Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove BabylonToolbar and others


  • Please log in to reply
11 replies to this topic

#1 FormerAgentOfDeath

FormerAgentOfDeath

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 09:13 AM

I believe my computer is infected with malware. I have run Malwarebytes and it is detecting PUP.InstallBrain. I also installed SuperAntiSpyware (free edition) and it is reporting PUP.BabylonToolbar and PUP.bProtector. Please advise.

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 11:59 AM

Hello and welcome!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

Could you please post the log from MBAM...it can be found under the "Logs" tab with the program open. Look for the date and time of the scan to find the log.

==========

Next, please run these tools for me:

Step :step1:

Now, let's get a Security Check of your machine:

Please download and run Security Check from HERE,and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

==========

Step :step2:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note*** If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

==========

Step :step3:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========

Step :step4:

Run RogueKiller

Download RogueKiller from here or here and save it to your desktop.

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Right-click RogueKiller.exe and select Run as Administrator.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click Delete.
  • When the Status box shows "Deleting Finished", click Report and then copy and paste the log in your next reply.
  • The log can also be found at RKreport[1].txt on your desktop.

==========

In your next reply, please include the following:

  • The MBAM log
  • The Security Check log
  • The TDSSKiller log
  • The adwCleaner log
  • The RogueKiller log

Please let me know how the computer is running after the above procedure!

bloopie

#3 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 12:29 PM

Thank you for your reply. I have included the logs you requested below. Unfortunately, Norton AV keeps deleting RogueKiller so I was not able to run that.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-LAPTOP [administrator]

12/24/2012 11:06:35 PM
mbam-log-2012-12-24 (23-06-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361905
Time elapsed: 37 minute(s), 29 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1824 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 2
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)



Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 9
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
Google Chrome CommonDotNET.dll..
Google Chrome IdVaultCore.dll..
Google Chrome IdVaultCore.XmlSerializers.dll.
Google Chrome Microsoft.mshtml.dll.
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



