6140 lmhosts - ok
18:18:22.0926 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:18:22.0941 6140 LSI_FC - ok
18:18:23.0004 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:18:23.0035 6140 LSI_SAS - ok
18:18:23.0066 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:18:23.0113 6140 LSI_SAS2 - ok
18:18:23.0144 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:18:23.0160 6140 LSI_SCSI - ok
18:18:23.0300 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:18:23.0316 6140 luafv - ok
18:18:23.0440 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:18:23.0487 6140 Mcx2Svc - ok
18:18:23.0534 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:18:23.0612 6140 megasas - ok
18:18:23.0784 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:18:23.0830 6140 MegaSR - ok
18:18:23.0971 6140 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:18:23.0971 6140 MEIx64 - ok
18:18:24.0376 6140 Microsoft SharePoint Workspace Audit Service - ok
18:18:24.0486 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:18:24.0501 6140 MMCSS - ok
18:18:24.0579 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:18:24.0579 6140 Modem - ok
18:18:24.0626 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:18:24.0626 6140 monitor - ok
18:18:24.0751 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:18:24.0751 6140 mouclass - ok
18:18:24.0844 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:18:24.0860 6140 mouhid - ok
18:18:24.0985 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:18:25.0000 6140 mountmgr - ok
18:18:25.0078 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:18:25.0094 6140 mpio - ok
18:18:25.0156 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:18:25.0172 6140 mpsdrv - ok
18:18:25.0765 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:18:25.0812 6140 MpsSvc - ok
18:18:25.0890 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:18:25.0905 6140 MRxDAV - ok
18:18:25.0999 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:26.0014 6140 mrxsmb - ok
18:18:26.0092 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:26.0092 6140 mrxsmb10 - ok
18:18:26.0124 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:26.0139 6140 mrxsmb20 - ok
18:18:26.0202 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:18:26.0233 6140 msahci - ok
18:18:26.0280 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:18:26.0295 6140 msdsm - ok
18:18:26.0342 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:18:26.0373 6140 MSDTC - ok
18:18:26.0389 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:18:26.0404 6140 Msfs - ok
18:18:26.0498 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:18:26.0514 6140 mshidkmdf - ok
18:18:26.0576 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:18:26.0576 6140 msisadrv - ok
18:18:26.0685 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:18:26.0716 6140 MSiSCSI - ok
18:18:26.0716 6140 msiserver - ok
18:18:26.0779 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:18:26.0794 6140 MSKSSRV - ok
18:18:26.0826 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:26.0841 6140 MSPCLOCK - ok
18:18:26.0857 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:18:26.0872 6140 MSPQM - ok
18:18:26.0982 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:18:26.0997 6140 MsRPC - ok
18:18:27.0028 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:18:27.0028 6140 mssmbios - ok
18:18:27.0106 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:18:27.0106 6140 MSTEE - ok
18:18:27.0138 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:18:27.0169 6140 MTConfig - ok
18:18:27.0200 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:18:27.0200 6140 Mup - ok
18:18:27.0434 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:18:27.0450 6140 napagent - ok
18:18:27.0652 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:18:27.0668 6140 NativeWifiP - ok
18:18:28.0042 6140 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
18:18:28.0074 6140 NAUpdate - ok
18:18:28.0354 6140 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:18:28.0401 6140 NDIS - ok
18:18:28.0448 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:18:28.0448 6140 NdisCap - ok
18:18:28.0510 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:28.0526 6140 NdisTapi - ok
18:18:28.0604 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:28.0620 6140 Ndisuio - ok
18:18:28.0682 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:28.0698 6140 NdisWan - ok
18:18:28.0744 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:18:28.0760 6140 NDProxy - ok
18:18:28.0807 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:18:28.0822 6140 NetBIOS - ok
18:18:28.0869 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:18:28.0885 6140 NetBT - ok
18:18:28.0932 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:18:28.0932 6140 Netlogon - ok
18:18:29.0041 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:18:29.0056 6140 Netman - ok
18:18:29.0134 6140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:29.0290 6140 NetMsmqActivator - ok
18:18:29.0290 6140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:29.0290 6140 NetPipeActivator - ok
18:18:29.0431 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:18:29.0446 6140 netprofm - ok
18:18:29.0493 6140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:29.0493 6140 NetTcpActivator - ok
18:18:29.0493 6140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:29.0493 6140 NetTcpPortSharing - ok
18:18:29.0540 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:18:29.0587 6140 nfrd960 - ok
18:18:29.0743 6140 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:18:29.0758 6140 NlaSvc - ok
18:18:30.0460 6140 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:18:30.0554 6140 NOBU - ok
18:18:30.0585 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:18:30.0616 6140 Npfs - ok
18:18:30.0648 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:18:30.0679 6140 nsi - ok
18:18:30.0694 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:18:30.0726 6140 nsiproxy - ok
18:18:30.0960 6140 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:18:31.0022 6140 Ntfs - ok
18:18:31.0084 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:18:31.0116 6140 Null - ok
18:18:31.0209 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:18:31.0272 6140 nvraid - ok
18:18:31.0428 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:18:31.0443 6140 nvstor - ok
18:18:31.0490 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:18:31.0521 6140 nv_agp - ok
18:18:31.0584 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:18:31.0599 6140 ohci1394 - ok
18:18:31.0849 6140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:31.0880 6140 ose - ok
18:18:32.0629 6140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:18:32.0754 6140 osppsvc - ok
18:18:32.0832 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:18:32.0847 6140 p2pimsvc - ok
18:18:32.0925 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:18:32.0956 6140 p2psvc - ok
18:18:33.0019 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:18:33.0066 6140 Parport - ok
18:18:33.0112 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:18:33.0128 6140 partmgr - ok
18:18:33.0175 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:18:33.0237 6140 PcaSvc - ok
18:18:33.0424 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:18:33.0440 6140 pci - ok
18:18:33.0580 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:18:33.0612 6140 pciide - ok
18:18:33.0674 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:18:33.0721 6140 pcmcia - ok
18:18:33.0736 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:18:33.0752 6140 pcw - ok
18:18:33.0846 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:18:33.0861 6140 PEAUTH - ok
18:18:34.0860 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:18:34.0875 6140 PerfHost - ok
18:18:35.0047 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:18:35.0094 6140 pla - ok
18:18:35.0234 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:18:35.0265 6140 PlugPlay - ok
18:18:35.0312 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:18:35.0328 6140 PNRPAutoReg - ok
18:18:35.0406 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:18:35.0406 6140 PNRPsvc - ok
18:18:35.0624 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:18:35.0655 6140 PolicyAgent - ok
18:18:35.0811 6140 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
18:18:35.0827 6140 Power - ok
18:18:35.0952 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:18:35.0952 6140 PptpMiniport - ok
18:18:35.0998 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:18:36.0030 6140 Processor - ok
18:18:36.0123 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:18:36.0123 6140 ProfSvc - ok
18:18:36.0154 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:18:36.0154 6140 ProtectedStorage - ok
18:18:36.0248 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:18:36.0248 6140 Psched - ok
18:18:36.0420 6140 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:18:36.0420 6140 PxHlpa64 - ok
18:18:36.0778 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:18:36.0856 6140 ql2300 - ok
18:18:36.0919 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:18:36.0934 6140 ql40xx - ok
18:18:37.0044 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:18:37.0059 6140 QWAVE - ok
18:18:37.0137 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:18:37.0153 6140 QWAVEdrv - ok
