Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assistance with PUP.Crossfire.SA removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 traptack

traptack

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 12 January 2013 - 11:24 AM

I ran a quick scan on malware antimalware today and two things popped up, both named PUP.CrossFire.SA, one a registry value, and a key.
I did a search online and read that simply removing them from malware wasn't actually good enough, it wouldn't permanently terminate them?

I don't know how long till I get a response, but I will be removing the two threats with malware antimalware in 8-12 hours, so if you see this, at least tell me if I Shouldn't.

if this type of question has already been answered and I share simmilar symptoms, please do redirect me to a recently solved thread to save you some time, thanks.
**update, I just removed them on malware, not sure if they are completely gone of course
______________________________________________________________________________________________________________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Anthony at 8:14:42 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.5274 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\LockKey\LockKey.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\25564664C616D696E676F6 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\45A46353C4 : DHCPNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\478656F5265616E6562797 : DHCPNameServer = 10.1.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\
FF - prefs.js: browser.startup.homepage - hxxp://smart-homepage.blogspot.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-9921204958649638:9045185518&ie=UTF-8&sa=Search&ref=pagecode.blogspot.com&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-13 16:19; {e36db930-f18d-4449-b45f-e286cfb9e03a}; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - ExtSQL: 2012-11-22 13:30; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-11-29 02:43; anttoolbar@ant.com; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2012-12-20 20:08; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF - ExtSQL: 2013-01-01 22:26; toolbar@ask.com; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-01-09 21:12; crossriderapp4493@crossrider.com; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\crossriderapp4493@crossrider.com
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-9-23 57952]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-8 19264]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-9-23 39008]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-9-23 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-8 30648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-2 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-7 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-7 370288]
R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-9-23 13408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-10 283200]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-9-23 59488]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-7 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-8 44808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-23 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-23 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-21 69640]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2012-11-27 5414184]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-23 363800]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-8 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-8 789824]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-13 104048]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2012-9-23 8208488]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2012/09/23 04:42:18;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-9-23 120160]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-9-23 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-9-23 615976]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-9-23 39976]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-11-10 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-11 13728]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-11 81312]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-27 18216]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-11 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-10 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-6-21 216072]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-11 14:53:22 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73E9D19C-EB32-4D65-9724-1877D8A30C49}\mpengine.dll
2013-01-10 05:12:50 99384 ----a-w- C:\Users\Anthony\AppData\Roaming\inst.exe
2013-01-10 05:12:50 82816 ----a-w- C:\Users\Anthony\AppData\Roaming\pcouffin.sys
2013-01-10 05:12:43 -------- d-----w- C:\ProgramData\VSO
2013-01-10 05:12:43 -------- d-----w- C:\Program Files (x86)\VSO
2013-01-10 05:12:18 -------- d-----w- C:\Users\Anthony\AppData\Local\Coupon Companion
2013-01-10 05:12:15 -------- d-----w- C:\Program Files (x86)\Coupon Companion
2013-01-09 22:14:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 22:14:54 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-08 05:38:18 -------- d-----w- C:\Windows\PCHEALTH
2013-01-08 05:36:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-01-08 05:35:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-01-08 00:10:55 -------- d-----w- C:\Users\Anthony\AppData\Roaming\SSH
2013-01-08 00:09:55 -------- d-----w- C:\Program Files (x86)\SSH Communications Security
2013-01-05 00:19:18 -------- d-----w- C:\Users\Anthony\AppData\Local\VMware
2013-01-05 00:17:35 63128 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-01-05 00:17:08 354456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-01-05 00:17:00 433816 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-01-05 00:17:00 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-01-05 00:16:56 942744 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-01-05 00:16:54 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-01-05 00:16:54 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-01-05 00:16:26 -------- d-----w- C:\Program Files (x86)\VMware
2013-01-05 00:16:26 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-01-05 00:16:14 -------- d-----w- C:\Program Files\Common Files\VMware
2013-01-03 19:49:10 -------- d-----w- C:\Users\Anthony\AppData\Local\SWTOR
2013-01-03 16:34:18 -------- d-----w- C:\Program Files (x86)\THQ
2013-01-03 06:11:43 -------- d-----w- C:\Users\Anthony\AppData\Local\NBGI
2013-01-03 02:43:53 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-01-03 02:43:53 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-01-03 02:43:52 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-01-03 02:43:52 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-01-03 02:43:52 -------- d-----w- C:\Program Files (x86)\OpenAL
2013-01-03 02:43:14 -------- d-----w- C:\Program Files (x86)\Snapshot
2013-01-02 17:41:21 -------- d-----w- C:\Program Files (x86)\SlySoft
2013-01-02 14:52:30 -------- d-----w- C:\Program Files (x86)\Nero
2013-01-02 14:52:21 -------- d-----w- C:\ProgramData\Nero
2013-01-02 06:25:58 -------- d-----w- C:\Program Files (x86)\Ask.com
2013-01-02 01:23:01 -------- d-----w- C:\Users\Anthony\.MakeMKV
2013-01-02 01:16:59 -------- d-----w- C:\Users\Anthony\AppData\Roaming\HandBrake
2012-12-31 15:47:35 -------- d-----w- C:\Users\Anthony\AppData\Local\Programs
2012-12-28 21:08:13 -------- d-----w- C:\Users\Anthony\AppData\Local\Runic Games
2012-12-26 15:04:55 -------- d-----w- C:\PFS8.1 PE_TMP
2012-12-26 15:04:48 -------- d-----w- C:\ProgramData\Panasonic
2012-12-25 20:30:29 -------- d-----w- C:\Users\Anthony\AppData\Local\Panasonic
2012-12-25 20:28:27 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-12-25 20:28:27 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-12-25 20:28:26 71840 ----a-w- C:\Windows\SysWow64\EPPicMgr.dll
2012-12-25 20:28:26 120992 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-12-25 20:28:26 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-12-25 19:53:22 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic
2012-12-25 19:53:07 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-12-25 19:53:07 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-12-25 19:53:00 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-12-22 06:35:42 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 06:35:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 06:35:35 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 06:35:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 19:41:55 -------- d-----w- C:\Users\Anthony\AppData\Local\Solid State Networks
2012-12-21 19:41:19 -------- d-----w- C:\Program Files (x86)\MeteorEntertainment
2012-12-16 19:28:38 -------- d-----w- C:\Users\Anthony\.thumbnails
2012-12-16 19:23:55 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-12-16 00:44:04 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Dwarfs
2012-12-16 00:42:40 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-12-14 04:58:27 -------- d-----w- C:\Users\Anthony\AppData\Local\CrashRpt
2012-12-14 04:57:06 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
.
==================== Find3M ====================
.
2013-01-09 05:49:21 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 05:49:21 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-29 08:40:10 559032 ----a-w- C:\Windows\SysWow64\oemdspif.dll
2012-12-29 08:40:09 997816 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 55736 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-14 05:26:53 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-14 05:26:53 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-14 05:25:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-14 05:25:37 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-05 05:50:07 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 21:30:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 05:08:16 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 02:30:28 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-11-14 22:45:34 1981824 ----a-w- C:\Windows\System32\Pen_Tablet.dll
2012-11-14 22:45:34 1974656 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2012-11-14 22:45:34 1844096 ----a-w- C:\Windows\System32\Wintab32.dll
2012-11-14 22:45:34 1841024 ----a-w- C:\Windows\System32\WacomMT.dll
2012-11-14 22:45:32 1510272 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2012-11-14 22:45:32 1506176 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2012-11-14 22:45:30 1629056 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2012-11-14 22:45:30 1621888 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-11 00:56:40 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 05:04:36 249496 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-01 04:32:10 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-11-01 04:32:10 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-11-01 04:32:10 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-11-01 04:32:10 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-11-01 04:32:10 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 8:15:16.07 ===============


HERES THE MALWARE ANTIMALWARE LOG AFTER HAVING "REMOVED" PUP.CROSSFIRE.SA
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: ANTHONY-PC [administrator]

1/12/2013 7:55:53 AM
mbam-log-2013-01-12 (07-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242592
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files


Edited by traptack, 12 January 2013 - 11:42 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 14 January 2013 - 04:34 AM

Hi,

You do have some other toolbars which aren't recommended either though, so please uninstall the following programs via add & remove programs:

Ask Toolbar
Coupon Companion
uTorrentControl_v2 Toolbar

Make sure your Internet Explorer & Firefox is closed when you uninstall these.
Then reboot.

After reboot, open your firefox and look if any of above ones are listed in your firefox extensions and uninstall them from there as well.

Once you've done this, please download, install and run Adwcleaner: http://www.bleepingcomputer.com/download/adwcleaner/
Let it remove what it finds
This will remove any additional leftovers related with these toolbars.

Let me know if that solved your problem.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 14 January 2013 - 09:12 PM

Hi,

You do have some other toolbars which aren't recommended either though, so please uninstall the following programs via add & remove programs:

Ask Toolbar
Coupon Companion
uTorrentControl_v2 Toolbar

Make sure your Internet Explorer & Firefox is closed when you uninstall these.
Then reboot.

After reboot, open your firefox and look if any of above ones are listed in your firefox extensions and uninstall them from there as well.