12:09:09.0047 31240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:09:09.0689 31240 ============================================================
12:09:09.0689 31240 Current date / time: 2013/01/02 12:09:09.0689
12:09:09.0689 31240 SystemInfo:
12:09:09.0690 31240
12:09:09.0690 31240 OS Version: 6.1.7601 ServicePack: 1.0
12:09:09.0690 31240 Product type: Workstation
12:09:09.0690 31240 ComputerName: ALEX-LAPTOP
12:09:09.0690 31240 UserName: Alex
12:09:09.0690 31240 Windows directory: C:\Windows
12:09:09.0690 31240 System windows directory: C:\Windows
12:09:09.0691 31240 Running under WOW64
12:09:09.0691 31240 Processor architecture: Intel x64
12:09:09.0691 31240 Number of processors: 8
12:09:09.0691 31240 Page size: 0x1000
12:09:09.0691 31240 Boot type: Normal boot
12:09:09.0691 31240 ============================================================
12:09:10.0414 31240 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:10.0427 31240 Drive \Device\Harddisk1\DR4 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:09:10.0435 31240 ============================================================
12:09:10.0435 31240 \Device\Harddisk0\DR0:
12:09:10.0435 31240 MBR partitions:
12:09:10.0435 31240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E8E000
12:09:10.0435 31240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EA2000, BlocksNum 0x489B4000
12:09:10.0435 31240 \Device\Harddisk1\DR4:
12:09:10.0436 31240 MBR partitions:
12:09:10.0436 31240 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
12:09:10.0436 31240 ============================================================
12:09:10.0473 31240 C: <-> \Device\Harddisk0\DR0\Partition2
12:09:10.0473 31240 ============================================================
12:09:10.0473 31240 Initialize success
12:09:10.0473 31240 ============================================================
12:09:45.0340 39648 ============================================================
12:09:45.0340 39648 Scan started
12:09:45.0340 39648 Mode: Manual; SigCheck; TDLFS;
12:09:45.0340 39648 ============================================================
12:09:45.0704 39648 ================ Scan system memory ========================
12:09:45.0704 39648 System memory - ok
12:09:45.0706 39648 ================ Scan services =============================
12:09:45.0821 39648 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:09:45.0888 39648 !SASCORE - ok
12:09:46.0127 39648 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:09:46.0187 39648 1394ohci - ok
12:09:46.0346 39648 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
12:09:46.0389 39648 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
12:09:46.0426 39648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:09:46.0468 39648 ACPI - ok
12:09:46.0498 39648 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:09:46.0550 39648 AcpiPmi - ok
12:09:46.0633 39648 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:09:46.0657 39648 AdobeARMservice - ok
12:09:46.0777 39648 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:09:46.0807 39648 AdobeFlashPlayerUpdateSvc - ok
12:09:46.0856 39648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:09:46.0892 39648 adp94xx - ok
12:09:46.0934 39648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:09:46.0962 39648 adpahci - ok
12:09:46.0987 39648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:09:47.0018 39648 adpu320 - ok
12:09:47.0044 39648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:09:47.0114 39648 AeLookupSvc - ok
12:09:47.0183 39648 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
12:09:47.0209 39648 AERTFilters - ok
12:09:47.0249 39648 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:09:47.0282 39648 AFD - ok
12:09:47.0312 39648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:09:47.0332 39648 agp440 - ok
12:09:47.0369 39648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:09:47.0406 39648 ALG - ok
12:09:47.0440 39648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:09:47.0466 39648 aliide - ok
12:09:47.0485 39648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:09:47.0494 39648 amdide - ok
12:09:47.0525 39648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:09:47.0558 39648 AmdK8 - ok
12:09:47.0561 39648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:09:47.0571 39648 AmdPPM - ok
12:09:47.0601 39648 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:09:47.0633 39648 amdsata - ok
12:09:47.0667 39648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:09:47.0683 39648 amdsbs - ok
12:09:47.0700 39648 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:09:47.0728 39648 amdxata - ok
12:09:47.0760 39648 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:09:47.0862 39648 AppID - ok
12:09:47.0894 39648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:09:47.0962 39648 AppIDSvc - ok
12:09:47.0991 39648 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:09:48.0018 39648 Appinfo - ok
12:09:48.0041 39648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:09:48.0050 39648 arc - ok
12:09:48.0086 39648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:09:48.0117 39648 arcsas - ok
12:09:48.0208 39648 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:09:48.0234 39648 aspnet_state - ok
12:09:48.0264 39648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:48.0324 39648 AsyncMac - ok
12:09:48.0354 39648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:09:48.0364 39648 atapi - ok
12:09:48.0425 39648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:09:48.0469 39648 AudioEndpointBuilder - ok
12:09:48.0478 39648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:09:48.0511 39648 AudioSrv - ok
12:09:48.0548 39648 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:09:48.0582 39648 AxInstSV - ok
12:09:48.0627 39648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:09:48.0655 39648 b06bdrv - ok
12:09:48.0700 39648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:09:48.0733 39648 b57nd60a - ok
12:09:48.0784 39648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:09:48.0829 39648 BDESVC - ok
12:09:48.0846 39648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:09:48.0881 39648 Beep - ok
12:09:48.0931 39648 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:09:48.0989 39648 BFE - ok
12:09:49.0180 39648 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
12:09:49.0221 39648 BHDrvx64 - ok
12:09:49.0264 39648 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:09:49.0331 39648 BITS - ok
12:09:49.0373 39648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:09:49.0415 39648 blbdrive - ok
12:09:49.0511 39648 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:09:49.0540 39648 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
12:09:49.0540 39648 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
12:09:49.0582 39648 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
12:09:49.0610 39648 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
12:09:49.0610 39648 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
12:09:49.0646 39648 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:09:49.0660 39648 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
12:09:49.0660 39648 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
12:09:49.0697 39648 [ F4BA084CBDE9B67C57BC7891C0225EA8 ] BOT4Service C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
12:09:49.0717 39648 BOT4Service - ok
12:09:49.0753 39648 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:09:49.0779 39648 bowser - ok
12:09:49.0809 39648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:09:49.0840 39648 BrFiltLo - ok
12:09:49.0849 39648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:09:49.0868 39648 BrFiltUp - ok
12:09:49.0918 39648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:09:49.0945 39648 Browser - ok
12:09:49.0973 39648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:09:50.0016 39648 Brserid - ok
12:09:50.0043 39648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:09:50.0078 39648 BrSerWdm - ok
12:09:50.0087 39648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:09:50.0099 39648 BrUsbMdm - ok
12:09:50.0113 39648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:09:50.0123 39648 BrUsbSer - ok
12:09:50.0175 39648 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:09:50.0222 39648 BthEnum - ok
12:09:50.0240 39648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:09:50.0278 39648 BTHMODEM - ok