18:18:37.0184 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:18:37.0231 6140 RasAcd - ok
18:18:37.0324 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:18:37.0340 6140 RasAgileVpn - ok
18:18:37.0434 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:18:37.0465 6140 RasAuto - ok
18:18:37.0543 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:18:37.0558 6140 Rasl2tp - ok
18:18:37.0668 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:18:37.0699 6140 RasMan - ok
18:18:37.0761 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:18:37.0777 6140 RasPppoe - ok
18:18:37.0824 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:18:37.0855 6140 RasSstp - ok
18:18:37.0948 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:18:37.0980 6140 rdbss - ok
18:18:38.0026 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:18:38.0026 6140 rdpbus - ok
18:18:38.0089 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:18:38.0104 6140 RDPCDD - ok
18:18:38.0182 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:18:38.0198 6140 RDPENCDD - ok
18:18:38.0276 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:18:38.0307 6140 RDPREFMP - ok
18:18:38.0370 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:18:38.0385 6140 RDPWD - ok
18:18:38.0463 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:18:38.0494 6140 rdyboost - ok
18:18:38.0650 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:18:38.0666 6140 RemoteAccess - ok
18:18:38.0760 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:18:38.0806 6140 RemoteRegistry - ok
18:18:39.0384 6140 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:18:39.0508 6140 RoxMediaDB12OEM - ok
18:18:39.0586 6140 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:18:39.0586 6140 RoxWatch12 - ok
18:18:39.0633 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:18:39.0664 6140 RpcEptMapper - ok
18:18:39.0711 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:18:39.0727 6140 RpcLocator - ok
18:18:39.0852 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
18:18:39.0852 6140 RpcSs - ok
18:18:39.0976 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:18:40.0023 6140 rspndr - ok
18:18:40.0257 6140 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:18:40.0273 6140 RTL8167 - ok
18:18:40.0304 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:18:40.0304 6140 SamSs - ok
18:18:40.0351 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:18:40.0382 6140 sbp2port - ok
18:18:40.0476 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:18:40.0507 6140 SCardSvr - ok
18:18:40.0522 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:18:40.0569 6140 scfilter - ok
18:18:40.0803 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:18:40.0881 6140 Schedule - ok
18:18:40.0959 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:18:40.0959 6140 SCPolicySvc - ok
18:18:41.0053 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:18:41.0084 6140 SDRSVC - ok
18:18:41.0162 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:18:41.0178 6140 secdrv - ok
18:18:41.0240 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:18:41.0256 6140 seclogon - ok
18:18:41.0380 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:18:41.0412 6140 SENS - ok
18:18:41.0474 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:18:41.0521 6140 SensrSvc - ok
18:18:41.0646 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:18:41.0661 6140 Serenum - ok
18:18:41.0739 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:18:41.0786 6140 Serial - ok
18:18:41.0864 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:18:41.0895 6140 sermouse - ok
18:18:41.0926 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:18:41.0958 6140 SessionEnv - ok
18:18:41.0989 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:18:42.0036 6140 sffdisk - ok
18:18:42.0067 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:18:42.0098 6140 sffp_mmc - ok
18:18:42.0176 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:18:42.0207 6140 sffp_sd - ok
18:18:42.0254 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:18:42.0270 6140 sfloppy - ok
18:18:42.0441 6140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:18:42.0441 6140 Sftfs - ok
18:18:42.0644 6140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:18:42.0675 6140 sftlist - ok
18:18:42.0753 6140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:18:42.0769 6140 Sftplay - ok
18:18:42.0784 6140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:18:42.0784 6140 Sftredir - ok
18:18:43.0752 6140 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:18:43.0814 6140 SftService - ok
18:18:43.0876 6140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:18:43.0876 6140 Sftvol - ok
18:18:43.0954 6140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:18:43.0970 6140 sftvsa - ok
18:18:44.0188 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:18:44.0204 6140 SharedAccess - ok
18:18:44.0329 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:18:44.0376 6140 ShellHWDetection - ok
18:18:44.0422 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:18:44.0469 6140 SiSRaid2 - ok
18:18:44.0500 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:18:44.0500 6140 SiSRaid4 - ok
18:18:44.0750 6140 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:18:44.0750 6140 SkypeUpdate - ok
18:18:44.0812 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:18:44.0812 6140 Smb - ok
18:18:44.0906 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:18:44.0937 6140 SNMPTRAP - ok
18:18:45.0000 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:18:45.0000 6140 spldr - ok
18:18:45.0234 6140 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:18:45.0312 6140 Spooler - ok
18:18:46.0310 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:18:46.0419 6140 sppsvc - ok
18:18:46.0466 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:18:46.0482 6140 sppuinotify - ok
18:18:46.0606 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:18:46.0653 6140 srv - ok
18:18:46.0809 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:18:46.0840 6140 srv2 - ok
18:18:46.0903 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:18:46.0903 6140 srvnet - ok
18:18:47.0028 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:18:47.0028 6140 SSDPSRV - ok
18:18:47.0074 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:18:47.0106 6140 SstpSvc - ok
18:18:47.0246 6140 Steam Client Service - ok
18:18:47.0355 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:18:47.0402 6140 stexstor - ok
18:18:47.0652 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:18:47.0714 6140 stisvc - ok
18:18:47.0823 6140 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:18:47.0854 6140 stllssvr - ok
18:18:47.0886 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:18:47.0886 6140 swenum - ok
18:18:48.0057 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:18:48.0120 6140 swprv - ok
18:18:48.0385 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:18:48.0447 6140 SysMain - ok
18:18:48.0494 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:18:48.0525 6140 TabletInputService - ok
18:18:48.0681 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:18:48.0712 6140 TapiSrv - ok
18:18:48.0744 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:18:48.0775 6140 TBS - ok
18:18:49.0212 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:18:49.0336 6140 Tcpip - ok
18:18:49.0539 6140 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:18:49.0555 6140 TCPIP6 - ok
18:18:49.0617 6140 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:18:49.0648 6140 tcpipreg - ok
18:18:49.0680 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:18:49.0680 6140 TDPIPE - ok
18:18:49.0726 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:18:49.0773 6140 TDTCP - ok
18:18:49.0804 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:18:49.0820 6140 tdx - ok
18:18:49.0898 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:18:49.0898 6140 TermDD - ok
18:18:50.0194 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:18:50.0241 6140 TermService - ok
18:18:50.0288 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:18:50.0304 6140 Themes - ok
18:18:50.0350 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:18:50.0350 6140 THREADORDER - ok
18:18:50.0428 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:18:50.0444 6140 TrkWks - ok
18:18:50.0569 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:18:50.0584 6140 TrustedInstaller - ok
18:18:50.0631 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:18:50.0647 6140 tssecsrv - ok
18:18:50.0678 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:18:50.0694 6140 TsUsbFlt - ok
18:18:50.0725 6140 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:18:50.0725 6140 TsUsbGD - ok
18:18:50.0803 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:18:50.0803 6140 tunnel - ok
18:18:50.0850 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:18:50.0865 6140 uagp35 - ok
18:18:50.0974 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:18:51.0021 6140 udfs - ok
18:18:51.0052 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:18:51.0099 6140 UI0Detect - ok
18:18:51.0162 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:18:51.0193 6140 uliagpkx - ok
18:18:51.0302 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:18:51.0333 6140 umbus - ok
18:18:51.0396 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:18:51.0411 6140 UmPass - ok