Once you've done this, please download, install and run Adwcleaner: http://www.bleepingcomputer.com/download/adwcleaner/
Let it remove what it finds
This will remove any additional leftovers related with these toolbars.

Let me know if that solved your problem.



hey thanks!
there's the scan log with AW cleaner

and how will I know if it fixes the problem?


# AdwCleaner v2.105 - Logfile created 01/14/2013 at 18:06:33
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anthony - ANTHONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Anthony\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Anthony\AppData\Local\Conduit
Folder Found : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Anthony\AppData\LocalLow\Conduit
Folder Found : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\Anthony\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2658 octets] - [14/01/2013 18:06:33]

########## EOF - C:\AdwCleaner[R1].txt - [2718 octets] ##########



ADW CLEANER After the reboot/delete

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 18:38:21
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anthony - ANTHONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Anthony\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Anthony\AppData\Local\Conduit
Folder Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Anthony\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\Anthony\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2787 octets] - [14/01/2013 18:06:33]
AdwCleaner[R2].txt - [2847 octets] - [14/01/2013 18:10:48]
AdwCleaner[S1].txt - [2828 octets] - [14/01/2013 18:38:21]

########## EOF - C:\AdwCleaner[S1].txt - [2888 octets] ##########


also I ran TDSKiller yesterday here are the scans for that



13:40:55.0487 0904 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
13:40:57.0498 0904 ============================================================
13:40:57.0498 0904 Current date / time: 2013/01/13 13:40:57.0498
13:40:57.0498 0904 SystemInfo:
13:40:57.0498 0904
13:40:57.0498 0904 OS Version: 6.1.7601 ServicePack: 1.0
13:40:57.0498 0904 Product type: Workstation
13:40:57.0498 0904 ComputerName: ANTHONY-PC
13:40:57.0498 0904 UserName: Anthony
13:40:57.0498 0904 Windows directory: C:\Windows
13:40:57.0498 0904 System windows directory: C:\Windows
13:40:57.0498 0904 Running under WOW64
13:40:57.0498 0904 Processor architecture: Intel x64
13:40:57.0498 0904 Number of processors: 8
13:40:57.0498 0904 Page size: 0x1000
13:40:57.0498 0904 Boot type: Normal boot
13:40:57.0498 0904 ============================================================
13:40:57.0818 0904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:57.0828 0904 ============================================================
13:40:57.0828 0904 \Device\Harddisk0\DR0:
13:40:57.0828 0904 MBR partitions:
13:40:57.0828 0904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
13:40:57.0828 0904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000
13:40:57.0828 0904 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000
13:40:57.0828 0904 ============================================================
13:40:57.0848 0904 C: <-> \Device\Harddisk0\DR0\Partition2
13:40:57.0898 0904 D: <-> \Device\Harddisk0\DR0\Partition3
13:40:57.0898 0904 ============================================================
13:40:57.0898 0904 Initialize success
13:40:57.0898 0904 ============================================================
13:41:06.0538 5988 ============================================================
13:41:06.0548 5988 Scan started
13:41:06.0548 5988 Mode: Manual; SigCheck; TDLFS;
13:41:06.0548 5988 ============================================================
13:41:06.0758 5988 ================ Scan system memory ========================
13:41:06.0758 5988 System memory - ok
13:41:06.0758 5988 ================ Scan services =============================
13:41:06.0918 5988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:41:06.0958 5988 1394ohci - ok
13:41:06.0978 5988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:41:06.0988 5988 ACPI - ok
13:41:06.0998 5988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:41:07.0008 5988 AcpiPmi - ok
13:41:07.0038 5988 [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
13:41:07.0048 5988 ACPIVPC - ok
13:41:07.0108 5988 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:41:07.0118 5988 AdobeARMservice - ok
13:41:07.0258 5988 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:41:07.0268 5988 AdobeFlashPlayerUpdateSvc - ok
13:41:07.0298 5988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:41:07.0308 5988 adp94xx - ok
13:41:07.0318 5988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:41:07.0328 5988 adpahci - ok
13:41:07.0328 5988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:41:07.0338 5988 adpu320 - ok
13:41:07.0398 5988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:41:07.0428 5988 AeLookupSvc - ok
13:41:07.0468 5988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:41:07.0488 5988 AFD - ok
13:41:07.0498 5988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:41:07.0508 5988 agp440 - ok
13:41:07.0508 5988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:41:07.0518 5988 ALG - ok
13:41:07.0518 5988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:41:07.0528 5988 aliide - ok
13:41:07.0538 5988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:41:07.0548 5988 amdide - ok
13:41:07.0548 5988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:41:07.0558 5988 AmdK8 - ok
13:41:07.0558 5988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:41:07.0568 5988 AmdPPM - ok
13:41:07.0598 5988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:41:07.0608 5988 amdsata - ok
13:41:07.0608 5988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:41:07.0618 5988 amdsbs - ok
13:41:07.0648 5988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:41:07.0658 5988 amdxata - ok
13:41:07.0678 5988 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
13:41:07.0688 5988 AMPPAL - ok
13:41:07.0698 5988 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
13:41:07.0708 5988 AMPPALP - ok
13:41:07.0798 5988 [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:41:07.0818 5988 AMPPALR3 - ok
13:41:07.0918 5988 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
13:41:07.0928 5988 AnyDVD - ok
13:41:07.0958 5988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:41:07.0978 5988 AppID - ok
13:41:08.0008 5988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:41:08.0038 5988 AppIDSvc - ok
13:41:08.0058 5988 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:41:08.0088 5988 Appinfo - ok
13:41:08.0098 5988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:41:08.0108 5988 arc - ok
13:41:08.0108 5988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:41:08.0118 5988 arcsas - ok
13:41:08.0168 5988 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:41:08.0178 5988 aspnet_state - ok
13:41:08.0198 5988 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:41:08.0198 5988 aswFsBlk - ok
13:41:08.0218 5988 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:41:08.0228 5988 aswMonFlt - ok
13:41:08.0238 5988 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:41:08.0248 5988 aswRdr - ok
13:41:08.0268 5988 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:41:08.0288 5988 aswSnx - ok
13:41:08.0298 5988 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:41:08.0308 5988 aswSP - ok
13:41:08.0328 5988 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:41:08.0338 5988 aswTdi - ok
13:41:08.0348 5988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:41:08.0368 5988 AsyncMac - ok
13:41:08.0398 5988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:41:08.0398 5988 atapi - ok
13:41:08.0418 5988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:41:08.0438 5988 AudioEndpointBuilder - ok
13:41:08.0458 5988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:41:08.0488 5988 AudioSrv - ok
13:41:08.0518 5988 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:41:08.0528 5988 avast! Antivirus - ok
13:41:08.0538 5988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:41:08.0548 5988 AxInstSV - ok
13:41:08.0568 5988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:41:08.0578 5988 b06bdrv - ok
13:41:08.0588 5988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:41:08.0598 5988 b57nd60a - ok
13:41:08.0628 5988 [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
13:41:08.0638 5988 bcbtums - ok
13:41:08.0648 5988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:41:08.0658 5988 BDESVC - ok
13:41:08.0678 5988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:41:08.0698 5988 Beep - ok
13:41:08.0728 5988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:41:08.0758 5988 BFE - ok
13:41:08.0788 5988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:41:08.0818 5988 BITS - ok
13:41:08.0828 5988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:41:08.0838 5988 blbdrive - ok
13:41:08.0908 5988 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:41:08.0908 5988 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
13:41:08.0908 5988 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
13:41:08.0928 5988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:41:08.0938 5988 bowser - ok
13:41:08.0968 5988 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\Windows\system32\drivers\BPntDrv.sys
13:41:08.0968 5988 BPntDrv - ok
13:41:08.0978 5988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:41:08.0988 5988 BrFiltLo - ok
13:41:08.0988 5988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:41:08.0998 5988 BrFiltUp - ok
13:41:09.0018 5988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:41:09.0028 5988 Browser - ok
13:41:09.0038 5988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:41:09.0048 5988 Brserid - ok
13:41:09.0048 5988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:41:09.0058 5988 BrSerWdm - ok
13:41:09.0068 5988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:41:09.0078 5988 BrUsbMdm - ok
13:41:09.0078 5988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:41:09.0088 5988 BrUsbSer - ok
13:41:09.0098 5988 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:41:09.0108 5988 BthEnum - ok
13:41:09.0118 5988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:41:09.0128 5988 BTHMODEM - ok
13:41:09.0148 5988 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:41:09.0168 5988 BthPan - ok
13:41:09.0198 5988 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:41:09.0218 5988 BTHPORT - ok
13:41:09.0228 5988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:41:09.0258 5988 bthserv - ok
13:41:09.0288 5988 [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:41:09.0298 5988 BTHSSecurityMgr - ok
13:41:09.0318 5988 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:41:09.0328 5988 BTHUSB - ok
13:41:09.0358 5988 [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
13:41:09.0368 5988 btwampfl - ok
13:41:09.0398 5988 [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:41:09.0408 5988 btwaudio - ok
13:41:09.0418 5988 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
13:41:09.0428 5988 btwavdt - ok
13:41:09.0458 5988 [ CE6AD9E2874D19069569F03C819B558C ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
13:41:09.0478 5988 btwdins - ok
13:41:09.0498 5988 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:41:09.0508 5988 btwl2cap - ok