12:09:50.0315 39648 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:09:50.0368 39648 BthPan - ok
12:09:50.0416 39648 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:09:50.0444 39648 BTHPORT - ok
12:09:50.0486 39648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:09:50.0543 39648 bthserv - ok
12:09:50.0572 39648 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:09:50.0612 39648 BTHUSB - ok
12:09:50.0659 39648 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
12:09:50.0682 39648 btmaux - ok
12:09:50.0702 39648 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
12:09:50.0726 39648 btmhsf - ok
12:09:50.0811 39648 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
12:09:50.0837 39648 ccSet_N360 - ok
12:09:50.0873 39648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:09:50.0928 39648 cdfs - ok
12:09:50.0972 39648 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:09:51.0021 39648 cdrom - ok
12:09:51.0052 39648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:09:51.0104 39648 CertPropSvc - ok
12:09:51.0141 39648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:09:51.0181 39648 circlass - ok
12:09:51.0199 39648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:09:51.0212 39648 CLFS - ok
12:09:51.0270 39648 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
12:09:51.0304 39648 CLKMSVC10_9EC60124 - ok
12:09:51.0372 39648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:09:51.0397 39648 clr_optimization_v2.0.50727_32 - ok
12:09:51.0421 39648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:09:51.0441 39648 clr_optimization_v2.0.50727_64 - ok
12:09:51.0515 39648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:09:51.0544 39648 clr_optimization_v4.0.30319_32 - ok
12:09:51.0564 39648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:09:51.0573 39648 clr_optimization_v4.0.30319_64 - ok
12:09:51.0605 39648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:09:51.0651 39648 CmBatt - ok
12:09:51.0665 39648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:09:51.0674 39648 cmdide - ok
12:09:51.0721 39648 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:09:51.0793 39648 CNG - ok
12:09:51.0830 39648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:09:51.0859 39648 Compbatt - ok
12:09:51.0889 39648 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:09:51.0943 39648 CompositeBus - ok
12:09:51.0959 39648 COMSysApp - ok
12:09:51.0994 39648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:09:52.0022 39648 crcdisk - ok
12:09:52.0069 39648 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:09:52.0111 39648 CryptSvc - ok
12:09:52.0160 39648 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:09:52.0191 39648 CtClsFlt - ok
12:09:52.0254 39648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:09:52.0337 39648 DcomLaunch - ok
12:09:52.0384 39648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:09:52.0459 39648 defragsvc - ok
12:09:52.0490 39648 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:09:52.0549 39648 DfsC - ok
12:09:52.0593 39648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:09:52.0652 39648 Dhcp - ok
12:09:52.0695 39648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:09:52.0762 39648 discache - ok
12:09:52.0799 39648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:09:52.0815 39648 Disk - ok
12:09:52.0853 39648 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:09:52.0897 39648 Dnscache - ok
12:09:52.0935 39648 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:09:52.0996 39648 dot3svc - ok
12:09:53.0011 39648 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:09:53.0067 39648 DPS - ok
12:09:53.0104 39648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:09:53.0161 39648 drmkaud - ok
12:09:53.0213 39648 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:09:53.0241 39648 DXGKrnl - ok
12:09:53.0265 39648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:09:53.0293 39648 EapHost - ok
12:09:53.0389 39648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:09:53.0443 39648 ebdrv - ok
12:09:53.0496 39648 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:09:53.0530 39648 eeCtrl - ok
12:09:53.0561 39648 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:09:53.0615 39648 EFS - ok
12:09:53.0675 39648 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:09:53.0713 39648 ehRecvr - ok
12:09:53.0747 39648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:09:53.0771 39648 ehSched - ok
12:09:53.0822 39648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:09:53.0849 39648 elxstor - ok
12:09:53.0887 39648 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:09:53.0914 39648 EraserUtilRebootDrv - ok
12:09:53.0925 39648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:09:53.0935 39648 ErrDev - ok
12:09:53.0960 39648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:09:54.0023 39648 EventSystem - ok
12:09:54.0128 39648 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:09:54.0159 39648 EvtEng - ok
12:09:54.0172 39648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:09:54.0212 39648 exfat - ok
12:09:54.0233 39648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:09:54.0285 39648 fastfat - ok
12:09:54.0326 39648 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:09:54.0342 39648 Fax - ok
12:09:54.0372 39648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:09:54.0417 39648 fdc - ok
12:09:54.0444 39648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:09:54.0495 39648 fdPHost - ok
12:09:54.0510 39648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:09:54.0560 39648 FDResPub - ok
12:09:54.0588 39648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:09:54.0598 39648 FileInfo - ok
12:09:54.0611 39648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:09:54.0683 39648 Filetrace - ok
12:09:54.0698 39648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:09:54.0708 39648 flpydisk - ok
12:09:54.0731 39648 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:09:54.0760 39648 FltMgr - ok
12:09:54.0808 39648 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:09:54.0835 39648 FontCache - ok
12:09:54.0887 39648 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:09:54.0908 39648 FontCache3.0.0.0 - ok
12:09:54.0941 39648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:09:54.0968 39648 FsDepends - ok
12:09:54.0999 39648 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:09:55.0026 39648 Fs_Rec - ok
12:09:55.0048 39648 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:09:55.0076 39648 fvevol - ok
12:09:55.0119 39648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:09:55.0147 39648 gagp30kx - ok
12:09:55.0191 39648 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
12:09:55.0216 39648 GIDv2 - ok
12:09:55.0277 39648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:09:55.0323 39648 gpsvc - ok
12:09:55.0358 39648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:09:55.0387 39648 hcw85cir - ok
12:09:55.0427 39648 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:09:55.0463 39648 HdAudAddService - ok
12:09:55.0500 39648 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:09:55.0547 39648 HDAudBus - ok
12:09:55.0585 39648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:09:55.0603 39648 HidBatt - ok
12:09:55.0621 39648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:09:55.0662 39648 HidBth - ok
12:09:55.0719 39648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:09:55.0751 39648 HidIr - ok
12:09:55.0780 39648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:09:55.0820 39648 hidserv - ok
12:09:55.0869 39648 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:09:55.0898 39648 HidUsb - ok
12:09:55.0938 39648 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:09:56.0029 39648 hkmsvc - ok
12:09:56.0048 39648 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:09:56.0074 39648 HomeGroupListener - ok
12:09:56.0117 39648 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:09:56.0141 39648 HomeGroupProvider - ok
12:09:56.0187 39648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:09:56.0218 39648 HpSAMD - ok
12:09:56.0271 39648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:09:56.0322 39648 HTTP - ok
12:09:56.0342 39648 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:09:56.0366 39648 hwpolicy - ok
12:09:56.0402 39648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:09:56.0431 39648 i8042prt - ok
12:09:56.0461 39648 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:09:56.0491 39648 iaStor - ok