18:18:51.0536 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:18:51.0645 6140 upnphost - ok
18:18:51.0754 6140 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:18:51.0786 6140 usbaudio - ok
18:18:51.0848 6140 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:18:51.0848 6140 usbccgp - ok
18:18:51.0926 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:18:51.0942 6140 usbcir - ok
18:18:52.0082 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:18:52.0113 6140 usbehci - ok
18:18:52.0222 6140 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:18:52.0254 6140 usbhub - ok
18:18:52.0269 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:18:52.0300 6140 usbohci - ok
18:18:52.0332 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:18:52.0363 6140 usbprint - ok
18:18:52.0394 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:18:52.0410 6140 USBSTOR - ok
18:18:52.0503 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:18:52.0534 6140 usbuhci - ok
18:18:52.0675 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:18:52.0706 6140 usbvideo - ok
18:18:52.0753 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:18:52.0784 6140 UxSms - ok
18:18:52.0815 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:18:52.0815 6140 VaultSvc - ok
18:18:53.0096 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:18:53.0096 6140 vdrvroot - ok
18:18:53.0314 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:18:53.0346 6140 vds - ok
18:18:53.0439 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:18:53.0455 6140 vga - ok
18:18:53.0533 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:18:53.0580 6140 VgaSave - ok
18:18:53.0642 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:18:53.0658 6140 vhdmp - ok
18:18:53.0751 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:18:53.0767 6140 viaide - ok
18:18:53.0845 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:18:53.0860 6140 volmgr - ok
18:18:53.0954 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:18:53.0970 6140 volmgrx - ok
18:18:54.0032 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:18:54.0032 6140 volsnap - ok
18:18:54.0079 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:18:54.0110 6140 vsmraid - ok
18:18:54.0375 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:18:54.0453 6140 VSS - ok
18:18:54.0500 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:18:54.0516 6140 vwifibus - ok
18:18:54.0672 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:18:54.0703 6140 W32Time - ok
18:18:54.0750 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:18:54.0765 6140 WacomPen - ok
18:18:54.0843 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:18:54.0859 6140 WANARP - ok
18:18:54.0921 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:18:54.0921 6140 Wanarpv6 - ok
18:18:55.0342 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:18:55.0405 6140 WatAdminSvc - ok
18:18:55.0701 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:18:55.0764 6140 wbengine - ok
18:18:55.0810 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:18:55.0826 6140 WbioSrvc - ok
18:18:55.0951 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:18:55.0982 6140 wcncsvc - ok
18:18:56.0013 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:18:56.0029 6140 WcsPlugInService - ok
18:18:56.0107 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:18:56.0138 6140 Wd - ok
18:18:56.0278 6140 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:18:56.0325 6140 Wdf01000 - ok
18:18:56.0372 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:18:56.0388 6140 WdiServiceHost - ok
18:18:56.0403 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:18:56.0403 6140 WdiSystemHost - ok
18:18:56.0497 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:18:56.0512 6140 WebClient - ok
18:18:56.0606 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:18:56.0606 6140 Wecsvc - ok
18:18:56.0653 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:18:56.0668 6140 wercplsupport - ok
18:18:56.0746 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:18:56.0762 6140 WerSvc - ok
18:18:56.0887 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:18:56.0902 6140 WfpLwf - ok
18:18:57.0105 6140 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:18:57.0105 6140 WimFltr - ok
18:18:57.0136 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:18:57.0152 6140 WIMMount - ok
18:18:57.0355 6140 WinDefend - ok
18:18:57.0355 6140 WinHttpAutoProxySvc - ok
18:18:57.0807 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:18:57.0823 6140 Winmgmt - ok
18:18:58.0228 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:18:58.0291 6140 WinRM - ok
18:18:58.0509 6140 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:18:58.0556 6140 WinUsb - ok
18:18:58.0774 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:18:58.0806 6140 Wlansvc - ok
18:18:59.0055 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:18:59.0149 6140 wlcrasvc - ok
18:18:59.0648 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:18:59.0664 6140 wlidsvc - ok
18:18:59.0726 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:18:59.0742 6140 WmiAcpi - ok
18:18:59.0835 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:18:59.0866 6140 wmiApSrv - ok
18:18:59.0944 6140 WMPNetworkSvc - ok
18:19:00.0038 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:19:00.0085 6140 WPCSvc - ok
18:19:00.0132 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:19:00.0163 6140 WPDBusEnum - ok
18:19:00.0210 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:19:00.0225 6140 ws2ifsl - ok
18:19:00.0319 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:19:00.0334 6140 wscsvc - ok
18:19:00.0334 6140 WSearch - ok
18:19:00.0771 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:19:00.0834 6140 wuauserv - ok
18:19:00.0880 6140 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:19:00.0912 6140 WudfPf - ok
18:19:01.0036 6140 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:01.0068 6140 WUDFRd - ok
18:19:01.0130 6140 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:19:01.0130 6140 wudfsvc - ok
18:19:01.0255 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:19:01.0270 6140 WwanSvc - ok
18:19:01.0286 6140 ================ Scan global ===============================
18:19:01.0380 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:19:01.0489 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:19:01.0536 6140 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:19:01.0598 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:19:02.0019 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:19:02.0066 6140 [Global] - ok
18:19:02.0066 6140 ================ Scan MBR ==================================
18:19:02.0082 6140 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:19:02.0082 6140 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:19:02.0394 6140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:19:02.0394 6140 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:19:02.0394 6140 ================ Scan VBR ==================================
18:19:02.0409 6140 [ CA03A91B6CFBDE7DB1EB2F4B97FF444F ] \Device\Harddisk0\DR0\Partition1
18:19:02.0425 6140 \Device\Harddisk0\DR0\Partition1 - ok
18:19:02.0534 6140 [ 2BB052776FE950E7876DCDC7CBF5731E ] \Device\Harddisk0\DR0\Partition2
18:19:02.0550 6140 \Device\Harddisk0\DR0\Partition2 - ok
18:19:02.0550 6140 ============================================================
18:19:02.0550 6140 Scan finished
18:19:02.0550 6140 ============================================================
18:19:02.0565 6108 Detected object count: 1
18:19:02.0565 6108 Actual detected object count: 1
18:19:40.0551 6108 \Device\Harddisk0\DR0\# - copied to quarantine
18:19:41.0082 6108 \Device\Harddisk0\DR0 - copied to quarantine
18:19:42.0782 6108 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:19:42.0813 6108 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:19:43.0453 6108 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:19:43.0671 6108 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:19:43.0687 6108 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:19:43.0687 6108 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:19:43.0718 6108 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:19:43.0780 6108 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:19:43.0827 6108 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:19:43.0843 6108 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:19:43.0843 6108 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:19:43.0843 6108 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:19:44.0186 6108 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:19:44.0373 6108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:19:44.0420 6108 \Device\Harddisk0\DR0 - ok
18:19:45.0855 6108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:19:53.0390 0556 Deinitialize success


Note - on rebooting computer, I got a dialog box to run an executable file, but didn't want to click Run until you gave me the OK; I hit cancel instead.
Can you let me know whether I have to repeat your instructions and run this file - does this remove something?
SS

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 09 December 2012 - 01:15 AM

Dont know which file you mean. TDSSKiller would remove stuff at reboot. Just run a new Scan with TDSSKiller and post back with the logfile please :).