13:41:09.0518 5988 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:41:09.0528 5988 btwrchid - ok
13:41:09.0538 5988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:41:09.0568 5988 cdfs - ok
13:41:09.0618 5988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:41:09.0628 5988 cdrom - ok
13:41:09.0648 5988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:41:09.0668 5988 CertPropSvc - ok
13:41:09.0728 5988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:41:09.0738 5988 circlass - ok
13:41:09.0758 5988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:41:09.0768 5988 CLFS - ok
13:41:09.0848 5988 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_3A60B698 C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe
13:41:09.0848 5988 CLKMSVC10_3A60B698 - ok
13:41:09.0888 5988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:09.0898 5988 clr_optimization_v2.0.50727_32 - ok
13:41:09.0928 5988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:41:09.0938 5988 clr_optimization_v2.0.50727_64 - ok
13:41:09.0998 5988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:41:10.0008 5988 clr_optimization_v4.0.30319_32 - ok
13:41:10.0028 5988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:41:10.0028 5988 clr_optimization_v4.0.30319_64 - ok
13:41:10.0068 5988 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
13:41:10.0068 5988 clwvd - ok
13:41:10.0118 5988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:41:10.0128 5988 CmBatt - ok
13:41:10.0128 5988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:41:10.0138 5988 cmdide - ok
13:41:10.0178 5988 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:41:10.0188 5988 CNG - ok
13:41:10.0248 5988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:41:10.0248 5988 Compbatt - ok
13:41:10.0278 5988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:41:10.0288 5988 CompositeBus - ok
13:41:10.0288 5988 COMSysApp - ok
13:41:10.0428 5988 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:41:10.0438 5988 cphs - ok
13:41:10.0458 5988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:41:10.0458 5988 crcdisk - ok
13:41:10.0508 5988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:41:10.0518 5988 CryptSvc - ok
13:41:10.0588 5988 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:41:10.0588 5988 DAUpdaterSvc - ok
13:41:10.0608 5988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:41:10.0638 5988 DcomLaunch - ok
13:41:10.0658 5988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:41:10.0688 5988 defragsvc - ok
13:41:10.0688 5988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:41:10.0718 5988 DfsC - ok
13:41:10.0738 5988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:41:10.0748 5988 Dhcp - ok
13:41:10.0748 5988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:41:10.0778 5988 discache - ok
13:41:10.0798 5988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:41:10.0808 5988 Disk - ok
13:41:10.0818 5988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:41:10.0828 5988 Dnscache - ok
13:41:10.0838 5988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:41:10.0868 5988 dot3svc - ok
13:41:10.0878 5988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:41:10.0898 5988 DPS - ok
13:41:10.0928 5988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:41:10.0938 5988 drmkaud - ok
13:41:10.0978 5988 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:41:10.0988 5988 dtsoftbus01 - ok
13:41:11.0008 5988 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:41:11.0028 5988 DXGKrnl - ok
13:41:11.0048 5988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:41:11.0068 5988 EapHost - ok
13:41:11.0118 5988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:41:11.0148 5988 ebdrv - ok
13:41:11.0168 5988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:41:11.0178 5988 EFS - ok
13:41:11.0228 5988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:41:11.0238 5988 ehRecvr - ok
13:41:11.0248 5988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:41:11.0258 5988 ehSched - ok
13:41:11.0318 5988 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:41:11.0328 5988 ElbyCDIO - ok
13:41:11.0358 5988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:41:11.0378 5988 elxstor - ok
13:41:11.0388 5988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:41:11.0398 5988 ErrDev - ok
13:41:11.0408 5988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:41:11.0438 5988 EventSystem - ok
13:41:11.0518 5988 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:41:11.0528 5988 EvtEng - ok
13:41:11.0538 5988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:41:11.0568 5988 exfat - ok
13:41:11.0578 5988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:41:11.0598 5988 fastfat - ok
13:41:11.0638 5988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:41:11.0648 5988 Fax - ok
13:41:11.0658 5988 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\Windows\system32\drivers\fbfmon.sys
13:41:11.0668 5988 fbfmon - ok
13:41:11.0678 5988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:41:11.0688 5988 fdc - ok
13:41:11.0698 5988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:41:11.0728 5988 fdPHost - ok
13:41:11.0748 5988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:41:11.0768 5988 FDResPub - ok
13:41:11.0778 5988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:41:11.0788 5988 FileInfo - ok
13:41:11.0798 5988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:41:11.0818 5988 Filetrace - ok
13:41:11.0878 5988 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:41:11.0888 5988 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:41:11.0888 5988 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:41:11.0888 5988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:41:11.0898 5988 flpydisk - ok
13:41:11.0918 5988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:41:11.0928 5988 FltMgr - ok
13:41:11.0948 5988 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:41:11.0968 5988 FontCache - ok
13:41:12.0038 5988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:41:12.0038 5988 FontCache3.0.0.0 - ok
13:41:12.0058 5988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:41:12.0058 5988 FsDepends - ok
13:41:12.0098 5988 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:41:12.0108 5988 fssfltr - ok
13:41:12.0168 5988 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:41:12.0188 5988 fsssvc - ok
13:41:12.0228 5988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:41:12.0228 5988 Fs_Rec - ok
13:41:12.0248 5988 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:41:12.0258 5988 fvevol - ok
13:41:12.0278 5988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:41:12.0288 5988 gagp30kx - ok
13:41:12.0318 5988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:41:12.0348 5988 gpsvc - ok
13:41:12.0418 5988 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:41:12.0428 5988 gupdate - ok
13:41:12.0428 5988 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:41:12.0438 5988 gupdatem - ok
13:41:12.0508 5988 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:41:12.0518 5988 gusvc - ok
13:41:12.0558 5988 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:41:12.0568 5988 hamachi - ok
13:41:12.0628 5988 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
13:41:12.0628 5988 hcmon - ok
13:41:12.0648 5988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:41:12.0658 5988 hcw85cir - ok
13:41:12.0668 5988 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:41:12.0688 5988 HdAudAddService - ok
13:41:12.0708 5988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:41:12.0718 5988 HDAudBus - ok
13:41:12.0718 5988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:41:12.0728 5988 HidBatt - ok
13:41:12.0758 5988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:41:12.0768 5988 HidBth - ok
13:41:12.0788 5988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:41:12.0798 5988 HidIr - ok
13:41:12.0898 5988 [ 957BD482212B77624E63A54EDDB414F8 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
13:41:12.0908 5988 hidkmdf - ok
13:41:12.0918 5988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:41:12.0948 5988 hidserv - ok
13:41:12.0958 5988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:41:12.0968 5988 HidUsb - ok
13:41:12.0968 5988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:41:12.0998 5988 hkmsvc - ok
13:41:13.0008 5988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:41:13.0018 5988 HomeGroupListener - ok
13:41:13.0038 5988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:41:13.0048 5988 HomeGroupProvider - ok
13:41:13.0058 5988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:41:13.0068 5988 HpSAMD - ok
13:41:13.0088 5988 [ 436819F9B8B0032791400BD5B4934FAB ] hswpan C:\Windows\system32\DRIVERS\hswpan.sys
13:41:13.0098 5988 hswpan - ok
13:41:13.0118 5988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:41:13.0138 5988 HTTP - ok
13:41:13.0158 5988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:41:13.0158 5988 hwpolicy - ok
13:41:13.0178 5988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:41:13.0188 5988 i8042prt - ok
13:41:13.0218 5988 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:41:13.0228 5988 iaStor - ok
13:41:13.0278 5988 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:41:13.0288 5988 IAStorDataMgrSvc - ok
13:41:13.0298 5988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:41:13.0308 5988 iaStorV - ok
13:41:13.0368 5988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:41:13.0388 5988 idsvc - ok
13:41:13.0498 5988 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:41:13.0548 5988 igfx - ok
13:41:13.0558 5988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:41:13.0558 5988 iirsp - ok
13:41:13.0588 5988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:41:13.0618 5988 IKEEXT - ok
13:41:13.0638 5988 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
13:41:13.0648 5988 intaud_WaveExtensible - ok
13:41:13.0738 5988 [ D830262519DDCDFC8BE34EB7047C22DC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:41:13.0788 5988 IntcAzAudAddService - ok
13:41:13.0818 5988 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:41:13.0828 5988 IntcDAud - ok
13:41:13.0858 5988 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:41:13.0868 5988 Intel® Capability Licensing Service Interface - ok
13:41:13.0888 5988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:41:13.0888 5988 intelide - ok
13:41:13.0908 5988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:41:13.0918 5988 intelppm - ok
13:41:13.0928 5988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:41:13.0958 5988 IPBusEnum - ok
13:41:13.0958 5988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:41:13.0978 5988 IpFilterDriver - ok
13:41:14.0018 5988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:41:14.0038 5988 iphlpsvc - ok
13:41:14.0038 5988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:41:14.0048 5988 IPMIDRV - ok
13:41:14.0048 5988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:41:14.0078 5988 IPNAT - ok
13:41:14.0088 5988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:41:14.0098 5988 IRENUM - ok
13:41:14.0108 5988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:41:14.0118 5988 isapnp - ok
13:41:14.0128 5988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:41:14.0138 5988 iScsiPrt - ok
13:41:14.0148 5988 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:41:14.0158 5988 iusb3hcs - ok