12:09:56.0542 39648 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:09:56.0567 39648 IAStorDataMgrSvc - ok
12:09:56.0614 39648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:09:56.0648 39648 iaStorV - ok
12:09:56.0668 39648 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:09:56.0702 39648 iBtFltCoex - ok
12:09:56.0769 39648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:09:56.0805 39648 idsvc - ok
12:09:56.0877 39648 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130101.001\IDSvia64.sys
12:09:56.0915 39648 IDSVia64 - ok
12:09:56.0984 39648 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
12:09:57.0007 39648 IDVaultSvc - ok
12:09:57.0313 39648 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:09:57.0636 39648 igfx - ok
12:09:57.0664 39648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:09:57.0692 39648 iirsp - ok
12:09:57.0738 39648 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:09:57.0783 39648 IKEEXT - ok
12:09:57.0822 39648 [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
12:09:57.0847 39648 InputFilter_Hid_FlexDef2b - ok
12:09:57.0940 39648 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:09:57.0978 39648 IntcAzAudAddService - ok
12:09:58.0011 39648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:09:58.0020 39648 intelide - ok
12:09:58.0032 39648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:09:58.0053 39648 intelppm - ok
12:09:58.0087 39648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:09:58.0140 39648 IPBusEnum - ok
12:09:58.0171 39648 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:58.0220 39648 IpFilterDriver - ok
12:09:58.0280 39648 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:09:58.0317 39648 iphlpsvc - ok
12:09:58.0333 39648 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:09:58.0372 39648 IPMIDRV - ok
12:09:58.0394 39648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:09:58.0462 39648 IPNAT - ok
12:09:58.0484 39648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:09:58.0499 39648 IRENUM - ok
12:09:58.0529 39648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:09:58.0558 39648 isapnp - ok
12:09:58.0584 39648 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:09:58.0603 39648 iScsiPrt - ok
12:09:58.0636 39648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:09:58.0645 39648 kbdclass - ok
12:09:58.0676 39648 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:09:58.0716 39648 kbdhid - ok
12:09:58.0728 39648 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:09:58.0738 39648 KeyIso - ok
12:09:58.0766 39648 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:09:58.0797 39648 KSecDD - ok
12:09:58.0812 39648 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:09:58.0822 39648 KSecPkg - ok
12:09:58.0858 39648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:09:58.0915 39648 ksthunk - ok
12:09:58.0951 39648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:09:59.0031 39648 KtmRm - ok
12:09:59.0067 39648 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:09:59.0147 39648 LanmanServer - ok
12:09:59.0180 39648 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:09:59.0241 39648 LanmanWorkstation - ok
12:09:59.0279 39648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:09:59.0329 39648 lltdio - ok
12:09:59.0362 39648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:09:59.0416 39648 lltdsvc - ok
12:09:59.0435 39648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:09:59.0463 39648 lmhosts - ok
12:09:59.0503 39648 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:09:59.0529 39648 LMS - ok
12:09:59.0565 39648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:09:59.0589 39648 LSI_FC - ok
12:09:59.0617 39648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:09:59.0647 39648 LSI_SAS - ok
12:09:59.0650 39648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:09:59.0660 39648 LSI_SAS2 - ok
12:09:59.0664 39648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:09:59.0673 39648 LSI_SCSI - ok
12:09:59.0693 39648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:09:59.0750 39648 luafv - ok
12:09:59.0778 39648 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:09:59.0789 39648 Mcx2Svc - ok
12:09:59.0815 39648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:09:59.0844 39648 megasas - ok
12:09:59.0872 39648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:09:59.0883 39648 MegaSR - ok
12:09:59.0919 39648 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:09:59.0944 39648 MEIx64 - ok
12:09:59.0973 39648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:10:00.0050 39648 MMCSS - ok
12:10:00.0074 39648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:10:00.0103 39648 Modem - ok
12:10:00.0124 39648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:10:00.0187 39648 monitor - ok
12:10:00.0226 39648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:10:00.0249 39648 mouclass - ok
12:10:00.0266 39648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:10:00.0276 39648 mouhid - ok
12:10:00.0310 39648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:10:00.0338 39648 mountmgr - ok
12:10:00.0348 39648 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:10:00.0358 39648 mpio - ok
12:10:00.0374 39648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:10:00.0404 39648 mpsdrv - ok
12:10:00.0450 39648 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:10:00.0509 39648 MpsSvc - ok
12:10:00.0524 39648 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:10:00.0539 39648 MRxDAV - ok
12:10:00.0566 39648 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:00.0582 39648 mrxsmb - ok
12:10:00.0608 39648 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:00.0639 39648 mrxsmb10 - ok
12:10:00.0655 39648 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:00.0666 39648 mrxsmb20 - ok
12:10:00.0704 39648 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:10:00.0728 39648 msahci - ok
12:10:00.0740 39648 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:10:00.0750 39648 msdsm - ok
12:10:00.0777 39648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:10:00.0788 39648 MSDTC - ok
12:10:00.0816 39648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:10:00.0864 39648 Msfs - ok
12:10:00.0881 39648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:10:00.0915 39648 mshidkmdf - ok
12:10:00.0938 39648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:10:00.0947 39648 msisadrv - ok
12:10:00.0975 39648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:10:01.0038 39648 MSiSCSI - ok
12:10:01.0041 39648 msiserver - ok
12:10:01.0064 39648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:10:01.0100 39648 MSKSSRV - ok
12:10:01.0129 39648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:01.0192 39648 MSPCLOCK - ok
12:10:01.0208 39648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:10:01.0236 39648 MSPQM - ok
12:10:01.0257 39648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:10:01.0270 39648 MsRPC - ok
12:10:01.0286 39648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:10:01.0295 39648 mssmbios - ok
12:10:01.0322 39648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:10:01.0396 39648 MSTEE - ok
12:10:01.0405 39648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:10:01.0416 39648 MTConfig - ok
12:10:01.0428 39648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:10:01.0437 39648 Mup - ok
12:10:01.0472 39648 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:10:01.0505 39648 MyWiFiDHCPDNS - ok
12:10:01.0565 39648 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe
12:10:01.0593 39648 N360 - ok
12:10:01.0634 39648 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:10:01.0724 39648 napagent - ok
12:10:01.0782 39648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:10:01.0819 39648 NativeWifiP - ok
12:10:01.0891 39648 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130101.040\ENG64.SYS
12:10:01.0921 39648 NAVENG - ok
12:10:01.0989 39648 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130101.040\EX64.SYS
12:10:02.0029 39648 NAVEX15 - ok
12:10:02.0069 39648 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:10:02.0088 39648 NDIS - ok
12:10:02.0117 39648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:02.0180 39648 NdisCap - ok
12:10:02.0202 39648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:02.0230 39648 NdisTapi - ok
12:10:02.0260 39648 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:02.0331 39648 Ndisuio - ok