Edited by schrauber, 09 December 2012 - 01:16 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 ss624

ss624
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 10 December 2012 - 10:25 PM

21:19:54.0908 4440 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:55.0267 4440 ============================================================
21:19:55.0267 4440 Current date / time: 2012/12/10 21:19:55.0267
21:19:55.0267 4440 SystemInfo:
21:19:55.0267 4440
21:19:55.0267 4440 OS Version: 6.1.7601 ServicePack: 1.0
21:19:55.0267 4440 Product type: Workstation
21:19:55.0267 4440 ComputerName: DELL-PC
21:19:55.0267 4440 UserName: Mom
21:19:55.0267 4440 Windows directory: C:\Windows
21:19:55.0267 4440 System windows directory: C:\Windows
21:19:55.0267 4440 Running under WOW64
21:19:55.0267 4440 Processor architecture: Intel x64
21:19:55.0267 4440 Number of processors: 4
21:19:55.0267 4440 Page size: 0x1000
21:19:55.0267 4440 Boot type: Normal boot
21:19:55.0267 4440 ============================================================
21:19:56.0359 4440 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:19:56.0359 4440 ============================================================
21:19:56.0359 4440 \Device\Harddisk0\DR0:
21:19:56.0359 4440 MBR partitions:
21:19:56.0359 4440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1DA0000
21:19:56.0359 4440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB4000, BlocksNum 0x72952000
21:19:56.0359 4440 ============================================================
21:19:56.0390 4440 C: <-> \Device\Harddisk0\DR0\Partition2
21:19:56.0390 4440 ============================================================
21:19:56.0390 4440 Initialize success
21:19:56.0390 4440 ============================================================
21:19:58.0138 4472 ============================================================
21:19:58.0138 4472 Scan started
21:19:58.0138 4472 Mode: Manual;
21:19:58.0138 4472 ============================================================
21:19:59.0682 4472 ================ Scan system memory ========================
21:19:59.0682 4472 System memory - ok
21:19:59.0682 4472 ================ Scan services =============================
21:19:59.0822 4472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:19:59.0822 4472 1394ohci - ok
21:19:59.0854 4472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:19:59.0854 4472 ACPI - ok
21:19:59.0869 4472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:19:59.0885 4472 AcpiPmi - ok
21:19:59.0994 4472 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:00.0010 4472 AdobeFlashPlayerUpdateSvc - ok
21:20:00.0025 4472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:20:00.0041 4472 adp94xx - ok
21:20:00.0056 4472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:20:00.0056 4472 adpahci - ok
21:20:00.0072 4472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:20:00.0088 4472 adpu320 - ok
21:20:00.0103 4472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:20:00.0103 4472 AeLookupSvc - ok
21:20:00.0150 4472 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:20:00.0150 4472 AFD - ok
21:20:00.0166 4472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:20:00.0181 4472 agp440 - ok
21:20:00.0181 4472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:20:00.0197 4472 ALG - ok
21:20:00.0197 4472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:20:00.0212 4472 aliide - ok
21:20:00.0212 4472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:20:00.0212 4472 amdide - ok
21:20:00.0228 4472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:20:00.0244 4472 AmdK8 - ok
21:20:00.0244 4472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:20:00.0259 4472 AmdPPM - ok
21:20:00.0259 4472 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:20:00.0259 4472 amdsata - ok
21:20:00.0275 4472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:20:00.0275 4472 amdsbs - ok
21:20:00.0290 4472 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:20:00.0290 4472 amdxata - ok
21:20:00.0306 4472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:20:00.0306 4472 AppID - ok
21:20:00.0322 4472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:20:00.0322 4472 AppIDSvc - ok
21:20:00.0337 4472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:20:00.0337 4472 Appinfo - ok
21:20:00.0368 4472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:20:00.0368 4472 arc - ok
21:20:00.0368 4472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:20:00.0384 4472 arcsas - ok
21:20:00.0446 4472 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:20:00.0446 4472 aspnet_state - ok
21:20:00.0478 4472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:00.0478 4472 AsyncMac - ok
21:20:00.0493 4472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:20:00.0493 4472 atapi - ok
21:20:00.0509 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:20:00.0524 4472 AudioEndpointBuilder - ok
21:20:00.0524 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:20:00.0540 4472 AudioSrv - ok
21:20:00.0556 4472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:20:00.0556 4472 AxInstSV - ok
21:20:00.0571 4472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:20:00.0571 4472 b06bdrv - ok
21:20:00.0587 4472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:20:00.0602 4472 b57nd60a - ok
21:20:00.0618 4472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:20:00.0618 4472 BDESVC - ok
21:20:00.0634 4472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:20:00.0634 4472 Beep - ok
21:20:00.0665 4472 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:20:00.0680 4472 BFE - ok
21:20:00.0712 4472 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:20:00.0727 4472 BITS - ok
21:20:00.0743 4472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:20:00.0758 4472 blbdrive - ok
21:20:00.0852 4472 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:20:00.0852 4472 Bonjour Service - ok
21:20:00.0914 4472 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:20:00.0914 4472 bowser - ok
21:20:00.0930 4472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:20:00.0930 4472 BrFiltLo - ok
21:20:00.0946 4472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:20:00.0946 4472 BrFiltUp - ok
21:20:00.0946 4472 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:20:00.0961 4472 BridgeMP - ok
21:20:00.0992 4472 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:20:01.0008 4472 Browser - ok
21:20:01.0008 4472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:20:01.0024 4472 Brserid - ok
21:20:01.0024 4472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:20:01.0024 4472 BrSerWdm - ok
21:20:01.0039 4472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:20:01.0039 4472 BrUsbMdm - ok
21:20:01.0039 4472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:20:01.0055 4472 BrUsbSer - ok
21:20:01.0070 4472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:20:01.0070 4472 BTHMODEM - ok
21:20:01.0086 4472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:20:01.0086 4472 bthserv - ok
21:20:01.0086 4472 catchme - ok
21:20:01.0102 4472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:20:01.0102 4472 cdfs - ok
21:20:01.0117 4472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:20:01.0117 4472 cdrom - ok
21:20:01.0117 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:20:01.0133 4472 CertPropSvc - ok
21:20:01.0133 4472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:20:01.0148 4472 circlass - ok
21:20:01.0164 4472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:20:01.0164 4472 CLFS - ok
21:20:01.0211 4472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:01.0211 4472 clr_optimization_v2.0.50727_32 - ok
21:20:01.0242 4472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:20:01.0242 4472 clr_optimization_v2.0.50727_64 - ok
21:20:01.0258 4472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:01.0258 4472 clr_optimization_v4.0.30319_32 - ok
21:20:01.0273 4472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:20:01.0289 4472 clr_optimization_v4.0.30319_64 - ok
21:20:01.0289 4472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:20:01.0289 4472 CmBatt - ok
21:20:01.0304 4472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:20:01.0304 4472 cmdide - ok
21:20:01.0351 4472 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:20:01.0367 4472 CNG - ok
21:20:01.0414 4472 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:20:01.0414 4472 CnxtHdAudService - ok
21:20:01.0460 4472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:20:01.0460 4472 Compbatt - ok
21:20:01.0476 4472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:20:01.0476 4472 CompositeBus - ok
21:20:01.0476 4472 COMSysApp - ok
21:20:01.0492 4472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:20:01.0492 4472 crcdisk - ok
21:20:01.0523 4472 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:20:01.0523 4472 CryptSvc - ok
21:20:01.0632 4472 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:20:01.0648 4472 cvhsvc - ok
21:20:01.0694 4472 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:20:01.0694 4472 dc3d - ok