13:41:14.0168 5988 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
13:41:14.0178 5988 iusb3hub - ok
13:41:14.0198 5988 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:41:14.0208 5988 iusb3xhc - ok
13:41:14.0238 5988 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
13:41:14.0248 5988 iwdbus - ok
13:41:14.0288 5988 [ 09CA717536671E0896E07D239EE6740F ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:41:14.0298 5988 jhi_service - ok
13:41:14.0308 5988 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
13:41:14.0318 5988 JMCR - ok
13:41:14.0328 5988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:41:14.0328 5988 kbdclass - ok
13:41:14.0338 5988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:41:14.0348 5988 kbdhid - ok
13:41:14.0358 5988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:41:14.0368 5988 KeyIso - ok
13:41:14.0388 5988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:41:14.0398 5988 KSecDD - ok
13:41:14.0408 5988 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:41:14.0418 5988 KSecPkg - ok
13:41:14.0418 5988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:41:14.0448 5988 ksthunk - ok
13:41:14.0478 5988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:41:14.0508 5988 KtmRm - ok
13:41:14.0528 5988 [ FC741259B7C22379EE83257D7CF91151 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
13:41:14.0538 5988 L1C - ok
13:41:14.0558 5988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:41:14.0588 5988 LanmanServer - ok
13:41:14.0608 5988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:41:14.0628 5988 LanmanWorkstation - ok
13:41:14.0758 5988 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:41:14.0768 5988 LBTServ - ok
13:41:14.0788 5988 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:41:14.0798 5988 LEqdUsb - ok
13:41:14.0828 5988 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\Windows\system32\DRIVERS\LhdX64.sys
13:41:14.0838 5988 LHDmgr - ok
13:41:14.0888 5988 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:41:14.0898 5988 LHidEqd - ok
13:41:14.0938 5988 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:41:14.0948 5988 LHidFilt - ok
13:41:14.0958 5988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:41:14.0988 5988 lltdio - ok
13:41:15.0008 5988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:41:15.0038 5988 lltdsvc - ok
13:41:15.0048 5988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:41:15.0068 5988 lmhosts - ok
13:41:15.0078 5988 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:41:15.0088 5988 LMouFilt - ok
13:41:15.0108 5988 [ A60D56228FF3EE7EC1A56A908924680E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:41:15.0118 5988 LMS - ok
13:41:15.0148 5988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:41:15.0158 5988 LSI_FC - ok
13:41:15.0158 5988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:41:15.0168 5988 LSI_SAS - ok
13:41:15.0168 5988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:41:15.0178 5988 LSI_SAS2 - ok
13:41:15.0178 5988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:41:15.0188 5988 LSI_SCSI - ok
13:41:15.0198 5988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:41:15.0228 5988 luafv - ok
13:41:15.0278 5988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:41:15.0288 5988 Mcx2Svc - ok
13:41:15.0288 5988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:41:15.0298 5988 megasas - ok
13:41:15.0328 5988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:41:15.0338 5988 MegaSR - ok
13:41:15.0348 5988 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:41:15.0358 5988 MEIx64 - ok
13:41:15.0558 5988 Microsoft SharePoint Workspace Audit Service - ok
13:41:15.0578 5988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:41:15.0608 5988 MMCSS - ok
13:41:15.0608 5988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:41:15.0628 5988 Modem - ok
13:41:15.0648 5988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:41:15.0658 5988 monitor - ok
13:41:15.0668 5988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:41:15.0678 5988 mouclass - ok
13:41:15.0688 5988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:41:15.0698 5988 mouhid - ok
13:41:15.0718 5988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:41:15.0728 5988 mountmgr - ok
13:41:15.0788 5988 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:41:15.0798 5988 MozillaMaintenance - ok
13:41:15.0798 5988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:41:15.0808 5988 mpio - ok
13:41:15.0828 5988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:41:15.0848 5988 mpsdrv - ok
13:41:15.0868 5988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:41:15.0898 5988 MpsSvc - ok
13:41:15.0898 5988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:41:15.0908 5988 MRxDAV - ok
13:41:15.0928 5988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:15.0938 5988 mrxsmb - ok
13:41:15.0948 5988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:15.0958 5988 mrxsmb10 - ok
13:41:15.0968 5988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:15.0978 5988 mrxsmb20 - ok
13:41:15.0988 5988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:41:15.0988 5988 msahci - ok
13:41:16.0008 5988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:41:16.0008 5988 msdsm - ok
13:41:16.0018 5988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:41:16.0038 5988 MSDTC - ok
13:41:16.0038 5988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:41:16.0068 5988 Msfs - ok
13:41:16.0128 5988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:41:16.0158 5988 mshidkmdf - ok
13:41:16.0178 5988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:41:16.0188 5988 msisadrv - ok
13:41:16.0208 5988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:41:16.0238 5988 MSiSCSI - ok
13:41:16.0238 5988 msiserver - ok
13:41:16.0238 5988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:41:16.0258 5988 MSKSSRV - ok
13:41:16.0268 5988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:41:16.0298 5988 MSPCLOCK - ok
13:41:16.0298 5988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:41:16.0318 5988 MSPQM - ok
13:41:16.0368 5988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:41:16.0378 5988 MsRPC - ok
13:41:16.0388 5988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:41:16.0388 5988 mssmbios - ok
13:41:16.0398 5988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:41:16.0428 5988 MSTEE - ok
13:41:16.0428 5988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:41:16.0438 5988 MTConfig - ok
13:41:16.0448 5988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:41:16.0458 5988 Mup - ok
13:41:16.0488 5988 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:41:16.0498 5988 MyWiFiDHCPDNS - ok
13:41:16.0508 5988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:41:16.0538 5988 napagent - ok
13:41:16.0548 5988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:41:16.0568 5988 NativeWifiP - ok
13:41:16.0648 5988 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
13:41:16.0658 5988 NAUpdate - ok
13:41:16.0688 5988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:41:16.0708 5988 NDIS - ok
13:41:16.0718 5988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:41:16.0738 5988 NdisCap - ok
13:41:16.0758 5988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:16.0778 5988 NdisTapi - ok
13:41:16.0788 5988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:41:16.0818 5988 Ndisuio - ok
13:41:16.0828 5988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:16.0848 5988 NdisWan - ok
13:41:16.0858 5988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:41:16.0878 5988 NDProxy - ok
13:41:16.0878 5988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:41:16.0908 5988 NetBIOS - ok
13:41:16.0918 5988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:41:16.0938 5988 NetBT - ok
13:41:16.0958 5988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:41:16.0968 5988 Netlogon - ok
13:41:16.0988 5988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:41:17.0018 5988 Netman - ok
13:41:17.0068 5988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:41:17.0078 5988 NetMsmqActivator - ok
13:41:17.0088 5988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:41:17.0098 5988 NetPipeActivator - ok
13:41:17.0108 5988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:41:17.0138 5988 netprofm - ok
13:41:17.0148 5988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:41:17.0148 5988 NetTcpActivator - ok
13:41:17.0158 5988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:41:17.0168 5988 NetTcpPortSharing - ok
13:41:17.0308 5988 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
13:41:17.0398 5988 NETwNs64 - ok
13:41:17.0408 5988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:41:17.0418 5988 nfrd960 - ok
13:41:17.0478 5988 [ D8EC8F32FCA97215C68F7BDC872207C5 ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
13:41:17.0488 5988 NitroDriverReadSpool2 - ok
13:41:17.0508 5988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:41:17.0518 5988 NlaSvc - ok
13:41:17.0618 5988 [ 35DE38E9AD9A05A4B9D48AD19BB5A746 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
13:41:17.0628 5988 nlsX86cc - ok
13:41:17.0628 5988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:41:17.0648 5988 Npfs - ok
13:41:17.0678 5988 [ 686398C3A52EE6588948EAC0C01B126C ] NSD C:\Windows\system32\drivers\nsd.sys
13:41:17.0678 5988 NSD - ok
13:41:17.0698 5988 [ 2152DC8E58391562C9F07998C6FCCF8C ] Nsdfltr C:\Windows\system32\drivers\Nsdfltr.sys
13:41:17.0708 5988 Nsdfltr - ok
13:41:17.0728 5988 [ 486EC2BDC09FBAC5814032D38215010A ] NSDSvc C:\Windows\System32\NSDSvc.exe
13:41:17.0738 5988 NSDSvc - ok
13:41:17.0758 5988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:41:17.0778 5988 nsi - ok
13:41:17.0808 5988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:41:17.0828 5988 nsiproxy - ok
13:41:17.0888 5988 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:41:17.0908 5988 Ntfs - ok
13:41:17.0918 5988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:41:17.0948 5988 Null - ok
13:41:18.0138 5988 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:41:18.0248 5988 nvlddmkm - ok
13:41:18.0258 5988 [ 6D785C898F9D70905A90655F4D0D0AFB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
13:41:18.0268 5988 nvpciflt - ok
13:41:18.0298 5988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:41:18.0298 5988 nvraid - ok
13:41:18.0308 5988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:41:18.0318 5988 nvstor - ok
13:41:18.0348 5988 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:41:18.0368 5988 nvsvc - ok
13:41:18.0408 5988 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:41:18.0428 5988 nvUpdatusService - ok
13:41:18.0428 5988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:41:18.0438 5988 nv_agp - ok
13:41:18.0458 5988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:41:18.0468 5988 ohci1394 - ok
13:41:18.0528 5988 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:41:18.0528 5988 ose - ok
13:41:18.0638 5988 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:41:18.0698 5988 osppsvc - ok
13:41:18.0718 5988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:41:18.0728 5988 p2pimsvc - ok
13:41:18.0748 5988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:41:18.0758 5988 p2psvc - ok
13:41:18.0768 5988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:41:18.0778 5988 Parport - ok
13:41:18.0798 5988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:41:18.0808 5988 partmgr - ok