12:10:02.0357 39648 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:02.0419 39648 NdisWan - ok
12:10:02.0444 39648 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:10:02.0471 39648 NDProxy - ok
12:10:02.0491 39648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:10:02.0541 39648 NetBIOS - ok
12:10:02.0562 39648 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:10:02.0591 39648 NetBT - ok
12:10:02.0606 39648 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:10:02.0616 39648 Netlogon - ok
12:10:02.0640 39648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:10:02.0715 39648 Netman - ok
12:10:02.0751 39648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:02.0761 39648 NetMsmqActivator - ok
12:10:02.0764 39648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:02.0773 39648 NetPipeActivator - ok
12:10:02.0795 39648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:10:02.0827 39648 netprofm - ok
12:10:02.0831 39648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:02.0839 39648 NetTcpActivator - ok
12:10:02.0842 39648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:02.0851 39648 NetTcpPortSharing - ok
12:10:03.0033 39648 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
12:10:03.0230 39648 NETwNs64 - ok
12:10:03.0274 39648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:10:03.0303 39648 nfrd960 - ok
12:10:03.0356 39648 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:10:03.0399 39648 NlaSvc - ok
12:10:03.0416 39648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:10:03.0470 39648 Npfs - ok
12:10:03.0492 39648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:10:03.0521 39648 nsi - ok
12:10:03.0531 39648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:10:03.0559 39648 nsiproxy - ok
12:10:03.0626 39648 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:10:03.0661 39648 Ntfs - ok
12:10:03.0679 39648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:10:03.0706 39648 Null - ok
12:10:03.0732 39648 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:10:03.0742 39648 nusb3hub - ok
12:10:03.0770 39648 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:10:03.0802 39648 nusb3xhc - ok
12:10:03.0833 39648 [ D980B1551DD0C8BDC3B07D617B4D42A6 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
12:10:03.0856 39648 nvkflt - ok
12:10:04.0274 39648 [ 386FB2E1EF51495629089231957B7D9A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:10:04.0593 39648 nvlddmkm - ok
12:10:04.0624 39648 [ E0CABFD2564CB064EAA5789CD6960C4A ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:10:04.0647 39648 nvpciflt - ok
12:10:04.0681 39648 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:10:04.0705 39648 nvraid - ok
12:10:04.0744 39648 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:10:04.0775 39648 nvstor - ok
12:10:04.0872 39648 [ 3947AD5D03E6ABCCE037801162FDB90D ] NVSvc C:\Windows\system32\nvvsvc.exe
12:10:04.0919 39648 NVSvc - ok
12:10:05.0017 39648 [ C5B3BB5DC9C62700C4A72C2A89CA1D58 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:10:05.0059 39648 nvUpdatusService - ok
12:10:05.0082 39648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:05.0092 39648 nv_agp - ok
12:10:05.0117 39648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:10:05.0128 39648 ohci1394 - ok
12:10:05.0155 39648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:10:05.0193 39648 p2pimsvc - ok
12:10:05.0216 39648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:05.0229 39648 p2psvc - ok
12:10:05.0249 39648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:10:05.0270 39648 Parport - ok
12:10:05.0309 39648 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:05.0327 39648 partmgr - ok
12:10:05.0349 39648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:05.0405 39648 PcaSvc - ok
12:10:05.0422 39648 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:10:05.0433 39648 pci - ok
12:10:05.0460 39648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:05.0477 39648 pciide - ok
12:10:05.0510 39648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:10:05.0532 39648 pcmcia - ok
12:10:05.0545 39648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:10:05.0554 39648 pcw - ok
12:10:05.0577 39648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:05.0611 39648 PEAUTH - ok
12:10:05.0685 39648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:10:05.0729 39648 PerfHost - ok
12:10:05.0797 39648 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:10:05.0852 39648 pla - ok
12:10:05.0894 39648 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:05.0923 39648 PlugPlay - ok
12:10:05.0953 39648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:10:06.0003 39648 PNRPAutoReg - ok
12:10:06.0022 39648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:10:06.0035 39648 PNRPsvc - ok
12:10:06.0065 39648 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:06.0112 39648 PolicyAgent - ok
12:10:06.0189 39648 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
12:10:06.0200 39648 Power - ok
12:10:06.0288 39648 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:06.0351 39648 PptpMiniport - ok
12:10:06.0371 39648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:10:06.0418 39648 Processor - ok
12:10:06.0542 39648 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:06.0577 39648 ProfSvc - ok
12:10:06.0606 39648 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:06.0637 39648 ProtectedStorage - ok
12:10:06.0720 39648 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:10:06.0894 39648 Psched - ok
12:10:06.0959 39648 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:10:06.0984 39648 PxHlpa64 - ok
12:10:07.0093 39648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:10:07.0134 39648 ql2300 - ok
12:10:07.0186 39648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:10:07.0195 39648 ql40xx - ok
12:10:07.0250 39648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:10:07.0277 39648 QWAVE - ok
12:10:07.0299 39648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:07.0357 39648 QWAVEdrv - ok
12:10:07.0404 39648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:07.0461 39648 RasAcd - ok
12:10:07.0543 39648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:07.0636 39648 RasAgileVpn - ok
12:10:07.0663 39648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:07.0691 39648 RasAuto - ok
12:10:07.0714 39648 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:07.0741 39648 Rasl2tp - ok
12:10:07.0759 39648 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:10:07.0803 39648 RasMan - ok
12:10:07.0824 39648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:07.0858 39648 RasPppoe - ok
12:10:07.0889 39648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:07.0918 39648 RasSstp - ok
12:10:07.0933 39648 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:07.0962 39648 rdbss - ok
12:10:07.0980 39648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:10:07.0999 39648 rdpbus - ok
12:10:08.0025 39648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:08.0053 39648 RDPCDD - ok
12:10:08.0063 39648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:08.0100 39648 RDPENCDD - ok
12:10:08.0113 39648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:10:08.0152 39648 RDPREFMP - ok
12:10:08.0181 39648 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:08.0193 39648 RDPWD - ok
12:10:08.0232 39648 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:10:08.0260 39648 rdyboost - ok
12:10:08.0318 39648 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:10:08.0354 39648 RegSrvc - ok
12:10:08.0382 39648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:08.0421 39648 RemoteAccess - ok
12:10:08.0456 39648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:08.0512 39648 RemoteRegistry - ok
12:10:08.0547 39648 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:10:08.0589 39648 RFCOMM - ok
12:10:08.0710 39648 [ 053A0D66B1982D93A20062E4DA40B29B ] RoxMediaDB13 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
12:10:08.0746 39648 RoxMediaDB13 - ok
12:10:08.0781 39648 [ 495C85B15470374A9499451893742EE6 ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
12:10:08.0794 39648 RoxWatch12 - ok
12:10:08.0818 39648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:10:08.0872 39648 RpcEptMapper - ok
12:10:08.0898 39648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:10:08.0910 39648 RpcLocator - ok
12:10:08.0941 39648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:10:08.0993 39648 RpcSs - ok