21:20:01.0710 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:20:01.0726 4472 DcomLaunch - ok
21:20:01.0741 4472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:20:01.0741 4472 defragsvc - ok
21:20:01.0757 4472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:20:01.0757 4472 DfsC - ok
21:20:01.0788 4472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:20:01.0788 4472 Dhcp - ok
21:20:01.0804 4472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:20:01.0819 4472 discache - ok
21:20:01.0835 4472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:20:01.0835 4472 Disk - ok
21:20:01.0866 4472 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:20:01.0866 4472 Dnscache - ok
21:20:01.0866 4472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:20:01.0882 4472 dot3svc - ok
21:20:01.0897 4472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:20:01.0897 4472 DPS - ok
21:20:01.0928 4472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:20:01.0928 4472 drmkaud - ok
21:20:01.0944 4472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:20:01.0960 4472 DXGKrnl - ok
21:20:01.0975 4472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:20:01.0975 4472 EapHost - ok
21:20:02.0038 4472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:20:02.0116 4472 ebdrv - ok
21:20:02.0178 4472 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:20:02.0178 4472 EFS - ok
21:20:02.0209 4472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:20:02.0225 4472 ehRecvr - ok
21:20:02.0225 4472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:20:02.0225 4472 ehSched - ok
21:20:02.0256 4472 [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
21:20:02.0256 4472 ElRawDisk - ok
21:20:02.0287 4472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:20:02.0287 4472 elxstor - ok
21:20:02.0303 4472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:20:02.0303 4472 ErrDev - ok
21:20:02.0318 4472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:20:02.0334 4472 EventSystem - ok
21:20:02.0350 4472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:20:02.0350 4472 exfat - ok
21:20:02.0365 4472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:20:02.0365 4472 fastfat - ok
21:20:02.0396 4472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:20:02.0396 4472 Fax - ok
21:20:02.0412 4472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:20:02.0412 4472 fdc - ok
21:20:02.0428 4472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:20:02.0428 4472 fdPHost - ok
21:20:02.0443 4472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:20:02.0443 4472 FDResPub - ok
21:20:02.0459 4472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:20:02.0459 4472 FileInfo - ok
21:20:02.0474 4472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:20:02.0474 4472 Filetrace - ok
21:20:02.0474 4472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:20:02.0490 4472 flpydisk - ok
21:20:02.0506 4472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:20:02.0506 4472 FltMgr - ok
21:20:02.0537 4472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:20:02.0552 4472 FontCache - ok
21:20:02.0584 4472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:20:02.0584 4472 FontCache3.0.0.0 - ok
21:20:02.0599 4472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:20:02.0599 4472 FsDepends - ok
21:20:02.0630 4472 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:20:02.0630 4472 Fs_Rec - ok
21:20:02.0646 4472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:20:02.0646 4472 fvevol - ok
21:20:02.0677 4472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:20:02.0677 4472 gagp30kx - ok
21:20:02.0786 4472 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:20:02.0786 4472 GamesAppService - ok
21:20:02.0818 4472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:20:02.0833 4472 gpsvc - ok
21:20:02.0927 4472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:02.0927 4472 gupdate - ok
21:20:02.0927 4472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:02.0927 4472 gupdatem - ok
21:20:02.0989 4472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:20:02.0989 4472 gusvc - ok
21:20:03.0005 4472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:20:03.0005 4472 hcw85cir - ok
21:20:03.0036 4472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:20:03.0036 4472 HDAudBus - ok
21:20:03.0052 4472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:20:03.0052 4472 HidBatt - ok
21:20:03.0067 4472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:20:03.0067 4472 HidBth - ok
21:20:03.0083 4472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:20:03.0083 4472 HidIr - ok
21:20:03.0098 4472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:20:03.0098 4472 hidserv - ok
21:20:03.0114 4472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:20:03.0114 4472 HidUsb - ok
21:20:03.0130 4472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:20:03.0130 4472 hkmsvc - ok
21:20:03.0145 4472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:20:03.0161 4472 HomeGroupListener - ok
21:20:03.0192 4472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:20:03.0192 4472 HomeGroupProvider - ok
21:20:03.0208 4472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:20:03.0208 4472 HpSAMD - ok
21:20:03.0239 4472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:20:03.0239 4472 HTTP - ok
21:20:03.0254 4472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:20:03.0254 4472 hwpolicy - ok
21:20:03.0270 4472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:20:03.0270 4472 i8042prt - ok
21:20:03.0286 4472 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:20:03.0301 4472 iaStorV - ok
21:20:03.0395 4472 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:20:03.0395 4472 IDriverT - ok
21:20:03.0426 4472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:20:03.0426 4472 idsvc - ok
21:20:03.0629 4472 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:20:03.0800 4472 igfx - ok
21:20:03.0816 4472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:20:03.0816 4472 iirsp - ok
21:20:03.0847 4472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:20:03.0863 4472 IKEEXT - ok
21:20:03.0894 4472 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:20:03.0894 4472 IntcDAud - ok
21:20:03.0910 4472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:20:03.0910 4472 intelide - ok
21:20:03.0925 4472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:20:03.0925 4472 intelppm - ok
21:20:04.0019 4472 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:20:04.0019 4472 IntuitUpdateServiceV4 - ok
21:20:04.0097 4472 [ 8C2D445F874CB05773B813ED853607CF ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
21:20:04.0097 4472 ioloSystemService - ok
21:20:04.0112 4472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:20:04.0112 4472 IPBusEnum - ok
21:20:04.0128 4472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:04.0128 4472 IpFilterDriver - ok
21:20:04.0175 4472 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:20:04.0190 4472 iphlpsvc - ok
21:20:04.0206 4472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:20:04.0206 4472 IPMIDRV - ok
21:20:04.0222 4472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:20:04.0237 4472 IPNAT - ok
21:20:04.0253 4472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:20:04.0253 4472 IRENUM - ok
21:20:04.0268 4472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:20:04.0268 4472 isapnp - ok
21:20:04.0284 4472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:20:04.0284 4472 iScsiPrt - ok
21:20:04.0300 4472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:20:04.0300 4472 kbdclass - ok
21:20:04.0315 4472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:20:04.0315 4472 kbdhid - ok
21:20:04.0315 4472 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:20:04.0315 4472 KeyIso - ok
21:20:04.0362 4472 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:20:04.0362 4472 KSecDD - ok
21:20:04.0378 4472 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:20:04.0378 4472 KSecPkg - ok
21:20:04.0393 4472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:20:04.0393 4472 ksthunk - ok
21:20:04.0409 4472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:20:04.0409 4472 KtmRm - ok
21:20:04.0440 4472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:20:04.0440 4472 LanmanServer - ok
21:20:04.0471 4472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:20:04.0471 4472 LanmanWorkstation - ok
21:20:04.0518 4472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:20:04.0518 4472 lltdio - ok
21:20:04.0549 4472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:20:04.0565 4472 lltdsvc - ok
21:20:04.0580 4472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:20:04.0580 4472 lmhosts - ok
21:20:04.0596 4472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:20:04.0596 4472 LSI_FC - ok
21:20:04.0596 4472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:20:04.0612 4472 LSI_SAS - ok
21:20:04.0612 4472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:20:04.0612 4472 LSI_SAS2 - ok
21:20:04.0627 4472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:20:04.0627 4472 LSI_SCSI - ok