13:41:18.0808 5988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:41:18.0828 5988 PcaSvc - ok
13:41:18.0848 5988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:41:18.0858 5988 pci - ok
13:41:18.0868 5988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:41:18.0878 5988 pciide - ok
13:41:18.0878 5988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:41:18.0888 5988 pcmcia - ok
13:41:18.0898 5988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:41:18.0908 5988 pcw - ok
13:41:18.0918 5988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:41:18.0948 5988 PEAUTH - ok
13:41:18.0958 5988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:41:18.0978 5988 PerfHost - ok
13:41:19.0008 5988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:41:19.0038 5988 pla - ok
13:41:19.0068 5988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:41:19.0078 5988 PlugPlay - ok
13:41:19.0118 5988 PnkBstrA - ok
13:41:19.0118 5988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:41:19.0138 5988 PNRPAutoReg - ok
13:41:19.0148 5988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:41:19.0158 5988 PNRPsvc - ok
13:41:19.0188 5988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:41:19.0208 5988 PolicyAgent - ok
13:41:19.0228 5988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:41:19.0248 5988 Power - ok
13:41:19.0278 5988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:41:19.0298 5988 PptpMiniport - ok
13:41:19.0308 5988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:41:19.0318 5988 Processor - ok
13:41:19.0338 5988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:41:19.0348 5988 ProfSvc - ok
13:41:19.0358 5988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:41:19.0368 5988 ProtectedStorage - ok
13:41:19.0378 5988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:41:19.0398 5988 Psched - ok
13:41:19.0438 5988 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:41:19.0438 5988 PxHlpa64 - ok
13:41:19.0478 5988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:41:19.0498 5988 ql2300 - ok
13:41:19.0498 5988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:41:19.0508 5988 ql40xx - ok
13:41:19.0538 5988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:41:19.0558 5988 QWAVE - ok
13:41:19.0568 5988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:41:19.0578 5988 QWAVEdrv - ok
13:41:19.0578 5988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:41:19.0608 5988 RasAcd - ok
13:41:19.0628 5988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:41:19.0648 5988 RasAgileVpn - ok
13:41:19.0658 5988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:41:19.0688 5988 RasAuto - ok
13:41:19.0698 5988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:41:19.0718 5988 Rasl2tp - ok
13:41:19.0738 5988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:41:19.0768 5988 RasMan - ok
13:41:19.0778 5988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:19.0808 5988 RasPppoe - ok
13:41:19.0818 5988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:41:19.0838 5988 RasSstp - ok
13:41:19.0858 5988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:41:19.0888 5988 rdbss - ok
13:41:19.0898 5988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:41:19.0908 5988 rdpbus - ok
13:41:19.0938 5988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:41:19.0958 5988 RDPCDD - ok
13:41:19.0968 5988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:41:19.0998 5988 RDPENCDD - ok
13:41:20.0008 5988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:41:20.0028 5988 RDPREFMP - ok
13:41:20.0048 5988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:41:20.0058 5988 RDPWD - ok
13:41:20.0068 5988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:41:20.0078 5988 rdyboost - ok
13:41:20.0128 5988 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:41:20.0138 5988 RegSrvc - ok
13:41:20.0148 5988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:41:20.0178 5988 RemoteAccess - ok
13:41:20.0188 5988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:41:20.0208 5988 RemoteRegistry - ok
13:41:20.0228 5988 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:41:20.0238 5988 RFCOMM - ok
13:41:20.0258 5988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:41:20.0278 5988 RpcEptMapper - ok
13:41:20.0288 5988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:41:20.0298 5988 RpcLocator - ok
13:41:20.0318 5988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:41:20.0348 5988 RpcSs - ok
13:41:20.0358 5988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:41:20.0378 5988 rspndr - ok
13:41:20.0498 5988 [ C736749AC756503C0F94D94F5BC39B0E ] rtsuvc C:\Windows\system32\DRIVERS\rtsuvc.sys
13:41:20.0578 5988 rtsuvc - ok
13:41:20.0598 5988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:41:20.0608 5988 SamSs - ok
13:41:20.0608 5988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:41:20.0618 5988 sbp2port - ok
13:41:20.0618 5988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:41:20.0648 5988 SCardSvr - ok
13:41:20.0658 5988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:41:20.0678 5988 scfilter - ok
13:41:20.0708 5988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:41:20.0738 5988 Schedule - ok
13:41:20.0758 5988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:41:20.0788 5988 SCPolicySvc - ok
13:41:20.0808 5988 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:41:20.0818 5988 sdbus - ok
13:41:20.0838 5988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:41:20.0848 5988 SDRSVC - ok
13:41:20.0878 5988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:41:20.0898 5988 secdrv - ok
13:41:20.0908 5988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:41:20.0938 5988 seclogon - ok
13:41:20.0958 5988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:41:20.0978 5988 SENS - ok
13:41:21.0008 5988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:41:21.0018 5988 SensrSvc - ok
13:41:21.0038 5988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:41:21.0048 5988 Serenum - ok
13:41:21.0058 5988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:41:21.0058 5988 Serial - ok
13:41:21.0078 5988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:41:21.0088 5988 sermouse - ok
13:41:21.0098 5988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:41:21.0128 5988 SessionEnv - ok
13:41:21.0128 5988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:41:21.0138 5988 sffdisk - ok
13:41:21.0138 5988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:41:21.0148 5988 sffp_mmc - ok
13:41:21.0158 5988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:41:21.0168 5988 sffp_sd - ok
13:41:21.0168 5988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:41:21.0178 5988 sfloppy - ok
13:41:21.0198 5988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:41:21.0228 5988 SharedAccess - ok
13:41:21.0248 5988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:41:21.0268 5988 ShellHWDetection - ok
13:41:21.0278 5988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:41:21.0278 5988 SiSRaid2 - ok
13:41:21.0288 5988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:41:21.0298 5988 SiSRaid4 - ok
13:41:21.0338 5988 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:41:21.0348 5988 SkypeUpdate - ok
13:41:21.0358 5988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:41:21.0388 5988 Smb - ok
13:41:21.0398 5988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:41:21.0408 5988 SNMPTRAP - ok
13:41:21.0418 5988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:41:21.0428 5988 spldr - ok
13:41:21.0468 5988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:41:21.0478 5988 Spooler - ok
13:41:21.0528 5988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:41:21.0578 5988 sppsvc - ok
13:41:21.0588 5988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:41:21.0618 5988 sppuinotify - ok
13:41:21.0628 5988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:41:21.0648 5988 srv - ok
13:41:21.0648 5988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:41:21.0658 5988 srv2 - ok
13:41:21.0668 5988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:41:21.0678 5988 srvnet - ok
13:41:21.0698 5988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:41:21.0718 5988 SSDPSRV - ok
13:41:21.0728 5988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:41:21.0748 5988 SstpSvc - ok
13:41:21.0768 5988 Steam Client Service - ok
13:41:21.0768 5988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:41:21.0778 5988 stexstor - ok
13:41:21.0818 5988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:41:21.0838 5988 stisvc - ok
13:41:21.0848 5988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:41:21.0848 5988 swenum - ok
13:41:21.0958 5988 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:41:21.0968 5988 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:41:21.0968 5988 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:41:21.0998 5988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:41:22.0028 5988 swprv - ok
13:41:22.0198 5988 [ E6A9BD45EF10EFA2EB2D380A32FBA7B6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:41:22.0208 5988 SynTP - ok
13:41:22.0278 5988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:41:22.0308 5988 SysMain - ok
13:41:22.0328 5988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:41:22.0348 5988 TabletInputService - ok
13:41:22.0478 5988 [ 25999F2134BE3EA656D1F8D50FA089E6 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
13:41:22.0538 5988 TabletServicePen - ok
13:41:22.0548 5988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:41:22.0578 5988 TapiSrv - ok
13:41:22.0588 5988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:41:22.0618 5988 TBS - ok
13:41:22.0678 5988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:41:22.0698 5988 Tcpip - ok
13:41:22.0738 5988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:41:22.0768 5988 TCPIP6 - ok
13:41:22.0808 5988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:41:22.0818 5988 tcpipreg - ok
13:41:22.0848 5988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:41:22.0858 5988 TDPIPE - ok
13:41:22.0908 5988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:41:22.0918 5988 TDTCP - ok
13:41:22.0938 5988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:41:22.0968 5988 tdx - ok
13:41:22.0998 5988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:41:23.0008 5988 TermDD - ok
13:41:23.0018 5988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:41:23.0048 5988 TermService - ok
13:41:23.0088 5988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:41:23.0098 5988 Themes - ok
13:41:23.0118 5988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:41:23.0148 5988 THREADORDER - ok
13:41:23.0158 5988 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
13:41:23.0168 5988 TPM - ok
13:41:23.0178 5988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:41:23.0208 5988 TrkWks - ok
13:41:23.0248 5988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:41:23.0268 5988 TrustedInstaller - ok
13:41:23.0278 5988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:23.0308 5988 tssecsrv - ok
13:41:23.0308 5988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:41:23.0318 5988 TsUsbFlt - ok
13:41:23.0328 5988 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:41:23.0338 5988 TsUsbGD - ok
13:41:23.0358 5988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:41:23.0378 5988 tunnel - ok