12:10:09.0029 39648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:09.0080 39648 rspndr - ok
12:10:09.0118 39648 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:10:09.0128 39648 RSUSBSTOR - ok
12:10:09.0166 39648 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:10:09.0178 39648 RTL8167 - ok
12:10:09.0215 39648 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\Windows\system32\Drivers\Sahdad64.sys
12:10:09.0238 39648 Sahdad64 - ok
12:10:09.0259 39648 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\Windows\system32\Drivers\Saibad64.sys
12:10:09.0267 39648 Saibad64 - ok
12:10:09.0311 39648 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\Windows\system32\Drivers\SaibVdAd64.sys
12:10:09.0334 39648 SaibVdAd64 - ok
12:10:09.0350 39648 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:10:09.0360 39648 SamSs - ok
12:10:09.0421 39648 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:10:09.0444 39648 SASDIFSV - ok
12:10:09.0472 39648 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:10:09.0479 39648 SASKUTIL - ok
12:10:09.0499 39648 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:09.0524 39648 sbp2port - ok
12:10:09.0554 39648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:09.0594 39648 SCardSvr - ok
12:10:09.0611 39648 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:10:09.0638 39648 scfilter - ok
12:10:09.0663 39648 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:10:09.0705 39648 Schedule - ok
12:10:09.0731 39648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:09.0760 39648 SCPolicySvc - ok
12:10:09.0784 39648 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:09.0816 39648 SDRSVC - ok
12:10:09.0847 39648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:09.0913 39648 secdrv - ok
12:10:09.0933 39648 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:10:09.0960 39648 seclogon - ok
12:10:09.0977 39648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:10:10.0012 39648 SENS - ok
12:10:10.0042 39648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:10:10.0053 39648 SensrSvc - ok
12:10:10.0087 39648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:10:10.0129 39648 Serenum - ok
12:10:10.0165 39648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:10:10.0209 39648 Serial - ok
12:10:10.0231 39648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:10:10.0268 39648 sermouse - ok
12:10:10.0302 39648 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:10.0337 39648 SessionEnv - ok
12:10:10.0356 39648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:10.0375 39648 sffdisk - ok
12:10:10.0385 39648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:10.0405 39648 sffp_mmc - ok
12:10:10.0419 39648 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:10.0432 39648 sffp_sd - ok
12:10:10.0449 39648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:10:10.0459 39648 sfloppy - ok
12:10:10.0494 39648 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:10.0545 39648 SharedAccess - ok
12:10:10.0565 39648 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:10.0606 39648 ShellHWDetection - ok
12:10:10.0653 39648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:10:10.0677 39648 SiSRaid2 - ok
12:10:10.0701 39648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:10:10.0711 39648 SiSRaid4 - ok
12:10:10.0752 39648 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:10:10.0779 39648 SkypeUpdate - ok
12:10:10.0803 39648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:10.0878 39648 Smb - ok
12:10:10.0924 39648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:10.0956 39648 SNMPTRAP - ok
12:10:10.0970 39648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:10.0979 39648 spldr - ok
12:10:11.0017 39648 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:11.0051 39648 Spooler - ok
12:10:11.0139 39648 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:10:11.0205 39648 sppsvc - ok
12:10:11.0221 39648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:10:11.0250 39648 sppuinotify - ok
12:10:11.0327 39648 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
12:10:11.0355 39648 SRTSP - ok
12:10:11.0363 39648 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
12:10:11.0370 39648 SRTSPX - ok
12:10:11.0404 39648 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:11.0438 39648 srv - ok
12:10:11.0460 39648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:11.0480 39648 srv2 - ok
12:10:11.0493 39648 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:11.0505 39648 srvnet - ok
12:10:11.0539 39648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:11.0570 39648 SSDPSRV - ok
12:10:11.0580 39648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:11.0608 39648 SstpSvc - ok
12:10:11.0637 39648 [ B69E79470474A8BEF06BE2130D0210A8 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:10:11.0649 39648 Stereo Service - ok
12:10:11.0671 39648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:10:11.0680 39648 stexstor - ok
12:10:11.0724 39648 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:10:11.0751 39648 stisvc - ok
12:10:11.0761 39648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:10:11.0770 39648 swenum - ok
12:10:11.0802 39648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:10:11.0851 39648 swprv - ok
12:10:11.0900 39648 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
12:10:11.0923 39648 SymDS - ok
12:10:11.0974 39648 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
12:10:11.0995 39648 SymEFA - ok
12:10:12.0018 39648 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:10:12.0027 39648 SymEvent - ok
12:10:12.0064 39648 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
12:10:12.0090 39648 SymIRON - ok
12:10:12.0108 39648 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
12:10:12.0119 39648 SymNetS - ok
12:10:12.0182 39648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:10:12.0271 39648 SysMain - ok
12:10:12.0286 39648 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:12.0334 39648 TabletInputService - ok
12:10:12.0362 39648 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:12.0439 39648 TapiSrv - ok
12:10:12.0452 39648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:10:12.0480 39648 TBS - ok
12:10:12.0564 39648 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:12.0602 39648 Tcpip - ok
12:10:12.0643 39648 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:12.0688 39648 TCPIP6 - ok
12:10:12.0703 39648 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:12.0720 39648 tcpipreg - ok
12:10:12.0753 39648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:12.0799 39648 TDPIPE - ok
12:10:12.0839 39648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:12.0869 39648 TDTCP - ok
12:10:12.0894 39648 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:12.0923 39648 tdx - ok
12:10:12.0954 39648 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:10:12.0964 39648 TermDD - ok
12:10:12.0995 39648 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:10:13.0048 39648 TermService - ok
12:10:13.0059 39648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:10:13.0073 39648 Themes - ok
12:10:13.0097 39648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:13.0129 39648 THREADORDER - ok
12:10:13.0144 39648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:10:13.0182 39648 TrkWks - ok
12:10:13.0231 39648 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:13.0284 39648 TrustedInstaller - ok
12:10:13.0301 39648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:13.0329 39648 tssecsrv - ok
12:10:13.0355 39648 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:10:13.0386 39648 TsUsbFlt - ok
12:10:13.0405 39648 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:10:13.0436 39648 TsUsbGD - ok
12:10:13.0471 39648 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:13.0522 39648 tunnel - ok
12:10:13.0540 39648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:10:13.0549 39648 uagp35 - ok
12:10:13.0562 39648 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:13.0606 39648 udfs - ok
12:10:13.0632 39648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:13.0644 39648 UI0Detect - ok
12:10:13.0668 39648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:13.0677 39648 uliagpkx - ok
12:10:13.0721 39648 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:10:13.0770 39648 umbus - ok
12:10:13.0780 39648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:10:13.0790 39648 UmPass - ok
12:10:13.0899 39648 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:10:13.0946 39648 UNS - ok