21:20:04.0658 4472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:20:04.0658 4472 luafv - ok
21:20:04.0674 4472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:20:04.0690 4472 Mcx2Svc - ok
21:20:04.0768 4472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:20:04.0768 4472 megasas - ok
21:20:04.0861 4472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:20:04.0908 4472 MegaSR - ok
21:20:04.0955 4472 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:20:04.0955 4472 MEIx64 - ok
21:20:05.0158 4472 Microsoft SharePoint Workspace Audit Service - ok
21:20:05.0189 4472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:20:05.0189 4472 MMCSS - ok
21:20:05.0204 4472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:20:05.0204 4472 Modem - ok
21:20:05.0220 4472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:20:05.0220 4472 monitor - ok
21:20:05.0236 4472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:20:05.0236 4472 mouclass - ok
21:20:05.0236 4472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:20:05.0236 4472 mouhid - ok
21:20:05.0251 4472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:20:05.0251 4472 mountmgr - ok
21:20:05.0267 4472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:20:05.0267 4472 mpio - ok
21:20:05.0282 4472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:20:05.0282 4472 mpsdrv - ok
21:20:05.0329 4472 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:20:05.0329 4472 MpsSvc - ok
21:20:05.0360 4472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:20:05.0360 4472 MRxDAV - ok
21:20:05.0392 4472 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:20:05.0392 4472 mrxsmb - ok
21:20:05.0407 4472 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:20:05.0407 4472 mrxsmb10 - ok
21:20:05.0423 4472 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:20:05.0423 4472 mrxsmb20 - ok
21:20:05.0438 4472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:20:05.0438 4472 msahci - ok
21:20:05.0454 4472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:20:05.0454 4472 msdsm - ok
21:20:05.0470 4472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:20:05.0470 4472 MSDTC - ok
21:20:05.0501 4472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:20:05.0501 4472 Msfs - ok
21:20:05.0501 4472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:20:05.0516 4472 mshidkmdf - ok
21:20:05.0516 4472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:20:05.0516 4472 msisadrv - ok
21:20:05.0532 4472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:20:05.0548 4472 MSiSCSI - ok
21:20:05.0548 4472 msiserver - ok
21:20:05.0563 4472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:20:05.0563 4472 MSKSSRV - ok
21:20:05.0579 4472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:20:05.0579 4472 MSPCLOCK - ok
21:20:05.0579 4472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:20:05.0579 4472 MSPQM - ok
21:20:05.0594 4472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:20:05.0594 4472 MsRPC - ok
21:20:05.0626 4472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:20:05.0626 4472 mssmbios - ok
21:20:05.0626 4472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:20:05.0641 4472 MSTEE - ok
21:20:05.0641 4472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:20:05.0641 4472 MTConfig - ok
21:20:05.0657 4472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:20:05.0657 4472 Mup - ok
21:20:05.0688 4472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:20:05.0704 4472 napagent - ok
21:20:05.0735 4472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:20:05.0735 4472 NativeWifiP - ok
21:20:05.0828 4472 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:20:05.0828 4472 NAUpdate - ok
21:20:05.0875 4472 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:20:05.0891 4472 NDIS - ok
21:20:05.0922 4472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:20:05.0922 4472 NdisCap - ok
21:20:05.0953 4472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:20:05.0953 4472 NdisTapi - ok
21:20:05.0953 4472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:20:05.0953 4472 Ndisuio - ok
21:20:05.0969 4472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:20:05.0969 4472 NdisWan - ok
21:20:05.0984 4472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:20:06.0000 4472 NDProxy - ok
21:20:06.0000 4472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:20:06.0016 4472 NetBIOS - ok
21:20:06.0016 4472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:20:06.0031 4472 NetBT - ok
21:20:06.0031 4472 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:20:06.0031 4472 Netlogon - ok
21:20:06.0047 4472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:20:06.0062 4472 Netman - ok
21:20:06.0094 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:20:06.0094 4472 NetMsmqActivator - ok
21:20:06.0094 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:20:06.0094 4472 NetPipeActivator - ok
21:20:06.0109 4472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:20:06.0125 4472 netprofm - ok
21:20:06.0125 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:20:06.0125 4472 NetTcpActivator - ok
21:20:06.0125 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:20:06.0125 4472 NetTcpPortSharing - ok
21:20:06.0140 4472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:20:06.0140 4472 nfrd960 - ok
21:20:06.0187 4472 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:20:06.0187 4472 NlaSvc - ok
21:20:06.0281 4472 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:20:06.0343 4472 NOBU - ok
21:20:06.0359 4472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:20:06.0359 4472 Npfs - ok
21:20:06.0374 4472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:20:06.0374 4472 nsi - ok
21:20:06.0390 4472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:20:06.0390 4472 nsiproxy - ok
21:20:06.0452 4472 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:20:06.0484 4472 Ntfs - ok
21:20:06.0515 4472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:20:06.0515 4472 Null - ok
21:20:06.0530 4472 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:20:06.0530 4472 nvraid - ok
21:20:06.0562 4472 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:20:06.0562 4472 nvstor - ok
21:20:06.0577 4472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:20:06.0593 4472 nv_agp - ok
21:20:06.0608 4472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:20:06.0608 4472 ohci1394 - ok
21:20:06.0671 4472 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:06.0686 4472 ose - ok
21:20:06.0827 4472 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:20:06.0889 4472 osppsvc - ok
21:20:06.0905 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:20:06.0905 4472 p2pimsvc - ok
21:20:06.0936 4472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:20:06.0936 4472 p2psvc - ok
21:20:06.0952 4472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:20:06.0952 4472 Parport - ok
21:20:06.0983 4472 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:20:06.0983 4472 partmgr - ok
21:20:06.0998 4472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:20:06.0998 4472 PcaSvc - ok
21:20:07.0014 4472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:20:07.0030 4472 pci - ok
21:20:07.0045 4472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:20:07.0045 4472 pciide - ok
21:20:07.0061 4472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:20:07.0061 4472 pcmcia - ok
21:20:07.0076 4472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:20:07.0076 4472 pcw - ok
21:20:07.0092 4472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:20:07.0092 4472 PEAUTH - ok
21:20:07.0154 4472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:20:07.0154 4472 PerfHost - ok
21:20:07.0201 4472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:20:07.0217 4472 pla - ok
21:20:07.0248 4472 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:20:07.0248 4472 PlugPlay - ok
21:20:07.0264 4472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:20:07.0264 4472 PNRPAutoReg - ok
21:20:07.0264 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:20:07.0279 4472 PNRPsvc - ok
21:20:07.0295 4472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:20:07.0295 4472 PolicyAgent - ok
21:20:07.0326 4472 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:20:07.0326 4472 Power - ok
21:20:07.0357 4472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:20:07.0357 4472 PptpMiniport - ok
21:20:07.0373 4472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:20:07.0373 4472 Processor - ok
21:20:07.0420 4472 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:20:07.0420 4472 ProfSvc - ok
21:20:07.0435 4472 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:20:07.0435 4472 ProtectedStorage - ok
21:20:07.0451 4472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:20:07.0466 4472 Psched - ok
21:20:07.0482 4472 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:20:07.0482 4472 PxHlpa64 - ok
21:20:07.0513 4472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:20:07.0544 4472 ql2300 - ok