13:41:23.0388 5988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:41:23.0398 5988 uagp35 - ok
13:41:23.0408 5988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:41:23.0438 5988 udfs - ok
13:41:23.0468 5988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:41:23.0478 5988 UI0Detect - ok
13:41:23.0488 5988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:41:23.0488 5988 uliagpkx - ok
13:41:23.0498 5988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:41:23.0508 5988 umbus - ok
13:41:23.0518 5988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:41:23.0528 5988 UmPass - ok
13:41:23.0588 5988 [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:41:23.0608 5988 UNS - ok
13:41:23.0618 5988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:41:23.0648 5988 upnphost - ok
13:41:23.0688 5988 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:41:23.0698 5988 usbaudio - ok
13:41:23.0718 5988 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:23.0728 5988 usbccgp - ok
13:41:23.0728 5988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:41:23.0738 5988 usbcir - ok
13:41:23.0748 5988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:41:23.0748 5988 usbehci - ok
13:41:23.0768 5988 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:41:23.0778 5988 usbhub - ok
13:41:23.0798 5988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:41:23.0808 5988 usbohci - ok
13:41:23.0828 5988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:41:23.0848 5988 usbprint - ok
13:41:23.0858 5988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:23.0868 5988 USBSTOR - ok
13:41:23.0868 5988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:41:23.0878 5988 usbuhci - ok
13:41:23.0898 5988 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:41:23.0908 5988 usbvideo - ok
13:41:23.0918 5988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:41:23.0938 5988 UxSms - ok
13:41:23.0948 5988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:41:23.0958 5988 VaultSvc - ok
13:41:23.0968 5988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:41:23.0978 5988 vdrvroot - ok
13:41:23.0998 5988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:41:24.0028 5988 vds - ok
13:41:24.0028 5988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:24.0038 5988 vga - ok
13:41:24.0048 5988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:41:24.0068 5988 VgaSave - ok
13:41:24.0078 5988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:41:24.0088 5988 vhdmp - ok
13:41:24.0098 5988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:41:24.0108 5988 viaide - ok
13:41:24.0228 5988 [ 2466C720A6A0059FB71B7E7F3BF01A73 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
13:41:24.0238 5988 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
13:41:24.0238 5988 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
13:41:24.0288 5988 [ A133C6DE3D7ACCEE000F9FD4C1A716B2 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
13:41:24.0298 5988 vmci - ok
13:41:24.0328 5988 [ A3B6A4496170232E736CDFA4895B1548 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
13:41:24.0338 5988 vmkbd - ok
13:41:24.0348 5988 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:41:24.0358 5988 VMnetAdapter - ok
13:41:24.0368 5988 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:41:24.0378 5988 VMnetBridge - ok
13:41:24.0378 5988 VMnetDHCP - ok
13:41:24.0398 5988 [ DD9C99713756227ADC42C84AB563EEA1 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
13:41:24.0408 5988 VMnetuserif - ok
13:41:24.0458 5988 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
13:41:24.0478 5988 VMUSBArbService - ok
13:41:24.0498 5988 VMware NAT Service - ok
13:41:24.0538 5988 [ 9D4CB91E92C292DDBA4F234E398D95EE ] vmx86 C:\Windows\system32\drivers\vmx86.sys
13:41:24.0548 5988 vmx86 - ok
13:41:24.0568 5988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:41:24.0578 5988 volmgr - ok
13:41:24.0598 5988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:41:24.0608 5988 volmgrx - ok
13:41:24.0618 5988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:41:24.0628 5988 volsnap - ok
13:41:24.0648 5988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:41:24.0658 5988 vsmraid - ok
13:41:24.0688 5988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:41:24.0728 5988 VSS - ok
13:41:24.0738 5988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:41:24.0748 5988 vwifibus - ok
13:41:24.0778 5988 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:41:24.0788 5988 vwififlt - ok
13:41:24.0798 5988 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:41:24.0808 5988 vwifimp - ok
13:41:24.0838 5988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:41:24.0868 5988 W32Time - ok
13:41:24.0928 5988 [ 2F4B66BAB9F4C9D0FF4FCAA6D8888991 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
13:41:24.0938 5988 WacHidRouter - ok
13:41:24.0988 5988 [ 4F1FBD963F8520B7CE80FFA73EF7DE1D ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
13:41:24.0988 5988 wacmoumonitor - ok
13:41:25.0008 5988 wacommousefilter - ok
13:41:25.0008 5988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:41:25.0018 5988 WacomPen - ok
13:41:25.0038 5988 [ 366669F53F8CAF96AF9264EF9BC95084 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
13:41:25.0038 5988 wacomrouterfilter - ok
13:41:25.0058 5988 wacomvhid - ok
13:41:25.0098 5988 [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
13:41:25.0108 5988 WacomVKHid - ok
13:41:25.0128 5988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:41:25.0148 5988 WANARP - ok
13:41:25.0148 5988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:41:25.0178 5988 Wanarpv6 - ok
13:41:25.0268 5988 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:41:25.0288 5988 WatAdminSvc - ok
13:41:25.0338 5988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:41:25.0358 5988 wbengine - ok
13:41:25.0368 5988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:41:25.0378 5988 WbioSrvc - ok
13:41:25.0398 5988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:41:25.0408 5988 wcncsvc - ok
13:41:25.0428 5988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:41:25.0438 5988 WcsPlugInService - ok
13:41:25.0438 5988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:41:25.0448 5988 Wd - ok
13:41:25.0478 5988 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:41:25.0498 5988 Wdf01000 - ok
13:41:25.0508 5988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:41:25.0518 5988 WdiServiceHost - ok
13:41:25.0518 5988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:41:25.0538 5988 WdiSystemHost - ok
13:41:25.0548 5988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:41:25.0568 5988 WebClient - ok
13:41:25.0578 5988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:41:25.0598 5988 Wecsvc - ok
13:41:25.0608 5988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:41:25.0628 5988 wercplsupport - ok
13:41:25.0648 5988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:41:25.0678 5988 WerSvc - ok
13:41:25.0688 5988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:25.0708 5988 WfpLwf - ok
13:41:25.0708 5988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:41:25.0718 5988 WIMMount - ok
13:41:25.0728 5988 WinDefend - ok
13:41:25.0738 5988 WinHttpAutoProxySvc - ok
13:41:25.0768 5988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:41:25.0798 5988 Winmgmt - ok
13:41:25.0828 5988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:41:25.0868 5988 WinRM - ok
13:41:25.0898 5988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:41:25.0908 5988 Wlansvc - ok
13:41:25.0958 5988 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:41:25.0958 5988 wlcrasvc - ok
13:41:26.0028 5988 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:41:26.0058 5988 wlidsvc - ok
13:41:26.0078 5988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:41:26.0078 5988 WmiAcpi - ok
13:41:26.0098 5988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:41:26.0108 5988 wmiApSrv - ok
13:41:26.0108 5988 WMPNetworkSvc - ok
13:41:26.0128 5988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:41:26.0138 5988 WPCSvc - ok
13:41:26.0148 5988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:41:26.0158 5988 WPDBusEnum - ok
13:41:26.0178 5988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:41:26.0198 5988 ws2ifsl - ok
13:41:26.0218 5988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:41:26.0228 5988 wscsvc - ok
13:41:26.0238 5988 WSearch - ok
13:41:26.0268 5988 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
13:41:26.0278 5988 wsvd - ok
13:41:26.0348 5988 [ 7048FE94457B524E000834B1120F77CE ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
13:41:26.0368 5988 WTabletServiceCon - ok
13:41:26.0408 5988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:41:26.0438 5988 wuauserv - ok
13:41:26.0478 5988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:41:26.0488 5988 WudfPf - ok
13:41:26.0498 5988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:26.0508 5988 WUDFRd - ok
13:41:26.0548 5988 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:41:26.0558 5988 wudfsvc - ok
13:41:26.0568 5988 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:41:26.0588 5988 WwanSvc - ok
13:41:26.0648 5988 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:41:26.0668 5988 ZeroConfigService - ok
13:41:26.0688 5988 ================ Scan global ===============================
13:41:26.0708 5988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:41:26.0738 5988 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:41:26.0738 5988 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:41:26.0768 5988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:41:26.0788 5988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:41:26.0788 5988 [Global] - ok
13:41:26.0788 5988 ================ Scan MBR ==================================
13:41:26.0808 5988 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:41:27.0208 5988 \Device\Harddisk0\DR0 - ok
13:41:27.0208 5988 ================ Scan VBR ==================================
13:41:27.0208 5988 [ 9831CA23EA975EB497C1BCC45AF02240 ] \Device\Harddisk0\DR0\Partition1
13:41:27.0208 5988 \Device\Harddisk0\DR0\Partition1 - ok
13:41:27.0238 5988 [ B618B5A74A14173CD309A26C1B3C7AFA ] \Device\Harddisk0\DR0\Partition2
13:41:27.0238 5988 \Device\Harddisk0\DR0\Partition2 - ok
13:41:27.0268 5988 [ 6D6F43406F860AD67DC471F72A729723 ] \Device\Harddisk0\DR0\Partition3
13:41:27.0268 5988 \Device\Harddisk0\DR0\Partition3 - ok
13:41:27.0268 5988 ============================================================
13:41:27.0268 5988 Scan finished
13:41:27.0268 5988 ============================================================
13:41:27.0278 7476 Detected object count: 4
13:41:27.0278 7476 Actual detected object count: 4
13:41:56.0188 7476 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - copied to quarantine
13:41:56.0198 7476 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:56.0248 7476 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine
13:41:56.0258 7476 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:56.0278 7476 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
13:41:56.0288 7476 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:56.0308 7476 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe - copied to quarantine
13:41:56.0308 7476 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
13:41:58.0468 6312 Deinitialize success