12:10:13.0976 39648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:10:14.0032 39648 upnphost - ok
12:10:14.0085 39648 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:10:14.0139 39648 usbaudio - ok
12:10:14.0172 39648 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:14.0199 39648 usbccgp - ok
12:10:14.0227 39648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:14.0260 39648 usbcir - ok
12:10:14.0279 39648 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:10:14.0289 39648 usbehci - ok
12:10:14.0332 39648 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:14.0365 39648 usbhub - ok
12:10:14.0379 39648 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:10:14.0407 39648 usbohci - ok
12:10:14.0416 39648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:10:14.0449 39648 usbprint - ok
12:10:14.0470 39648 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:14.0498 39648 USBSTOR - ok
12:10:14.0530 39648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:10:14.0569 39648 usbuhci - ok
12:10:14.0610 39648 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:10:14.0649 39648 usbvideo - ok
12:10:14.0667 39648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:10:14.0723 39648 UxSms - ok
12:10:14.0740 39648 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:10:14.0750 39648 VaultSvc - ok
12:10:14.0794 39648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:10:14.0823 39648 vdrvroot - ok
12:10:14.0843 39648 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:10:14.0875 39648 vds - ok
12:10:14.0886 39648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:14.0899 39648 vga - ok
12:10:14.0907 39648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:14.0942 39648 VgaSave - ok
12:10:14.0957 39648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:10:14.0968 39648 vhdmp - ok
12:10:14.0993 39648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:15.0002 39648 viaide - ok
12:10:15.0034 39648 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:15.0065 39648 volmgr - ok
12:10:15.0086 39648 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:15.0099 39648 volmgrx - ok
12:10:15.0115 39648 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:15.0128 39648 volsnap - ok
12:10:15.0152 39648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:10:15.0179 39648 vsmraid - ok
12:10:15.0237 39648 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:10:15.0292 39648 VSS - ok
12:10:15.0319 39648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:10:15.0331 39648 vwifibus - ok
12:10:15.0350 39648 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:10:15.0398 39648 vwififlt - ok
12:10:15.0416 39648 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:10:15.0430 39648 vwifimp - ok
12:10:15.0470 39648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:10:15.0512 39648 W32Time - ok
12:10:15.0542 39648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:10:15.0574 39648 WacomPen - ok
12:10:15.0608 39648 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:10:15.0676 39648 WANARP - ok
12:10:15.0679 39648 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:15.0706 39648 Wanarpv6 - ok
12:10:15.0762 39648 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:10:15.0801 39648 WatAdminSvc - ok
12:10:15.0840 39648 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:10:15.0877 39648 wbengine - ok
12:10:15.0897 39648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:10:15.0913 39648 WbioSrvc - ok
12:10:15.0927 39648 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:10:15.0957 39648 wcncsvc - ok
12:10:15.0984 39648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:15.0995 39648 WcsPlugInService - ok
12:10:16.0020 39648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:10:16.0036 39648 Wd - ok
12:10:16.0080 39648 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:10:16.0123 39648 Wdf01000 - ok
12:10:16.0145 39648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:10:16.0199 39648 WdiServiceHost - ok
12:10:16.0206 39648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:10:16.0221 39648 WdiSystemHost - ok
12:10:16.0238 39648 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:10:16.0255 39648 WebClient - ok
12:10:16.0270 39648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:10:16.0316 39648 Wecsvc - ok
12:10:16.0338 39648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:10:16.0396 39648 wercplsupport - ok
12:10:16.0418 39648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:10:16.0447 39648 WerSvc - ok
12:10:16.0475 39648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:16.0523 39648 WfpLwf - ok
12:10:16.0537 39648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:10:16.0546 39648 WIMMount - ok
12:10:16.0553 39648 WinDefend - ok
12:10:16.0557 39648 WinHttpAutoProxySvc - ok
12:10:16.0608 39648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:10:16.0649 39648 Winmgmt - ok
12:10:16.0715 39648 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:10:16.0758 39648 WinRM - ok
12:10:16.0796 39648 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:16.0814 39648 WinUsb - ok
12:10:16.0869 39648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:10:16.0909 39648 Wlansvc - ok
12:10:16.0941 39648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:10:16.0961 39648 WmiAcpi - ok
12:10:16.0994 39648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:10:17.0047 39648 wmiApSrv - ok
12:10:17.0087 39648 WMPNetworkSvc - ok
12:10:17.0116 39648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:10:17.0138 39648 WPCSvc - ok
12:10:17.0156 39648 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:10:17.0196 39648 WPDBusEnum - ok
12:10:17.0220 39648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:10:17.0274 39648 ws2ifsl - ok
12:10:17.0300 39648 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:10:17.0339 39648 wscsvc - ok
12:10:17.0346 39648 WSearch - ok
12:10:17.0430 39648 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:10:17.0480 39648 wuauserv - ok
12:10:17.0501 39648 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:10:17.0510 39648 WudfPf - ok
12:10:17.0538 39648 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:17.0576 39648 WUDFRd - ok
12:10:17.0621 39648 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:10:17.0649 39648 wudfsvc - ok
12:10:17.0680 39648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:10:17.0714 39648 WwanSvc - ok
12:10:17.0744 39648 ================ Scan global ===============================
12:10:17.0760 39648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:10:17.0797 39648 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:10:17.0812 39648 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:10:17.0850 39648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:10:17.0879 39648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:10:17.0887 39648 [Global] - ok
12:10:17.0888 39648 ================ Scan MBR ==================================
12:10:17.0908 39648 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:10:18.0998 39648 \Device\Harddisk0\DR0 - ok
12:10:19.0005 39648 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR4
12:10:19.0123 39648 \Device\Harddisk1\DR4 - ok
12:10:19.0124 39648 ================ Scan VBR ==================================
12:10:19.0146 39648 [ C7F539FD65D60239268305F7490620AE ] \Device\Harddisk0\DR0\Partition1
12:10:19.0149 39648 \Device\Harddisk0\DR0\Partition1 - ok
12:10:19.0164 39648 [ 8EE6F0AEBC5909CDC1E4A464B99DF692 ] \Device\Harddisk0\DR0\Partition2
12:10:19.0168 39648 \Device\Harddisk0\DR0\Partition2 - ok
12:10:19.0175 39648 [ 898F1CD642A436AD670C80C21AB128DE ] \Device\Harddisk1\DR4\Partition1
12:10:19.0176 39648 \Device\Harddisk1\DR4\Partition1 - ok
12:10:19.0176 39648 ============================================================
12:10:19.0176 39648 Scan finished
12:10:19.0176 39648 ============================================================
12:10:19.0184 41256 Detected object count: 3
12:10:19.0184 41256 Actual detected object count: 3
12:10:23.0220 41256 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:23.0221 41256 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:10:23.0222 41256 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:23.0222 41256 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:10:23.0225 41256 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:23.0225 41256 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip



# AdwCleaner v2.104 - Logfile created 01/02/2013 at 12:17:10
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alex - ALEX-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Alex\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\SpecialSavings
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Alex\AppData\Local\Conduit
Folder Deleted : C:\Users\Alex\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Alex\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alex\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Alex\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Alex\AppData\Roaming\SpecialSavings
Folder Deleted : C:\Users\Alex\Documents\ShopToWin

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\848d8ab36aba40
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\848d8ab36aba40
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09C14BAE-2D45-4133-B0FA-5EA4FE5CF978}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115849&tt=051212_crm_4912_3&babsrc=HP_ss&mntrId=c2cc7ff1000000000000848f69b9c105 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10827 octets] - [02/01/2013 12:17:10]

########## EOF - C:\AdwCleaner[S1].txt - [10888 octets] ##########

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 01:24 PM

Hi again,

Thanks for the logs! :)

It looks like your Babylon toolbar should not be running right now, although I've seen it persist. Let me know if you still have the toolbar active.

==========

In the meantime, to get RogueKiller to run, try this:

Turn off any security software you have running, If you do not know how to do this you can find out here or here

Then try again to run the program as previously instructed, and post me the log. :thumbup2:

Let me know how the machine is running now!

bloopie

#5 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 02:00 PM

Babylon toolbar seems to be gone.

I disabled Norton and ran RogueKiller. It detected 3 items, Only one was deleted. The status of the other two items was "Replaced (0)". Here is the log -

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Remove -- Date : 01/02/2013 13:56:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 51d30feb6b0e094af58983bd1b8d5bc6
[BSP] 3af53d2811bad9043e2968fb666a5e84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15644 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32120832 | Size: 594792 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Ultra Backup USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01022013_02d1356.txt >>
RKreport[1]_S_01022013_02d1356.txt ; RKreport[2]_D_01022013_02d1356.txt

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 02:40 PM

Hi again,

Good work! :thumbup2:

Now, let's get a couple of other scans for leftovers...these may take some time, so please be patient:

Step :step1:

Please update MBAM and run a Full scan (remove all found items)...then copy and paste the results in your next reply.

==========

Step :step2:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

Please copy and paste both logs in your next reply, and let me know how the machine is running now! :)

bloopie

#7 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 04:56 PM

Machine seems to be running normally (no obvious symptoms). Here are the logs you requested -

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-LAPTOP [administrator]

1/2/2013 2:42:59 PM
mbam-log-2013-01-02 (14-42-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363301
Time elapsed: 40 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=95d4952bf33b9d4aab54e80b784140f3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-02 09:53:06
# local_time=2013-01-02 04:53:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 83 95 2345546 107739682 0 0
# compatibility_mode=5893 16776574 100 94 15935376 108707036 0 0
# scanned=146424
# found=11
# cleaned=0
# scan_time=4405
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R00CTBX.exe a variant of Win32/Adware.Gamevance.CF application (unable to clean) CAF7F417357DA2500E2D8C28E269D219B0D61D12 I
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R0DD3HL.exe multiple threats (unable to clean) 8FE84AD1C5F319F0B05E5F0FF90F5ACFDC7DF184 I
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R2CRQDM.exe a variant of Win32/Adware.Gamevance.CF application (unable to clean) CAF7F417357DA2500E2D8C28E269D219B0D61D12 I
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R5J7XBI.exe a variant of Win32/OpenInstall application (unable to clean) 920856C9B42DCA2F5EE69D3633466A1E6E59EF2C I
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$RSDDA4W.exe a variant of Win32/InstallBrain.P application (unable to clean) 13EB9513D86F63E88FCE2B83D901C2BB270EC714 I
C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$RUZ9KG3.exe Win32/DownloadAdmin.F application (unable to clean) 600A0295369F89C300038D770E5E114F2E25A3AF I
C:\Users\Alex\Downloads\BestCodecsPackSetup.exe a variant of Win32/InstallBrain.P application (unable to clean) 13EB9513D86F63E88FCE2B83D901C2BB270EC714 I
C:\Users\Alex\Downloads\epicbot.exe a variant of Win32/InstallIQ application (unable to clean) E004A15AA2A9E208AF1356BBAC453B0FC4116EB7 I
C:\Users\Alex\Downloads\Hot or Cold Predictor.zip a variant of MSIL/Spy.Agent.FG trojan (unable to clean) EE4F8175859871772B7B0AAA4057D7D824C06DA1 I
C:\Users\Alex\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (unable to clean) 2503638237A9469DCB691D06A5701C55C66644D3 I
C:\Users\Alex\Downloads\Runescape Gold Hack - 2012.rar a variant of MSIL/Spy.Agent.FG trojan (unable to clean) 145CD4F1D775A9BFD5BE31856F4B1C1469FBB604 I

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 05:23 PM

Hi again,

Machine seems to be running normally (no obvious symptoms). Here are the logs you requested -

Excellent! Glad to hear it! :thumbup2:

Those logs are looking good, but we have more to do!

==========

Now, lets remove what was found in the ESET scan with a batch, and then we'll do some updates:

Step :step1:

  • Hold the "WindowsPosted Image" key and press "R" to open the runbox and type in notepad and click Ok.
  • Copy the text in the code box below then paste it into the blank Notepad and save it to your Desktop as DelFile.bat
@echo off
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R00CTBX.exe"
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R0DD3HL.exe"
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R2CRQDM.exe"
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$R5J7XBI.exe"
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$RSDDA4W.exe"
del /f /s /q "C:\$Recycle.Bin\S-1-5-21-3545251101-3526393743-1197341989-1000\$RUZ9KG3.exe"
del /f /s /q "C:\Users\Alex\Downloads\BestCodecsPackSetup.exe"
del /f /s /q "C:\Users\Alex\Downloads\epicbot.exe"
del /f /s /q "C:\Users\Alex\Downloads\Hot or Cold Predictor.zip"
del /f /s /q "C:\Users\Alex\Downloads\iLividSetup.exe"
del /f /s /q "C:\Users\Alex\Downloads\Runescape Gold Hack - 2012.rar"
del %0
  • ---->>The batch file should now look like this: Posted Image<--in Windows Vista/7 and this:Posted Image<--in Windows XP
  • Now double click on the DelFile.bat on your Desktop and the batch will quickly run and delete itself for you.
  • Now reboot the machine.

==========

Step :step2:

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

==========

Step :step3:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

==========

Let me know if you had any trouble with the above steps! :thumbup2:

bloopie

#9 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 07:56 PM

Ran the batch file to remove trash found by eset. Successfully removed old versions of Adobe Reader and Java. Installed latest versions of Adobe Reader and JRE.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 08:35 PM

Good work! :clapping:

Is there anything else I should know about at this point, or are we done here?

Everything running okay? :)

bloopie

#11 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 January 2013 - 08:38 PM

Everything seems to be running fine. Thanks so much for your assistance.

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:15 PM

Posted 02 January 2013 - 09:07 PM

Glad we could help! :thumbup2:

Safe surfing and best of regards,

bloopie :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users