21:20:07.0576 4472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:20:07.0576 4472 ql40xx - ok
21:20:07.0607 4472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:20:07.0607 4472 QWAVE - ok
21:20:07.0607 4472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:20:07.0607 4472 QWAVEdrv - ok
21:20:07.0622 4472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:20:07.0622 4472 RasAcd - ok
21:20:07.0638 4472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:20:07.0638 4472 RasAgileVpn - ok
21:20:07.0654 4472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:20:07.0654 4472 RasAuto - ok
21:20:07.0669 4472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:20:07.0669 4472 Rasl2tp - ok
21:20:07.0685 4472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:20:07.0685 4472 RasMan - ok
21:20:07.0700 4472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:20:07.0700 4472 RasPppoe - ok
21:20:07.0716 4472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:20:07.0716 4472 RasSstp - ok
21:20:07.0732 4472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:20:07.0732 4472 rdbss - ok
21:20:07.0747 4472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:20:07.0747 4472 rdpbus - ok
21:20:07.0747 4472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:20:07.0747 4472 RDPCDD - ok
21:20:07.0778 4472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:20:07.0778 4472 RDPENCDD - ok
21:20:07.0778 4472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:20:07.0778 4472 RDPREFMP - ok
21:20:07.0825 4472 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:20:07.0825 4472 RDPWD - ok
21:20:07.0841 4472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:20:07.0841 4472 rdyboost - ok
21:20:07.0856 4472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:20:07.0856 4472 RemoteAccess - ok
21:20:07.0872 4472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:20:07.0872 4472 RemoteRegistry - ok
21:20:07.0950 4472 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:20:07.0981 4472 RoxMediaDB12OEM - ok
21:20:07.0997 4472 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:20:07.0997 4472 RoxWatch12 - ok
21:20:08.0012 4472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:20:08.0012 4472 RpcEptMapper - ok
21:20:08.0044 4472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:20:08.0059 4472 RpcLocator - ok
21:20:08.0075 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
21:20:08.0075 4472 RpcSs - ok
21:20:08.0090 4472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:20:08.0090 4472 rspndr - ok
21:20:08.0122 4472 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:20:08.0137 4472 RTL8167 - ok
21:20:08.0137 4472 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:20:08.0137 4472 SamSs - ok
21:20:08.0153 4472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:20:08.0168 4472 sbp2port - ok
21:20:08.0168 4472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:20:08.0184 4472 SCardSvr - ok
21:20:08.0184 4472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:20:08.0184 4472 scfilter - ok
21:20:08.0215 4472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:20:08.0231 4472 Schedule - ok
21:20:08.0246 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:20:08.0246 4472 SCPolicySvc - ok
21:20:08.0262 4472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:20:08.0262 4472 SDRSVC - ok
21:20:08.0278 4472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:20:08.0278 4472 secdrv - ok
21:20:08.0293 4472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:20:08.0293 4472 seclogon - ok
21:20:08.0309 4472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:20:08.0309 4472 SENS - ok
21:20:08.0324 4472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:20:08.0324 4472 SensrSvc - ok
21:20:08.0340 4472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:20:08.0340 4472 Serenum - ok
21:20:08.0371 4472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:20:08.0371 4472 Serial - ok
21:20:08.0402 4472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:20:08.0402 4472 sermouse - ok
21:20:08.0418 4472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:20:08.0434 4472 SessionEnv - ok
21:20:08.0434 4472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:20:08.0434 4472 sffdisk - ok
21:20:08.0449 4472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:20:08.0449 4472 sffp_mmc - ok
21:20:08.0465 4472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:20:08.0465 4472 sffp_sd - ok
21:20:08.0465 4472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:20:08.0465 4472 sfloppy - ok
21:20:08.0527 4472 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:20:08.0527 4472 Sftfs - ok
21:20:08.0621 4472 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:20:08.0621 4472 sftlist - ok
21:20:08.0636 4472 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:20:08.0636 4472 Sftplay - ok
21:20:08.0652 4472 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:20:08.0652 4472 Sftredir - ok
21:20:08.0714 4472 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:20:08.0730 4472 SftService - ok
21:20:08.0777 4472 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:20:08.0777 4472 Sftvol - ok
21:20:08.0792 4472 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:20:08.0792 4472 sftvsa - ok
21:20:08.0824 4472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:20:08.0839 4472 SharedAccess - ok
21:20:08.0855 4472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:20:08.0855 4472 ShellHWDetection - ok
21:20:08.0870 4472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:20:08.0870 4472 SiSRaid2 - ok
21:20:08.0886 4472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:20:08.0886 4472 SiSRaid4 - ok
21:20:08.0948 4472 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:20:08.0948 4472 SkypeUpdate - ok
21:20:08.0964 4472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:20:08.0980 4472 Smb - ok
21:20:08.0980 4472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:20:08.0995 4472 SNMPTRAP - ok
21:20:08.0995 4472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:20:08.0995 4472 spldr - ok
21:20:09.0026 4472 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:20:09.0026 4472 Spooler - ok
21:20:09.0104 4472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:20:09.0167 4472 sppsvc - ok
21:20:09.0182 4472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:20:09.0182 4472 sppuinotify - ok
21:20:09.0198 4472 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:20:09.0214 4472 srv - ok
21:20:09.0229 4472 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:20:09.0229 4472 srv2 - ok
21:20:09.0245 4472 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:20:09.0245 4472 srvnet - ok
21:20:09.0260 4472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:20:09.0260 4472 SSDPSRV - ok
21:20:09.0276 4472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:20:09.0276 4472 SstpSvc - ok
21:20:09.0307 4472 Steam Client Service - ok
21:20:09.0338 4472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:20:09.0338 4472 stexstor - ok
21:20:09.0354 4472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:20:09.0370 4472 stisvc - ok
21:20:09.0385 4472 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:20:09.0385 4472 stllssvr - ok
21:20:09.0401 4472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:20:09.0401 4472 swenum - ok
21:20:09.0432 4472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:20:09.0432 4472 swprv - ok
21:20:09.0463 4472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:20:09.0510 4472 SysMain - ok
21:20:09.0541 4472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:20:09.0541 4472 TabletInputService - ok
21:20:09.0557 4472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:20:09.0557 4472 TapiSrv - ok
21:20:09.0557 4472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:20:09.0572 4472 TBS - ok
21:20:09.0635 4472 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:20:09.0666 4472 Tcpip - ok
21:20:09.0728 4472 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:20:09.0728 4472 TCPIP6 - ok
21:20:09.0775 4472 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:20:09.0775 4472 tcpipreg - ok
21:20:09.0775 4472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:20:09.0775 4472 TDPIPE - ok
21:20:09.0838 4472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:20:09.0838 4472 TDTCP - ok
21:20:09.0869 4472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:20:09.0869 4472 tdx - ok
21:20:09.0869 4472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:20:09.0869 4472 TermDD - ok
21:20:09.0900 4472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:20:09.0900 4472 TermService - ok
21:20:09.0916 4472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:20:09.0916 4472 Themes - ok
21:20:09.0931 4472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:20:09.0947 4472 THREADORDER - ok
21:20:09.0947 4472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:20:09.0947 4472 TrkWks - ok
21:20:09.0994 4472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:20:09.0994 4472 TrustedInstaller - ok
21:20:09.0994 4472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:20:10.0009 4472 tssecsrv - ok