Edited by traptack, 14 January 2013 - 09:50 PM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 01:04 AM

Hi,

This looks OK again.

Can you post a new DDS log as a final check for leftovers?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 15 January 2013 - 01:14 AM

Hi,

This looks OK again.

Can you post a new DDS log as a final check for leftovers?


what do you mean by "ok" ? I noticed you capitalized it.

here's the updated DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Anthony at 22:11:56 on 2013-01-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.4946 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\LockKey\LockKey.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\25564664C616D696E676F6 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\45A46353C4 : DHCPNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{7CDE28F9-7238-425D-8825-7DC219E228B6}\478656F5265616E6562797 : DHCPNameServer = 10.1.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\
FF - prefs.js: browser.startup.homepage - hxxp://smart-homepage.blogspot.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-9921204958649638:9045185518&ie=UTF-8&sa=Search&ref=pagecode.blogspot.com&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-22 13:30; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-11-29 02:43; anttoolbar@ant.com; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2012-12-20 20:08; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\74d47cvh.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-9-23 57952]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-8 19264]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-9-23 39008]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-9-23 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-8 30648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-2 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-7 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-7 370288]
R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-9-23 13408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-10 283200]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-9-23 59488]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-7 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-8 44808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-23 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-23 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-21 69640]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2012-11-27 5414184]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-23 363800]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-8 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-8 789824]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-13 104048]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2012-9-23 8208488]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2012/09/23 04:42:18;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-9-23 120160]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-9-23 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-9-23 615976]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-9-23 39976]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-11-10 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-12-11 13728]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-12-11 81312]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-27 18216]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-12-11 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-10 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-6-21 216072]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-14 04:55:16 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-13 21:32:07 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-11 14:53:22 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73E9D19C-EB32-4D65-9724-1877D8A30C49}\mpengine.dll
2013-01-10 05:12:50 99384 ----a-w- C:\Users\Anthony\AppData\Roaming\inst.exe
2013-01-10 05:12:50 82816 ----a-w- C:\Users\Anthony\AppData\Roaming\pcouffin.sys
2013-01-10 05:12:43 -------- d-----w- C:\ProgramData\VSO
2013-01-10 05:12:43 -------- d-----w- C:\Program Files (x86)\VSO
2013-01-10 05:12:18 -------- d-----w- C:\Users\Anthony\AppData\Local\Coupon Companion
2013-01-10 05:12:15 -------- d-----w- C:\Program Files (x86)\Coupon Companion
2013-01-09 22:14:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 22:14:54 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-08 05:38:18 -------- d-----w- C:\Windows\PCHEALTH
2013-01-08 05:36:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-01-08 05:35:44 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-01-08 00:10:55 -------- d-----w- C:\Users\Anthony\AppData\Roaming\SSH
2013-01-08 00:09:55 -------- d-----w- C:\Program Files (x86)\SSH Communications Security
2013-01-05 00:19:18 -------- d-----w- C:\Users\Anthony\AppData\Local\VMware
2013-01-05 00:17:35 63128 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-01-05 00:17:08 354456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-01-05 00:17:00 433816 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-01-05 00:17:00 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-01-05 00:16:56 942744 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-01-05 00:16:54 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-01-05 00:16:54 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-01-05 00:16:26 -------- d-----w- C:\Program Files (x86)\VMware
2013-01-05 00:16:26 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-01-05 00:16:14 -------- d-----w- C:\Program Files\Common Files\VMware
2013-01-03 19:49:10 -------- d-----w- C:\Users\Anthony\AppData\Local\SWTOR
2013-01-03 16:34:18 -------- d-----w- C:\Program Files (x86)\THQ
2013-01-03 06:11:43 -------- d-----w- C:\Users\Anthony\AppData\Local\NBGI
2013-01-03 02:43:53 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-01-03 02:43:53 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-01-03 02:43:52 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-01-03 02:43:52 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-01-03 02:43:52 -------- d-----w- C:\Program Files (x86)\OpenAL
2013-01-03 02:43:14 -------- d-----w- C:\Program Files (x86)\Snapshot
2013-01-02 17:41:21 -------- d-----w- C:\Program Files (x86)\SlySoft
2013-01-02 14:52:30 -------- d-----w- C:\Program Files (x86)\Nero
2013-01-02 14:52:21 -------- d-----w- C:\ProgramData\Nero
2013-01-02 01:23:01 -------- d-----w- C:\Users\Anthony\.MakeMKV
2013-01-02 01:16:59 -------- d-----w- C:\Users\Anthony\AppData\Roaming\HandBrake
2012-12-31 15:47:35 -------- d-----w- C:\Users\Anthony\AppData\Local\Programs
2012-12-28 21:08:13 -------- d-----w- C:\Users\Anthony\AppData\Local\Runic Games
2012-12-26 15:04:55 -------- d-----w- C:\PFS8.1 PE_TMP
2012-12-26 15:04:48 -------- d-----w- C:\ProgramData\Panasonic
2012-12-25 20:30:29 -------- d-----w- C:\Users\Anthony\AppData\Local\Panasonic
2012-12-25 20:28:27 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-12-25 20:28:27 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-12-25 20:28:26 71840 ----a-w- C:\Windows\SysWow64\EPPicMgr.dll
2012-12-25 20:28:26 120992 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-12-25 20:28:26 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-12-25 19:53:22 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic
2012-12-25 19:53:07 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-12-25 19:53:07 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-12-25 19:53:00 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-12-22 06:35:42 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 06:35:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 06:35:35 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 06:35:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 19:41:55 -------- d-----w- C:\Users\Anthony\AppData\Local\Solid State Networks
2012-12-21 19:41:19 -------- d-----w- C:\Program Files (x86)\MeteorEntertainment
2012-12-16 19:28:38 -------- d-----w- C:\Users\Anthony\.thumbnails
2012-12-16 19:23:55 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
.
==================== Find3M ====================
.
2013-01-09 05:49:21 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 05:49:21 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-29 08:40:10 559032 ----a-w- C:\Windows\SysWow64\oemdspif.dll
2012-12-29 08:40:09 997816 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 55736 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-14 05:26:53 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-14 05:26:53 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-14 05:25:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-14 05:25:37 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-05 05:50:07 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 21:30:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 05:08:16 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 02:30:28 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-11-14 22:45:34 1981824 ----a-w- C:\Windows\System32\Pen_Tablet.dll
2012-11-14 22:45:34 1974656 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll
2012-11-14 22:45:34 1844096 ----a-w- C:\Windows\System32\Wintab32.dll
2012-11-14 22:45:34 1841024 ----a-w- C:\Windows\System32\WacomMT.dll
2012-11-14 22:45:32 1510272 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2012-11-14 22:45:32 1506176 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2012-11-14 22:45:30 1629056 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2012-11-14 22:45:30 1621888 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-11 00:56:40 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 05:04:36 249496 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-01 04:32:10 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-11-01 04:32:10 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-11-01 04:32:10 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-11-01 04:32:10 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-11-01 04:32:10 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 22:12:30.82 ===============

Attached Files



#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 01:36 AM

Hi,

what do you mean by "ok" ? I noticed you capitalized it.