21:20:10.0025 4472 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:20:10.0025 4472 TsUsbFlt - ok
21:20:10.0025 4472 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:20:10.0025 4472 TsUsbGD - ok
21:20:10.0056 4472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:20:10.0056 4472 tunnel - ok
21:20:10.0072 4472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:20:10.0072 4472 uagp35 - ok
21:20:10.0087 4472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:20:10.0087 4472 udfs - ok
21:20:10.0103 4472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:20:10.0290 4472 UI0Detect - ok
21:20:10.0321 4472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:20:10.0321 4472 uliagpkx - ok
21:20:10.0337 4472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:20:10.0337 4472 umbus - ok
21:20:10.0352 4472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:20:10.0352 4472 UmPass - ok
21:20:10.0368 4472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:20:10.0368 4472 upnphost - ok
21:20:10.0430 4472 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:20:10.0430 4472 usbaudio - ok
21:20:10.0462 4472 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:20:10.0462 4472 usbccgp - ok
21:20:10.0462 4472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:20:10.0477 4472 usbcir - ok
21:20:10.0493 4472 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:20:10.0493 4472 usbehci - ok
21:20:10.0524 4472 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:20:10.0540 4472 usbhub - ok
21:20:10.0540 4472 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:20:10.0555 4472 usbohci - ok
21:20:10.0555 4472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:20:10.0555 4472 usbprint - ok
21:20:10.0571 4472 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:20:10.0571 4472 USBSTOR - ok
21:20:10.0602 4472 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:20:10.0602 4472 usbuhci - ok
21:20:10.0633 4472 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:20:10.0633 4472 usbvideo - ok
21:20:10.0649 4472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:20:10.0649 4472 UxSms - ok
21:20:10.0664 4472 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:20:10.0664 4472 VaultSvc - ok
21:20:10.0664 4472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:20:10.0664 4472 vdrvroot - ok
21:20:10.0680 4472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:20:10.0696 4472 vds - ok
21:20:10.0711 4472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:20:10.0711 4472 vga - ok
21:20:10.0727 4472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:20:10.0727 4472 VgaSave - ok
21:20:10.0742 4472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:20:10.0742 4472 vhdmp - ok
21:20:10.0758 4472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:20:10.0758 4472 viaide - ok
21:20:10.0774 4472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:20:10.0774 4472 volmgr - ok
21:20:10.0789 4472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:20:10.0789 4472 volmgrx - ok
21:20:10.0805 4472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:20:10.0805 4472 volsnap - ok
21:20:10.0820 4472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:20:10.0820 4472 vsmraid - ok
21:20:10.0867 4472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:20:10.0898 4472 VSS - ok
21:20:10.0914 4472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:20:10.0914 4472 vwifibus - ok
21:20:10.0945 4472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:20:10.0945 4472 W32Time - ok
21:20:10.0976 4472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:20:10.0976 4472 WacomPen - ok
21:20:10.0992 4472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:20:10.0992 4472 WANARP - ok
21:20:11.0008 4472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:20:11.0008 4472 Wanarpv6 - ok
21:20:11.0054 4472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:20:11.0070 4472 WatAdminSvc - ok
21:20:11.0117 4472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:20:11.0148 4472 wbengine - ok
21:20:11.0164 4472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:20:11.0164 4472 WbioSrvc - ok
21:20:11.0179 4472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:20:11.0179 4472 wcncsvc - ok
21:20:11.0195 4472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:20:11.0195 4472 WcsPlugInService - ok
21:20:11.0210 4472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:20:11.0210 4472 Wd - ok
21:20:11.0257 4472 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:20:11.0273 4472 Wdf01000 - ok
21:20:11.0288 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:20:11.0288 4472 WdiServiceHost - ok
21:20:11.0304 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:20:11.0304 4472 WdiSystemHost - ok
21:20:11.0304 4472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:20:11.0320 4472 WebClient - ok
21:20:11.0335 4472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:20:11.0335 4472 Wecsvc - ok
21:20:11.0351 4472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:20:11.0351 4472 wercplsupport - ok
21:20:11.0351 4472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:20:11.0366 4472 WerSvc - ok
21:20:11.0366 4472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:20:11.0366 4472 WfpLwf - ok
21:20:11.0398 4472 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:20:11.0413 4472 WimFltr - ok
21:20:11.0444 4472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:20:11.0444 4472 WIMMount - ok
21:20:11.0460 4472 WinDefend - ok
21:20:11.0476 4472 WinHttpAutoProxySvc - ok
21:20:11.0522 4472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:20:11.0522 4472 Winmgmt - ok
21:20:11.0569 4472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:20:11.0600 4472 WinRM - ok
21:20:11.0663 4472 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:20:11.0663 4472 WinUsb - ok
21:20:11.0694 4472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:20:11.0710 4472 Wlansvc - ok
21:20:11.0741 4472 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:20:11.0741 4472 wlcrasvc - ok
21:20:11.0834 4472 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:20:11.0850 4472 wlidsvc - ok
21:20:11.0897 4472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:20:11.0897 4472 WmiAcpi - ok
21:20:11.0912 4472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:20:11.0912 4472 wmiApSrv - ok
21:20:11.0928 4472 WMPNetworkSvc - ok
21:20:11.0944 4472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:20:11.0959 4472 WPCSvc - ok
21:20:11.0975 4472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:20:11.0975 4472 WPDBusEnum - ok
21:20:11.0990 4472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:20:11.0990 4472 ws2ifsl - ok
21:20:12.0022 4472 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:20:12.0022 4472 wscsvc - ok
21:20:12.0022 4472 WSearch - ok
21:20:12.0100 4472 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:20:12.0146 4472 wuauserv - ok
21:20:12.0178 4472 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:20:12.0178 4472 WudfPf - ok
21:20:12.0209 4472 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:12.0209 4472 WUDFRd - ok
21:20:12.0256 4472 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:20:12.0256 4472 wudfsvc - ok
21:20:12.0256 4472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:20:12.0271 4472 WwanSvc - ok
21:20:12.0271 4472 ================ Scan global ===============================
21:20:12.0287 4472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:20:12.0318 4472 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:20:12.0334 4472 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:20:12.0349 4472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:20:12.0396 4472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:20:12.0396 4472 [Global] - ok
21:20:12.0396 4472 ================ Scan MBR ==================================
21:20:12.0412 4472 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:20:12.0552 4472 \Device\Harddisk0\DR0 - ok
21:20:12.0552 4472 ================ Scan VBR ==================================
21:20:12.0552 4472 [ CA03A91B6CFBDE7DB1EB2F4B97FF444F ] \Device\Harddisk0\DR0\Partition1
21:20:12.0552 4472 \Device\Harddisk0\DR0\Partition1 - ok
21:20:12.0568 4472 [ 2BB052776FE950E7876DCDC7CBF5731E ] \Device\Harddisk0\DR0\Partition2
21:20:12.0568 4472 \Device\Harddisk0\DR0\Partition2 - ok
21:20:12.0568 4472 ============================================================
21:20:12.0568 4472 Scan finished
21:20:12.0568 4472 ============================================================
21:20:12.0583 4388 Detected object count: 0
21:20:12.0583 4388 Actual detected object count: 0
21:20:42.0067 2900 Deinitialize success

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 11 December 2012 - 02:03 AM

Perfect.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Also please post back with a fresh OTL logfile and tell me how the system is running.

Edited by schrauber, 11 December 2012 - 02:04 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:30 PM

Posted 13 December 2012 - 12:41 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users