I meant that nothing strange is present anymore :)

Just some leftovers to deal with here.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
Make sure your internet explorer is closed. Then, Doubleclick on fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then, In your firefox, please restore everything to the default settings. See here how to do this: http://www.howtogeek.com/howto/internet/firefox/restore-the-default-settings-in-firefox-without-uninstalling-it/

Then, navigate to and delete the following folders:

C:\Users\Anthony\AppData\Local\Coupon Companion
C:\Program Files (x86)\Coupon Companion

In case you can't find these folders, please make sure your hidden files and folders are shown. See here how to do this: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Let me know in your next reply how everything is going now.

Sidenote - with what you were dealing with is PUP. This means potential unwanted program. The PUPs you had were harmless though, so there's nothing to worry about here. It's mainly additional software (toolbars) that come installed with other software. This is why I can't stress enough how important it is that people read the eula and installscreens when they install software. The additional toolbars are often listened there and you can actually uncheck them during install.
Also see here: http://miekiemoes.blogspot.be/2012/01/unwanted-toolbars.html

Edited by miekiemoes, 15 January 2013 - 01:36 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 15 January 2013 - 01:43 AM

Hi,

what do you mean by "ok" ? I noticed you capitalized it.

I meant that nothing strange is present anymore :)

Just some leftovers to deal with here.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
Make sure your internet explorer is closed. Then, Doubleclick on fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Then, In your firefox, please restore everything to the default settings. See here how to do this: http://www.howtogeek.com/howto/internet/firefox/restore-the-default-settings-in-firefox-without-uninstalling-it/

Then, navigate to and delete the following folders:

C:\Users\Anthony\AppData\Local\Coupon Companion
C:\Program Files (x86)\Coupon Companion

In case you can't find these folders, please make sure your hidden files and folders are shown. See here how to do this: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Let me know in your next reply how everything is going now.

Sidenote - with what you were dealing with is PUP. This means potential unwanted program. The PUPs you had were harmless though, so there's nothing to worry about here. It's mainly additional software (toolbars) that come installed with other software. This is why I can't stress enough how important it is that people read the eula and installscreens when they install software. The additional toolbars are often listened there and you can actually uncheck them during install.
Also see here: http://miekiemoes.blogspot.be/2012/01/unwanted-toolbars.html


what's the copy/paste regedit 4 thing do?
what problems does it address/fix? (i'm just curious)
:)
but okay i'll keep all those in mind, and i'll update you in a little while when i've made all those changes.

Also I read that one shouldn't be using the internet when having PUP's? or is that something else i'm thinking about? And how do I know if someone has found a backdoor, and hitched a ride on my pc?
thanks!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 01:54 AM

The regedit fix will delete some orphaned entries in the registry related with crossfire and restores the default urlsearchhook again. It also sets the Default_Page_URL to normal google again (since yours was a "redirected version")

Also I read that one shouldn't be using the internet when having PUP's? or is that something else i'm thinking about? And how do I know if someone has found a backdoor, and hitched a ride on my pc?
thanks!

No, don't worry about that - as I said, a PUP is a harmless piece of software (in most cases an additional toolbar) which is often installed since people don't read install screens and don't uncheck these there. It's just rather additional clutter you install, which makes it unwanted for most users - hence the name PUP (potentially unwanted program).
This is the reason why not many Antivirus vendors detect these, because they aren't malicious. As for backdoors, your traditional Antivirus should detect these anyway (if up to date). I do not see any traces of backdoors or whatever in your logs here :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 15 January 2013 - 02:15 AM

The regedit fix will delete some orphaned entries in the registry related with crossfire and restores the default urlsearchhook again. It also sets the Default_Page_URL to normal google again (since yours was a "redirected version")

Also I read that one shouldn't be using the internet when having PUP's? or is that something else i'm thinking about? And how do I know if someone has found a backdoor, and hitched a ride on my pc?
thanks!

No, don't worry about that - as I said, a PUP is a harmless piece of software (in most cases an additional toolbar) which is often installed since people don't read install screens and don't uncheck these there. It's just rather additional clutter you install, which makes it unwanted for most users - hence the name PUP (potentially unwanted program).
This is the reason why not many Antivirus vendors detect these, because they aren't malicious. As for backdoors, your traditional Antivirus should detect these anyway (if up to date). I do not see any traces of backdoors or whatever in your logs here :)



oh okay :)
well I made the changes, I believe that firefox has been restored to default settings. HOWEVER bookmarks are still there, and the geek guide link that you provided is probably not up to date with todays current version of firefox :b. All my plugins are still there/enabled, and my extensions are all disabled. What is the reason for having me reset firefox back to default? :o and is it okay if I go back and enable some of my extensions?

okay sounds good, thank you so much! (: I really appreciate your time and effort with helping me out with this little mess.
I suppose Avast antivirus and Malware antimalware is enough.

do you teach other people stuff like this? how to diagnose/repair/look for traces of backdoors,etc? i'd love to learn sometime.

anyhow thanks! I'll probably update this thread with another Dss scan a few days from now, just in case. :)

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 02:26 AM

Hi,

The plugins are not affected with this - only the extensions. Yes, you can enable the extensions again that you use/need. The ones you don't need, you can uninstall.
The reason why I asked to reset your firefox to default is that these PUPs also altered some settings there. Firefox doesn't use the registry to store these settings, but stores them in .js files present in the firefox folder under your programdata. So the easiest way to set it back to default is the way I explained :)

I suppose Avast antivirus and Malware antimalware is enough.

Yes, that combo is great.

do you teach other people stuff like this? how to diagnose/repair/look for traces of backdoors,etc? i'd love to learn sometime.

yes, I teach people this stuff, but it comes with a lot of practice and experience as well. The best way to learn from this is to look at other logs and see what the helpers ask to remove. That way, you start to see a pattern and it will become easier to distinguish malware related entries with others (legitimate entries).
There are some bootcamps that teach you this: http://library.techguy.org/wiki/Become_Authorized_for_Malware_Removal
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 15 January 2013 - 10:32 AM

Hi,

The plugins are not affected with this - only the extensions. Yes, you can enable the extensions again that you use/need. The ones you don't need, you can uninstall.
The reason why I asked to reset your firefox to default is that these PUPs also altered some settings there. Firefox doesn't use the registry to store these settings, but stores them in .js files present in the firefox folder under your programdata. So the easiest way to set it back to default is the way I explained :)

I suppose Avast antivirus and Malware antimalware is enough.

Yes, that combo is great.

do you teach other people stuff like this? how to diagnose/repair/look for traces of backdoors,etc? i'd love to learn sometime.

yes, I teach people this stuff, but it comes with a lot of practice and experience as well. The best way to learn from this is to look at other logs and see what the helpers ask to remove. That way, you start to see a pattern and it will become easier to distinguish malware related entries with others (legitimate entries).
There are some bootcamps that teach you this: http://library.techguy.org/wiki/Become_Authorized_for_Malware_Removal



oh okay!
was Firefox fully reset though? I mean bookmarks weren't effected, because in that geekguide to resetting firefox to default settings, it said that bookmarks would have all been removed.
but allright gotcha!

thank you

and that sounds good, i'm curious as to what I need to look for in all theses scan logs/dds. Such as when I asked about any backdoor malicious activity and you said (just by looking at my logs) found no traces :)
Thank you!


***oh and what's the deal with TDSSKiller?
I ran a scan and three things cames up, they were just listed as suspcious I think, putting them in quarantine is fine?

Edited by traptack, 15 January 2013 - 11:23 AM.


#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 11:44 AM

Hi,

Tdsskiller also uses generic detections, hence why these files were marked as suspicious. In this case, it looks like it marked them because the files weren't signed. This doesn't mean they are malware.
This is why we never ask users (when they run tdsskiller), to quarantine the suspicious files - because they need to be reviewed first.

The following ones are the ones that were copied to quarantine:

13:41:56.0188 7476 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - copied to quarantine
13:41:56.0248 7476 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine
13:41:56.0278 7476 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
13:41:56.0308 7476 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe - copied to quarantine

They are legitimate files but not critical. I don't know if Tdsskiller actually deleted the files from its original location, because it said here it copied them to quarantine.
If it removed them from the original location, it should rather say: moved to quarantine. So the best way to check is if the files in above are still present in their original location (they should)

Edited by miekiemoes, 15 January 2013 - 11:45 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 traptack

traptack
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 15 January 2013 - 12:10 PM

Hi,

Tdsskiller also uses generic detections, hence why these files were marked as suspicious. In this case, it looks like it marked them because the files weren't signed. This doesn't mean they are malware.
This is why we never ask users (when they run tdsskiller), to quarantine the suspicious files - because they need to be reviewed first.

The following ones are the ones that were copied to quarantine:

13:41:56.0188 7476 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - copied to quarantine
13:41:56.0248 7476 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine
13:41:56.0278 7476 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - copied to quarantine
13:41:56.0308 7476 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe - copied to quarantine

They are legitimate files but not critical. I don't know if Tdsskiller actually deleted the files from its original location, because it said here it copied them to quarantine.
If it removed them from the original location, it should rather say: moved to quarantine. So the best way to check is if the files in above are still present in their original location (they should)


so in short, just ignore it?

thanks :)

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 15 January 2013 - 12:12 PM

Yep :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:24 PM

Posted 19 January 2013 - 01:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users