Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP PLS! Suspect BIOS Rookit w/ Poss. Peripheral FirmWare Flash? Mebromi/Rakshasha var?


  • This topic is locked This topic is locked
16 replies to this topic

#1 theashesstir

theashesstir

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 17 January 2013 - 08:19 PM

after repeated installs I'm seeing things like numerous connections established and listening attributed to System Process When no network applications online. listening, time-wait/ or established w/ packet data using TCPv6 when it is unchecked on all network adaptors under NCPA.CPL NIC properties.
On another comprimised machine, a Win7 Home Premium Group Policy Service (For AD - not available w/ Win Home) was started as a hidden non-pnp service/driver @Boot. event logs used to show updates in policy when machine NIC unplugged and wifi hardware switched off.
Tried Blind Flash of BIOS. on reboot screen didnt post >30second w. intermittent beep. then restarted to blank screen and cursor blinking maybe 20s w/ 3 carriage returns (reflashing BIOS from peripheral FirmWare? then expanding minimal image via iSCSI? thats a service that seems to be mostly always on too.. Don't much trust my Mcafeee as its install process was completely diff from other machines w/ same version. no prompt for liscence. Scans happen too quick. etc. etc. etc.

Pls Advise:

DDS.TXT:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by user-admin at 16:58:57 on 2013-01-17
#Option Extended Search is enabled.
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.16331.13763 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Recon3Di Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{49A40630-47DC-4820-9DA1-86BB714977F2} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4DE6004E-0475-4394-8497-551AD02F9792} : DHCPNameServer = 208.67.222.222 208.67.220.220
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user-admin\AppData\Roaming\Mozilla\Firefox\Profiles\e162kxyu.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - ExtSQL: 2013-01-16 12:08; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-01-16 21:03; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\user-admin\AppData\Roaming\Mozilla\Firefox\Profiles\e162kxyu.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-16 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 339776]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-1-16 22128]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-2-9 14664]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2013-1-16 122880]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-16 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-16 2439272]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-16 161560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-1-16 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-1-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-1-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-1-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-1-16 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-16 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-16 177680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-16 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-16 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-16 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-25 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-16 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-1-16 69672]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\CtHda.sys [2013-1-16 1052760]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-1-16 196440]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-16 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-16 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-1-16 108656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-1-16 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-1-16 515528]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-16 340584]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-1-16 67184]
S2 0305431358400894mcinstcleanup;McAfee Application Installer Cleanup (0305431358400894);C:\Windows\TEMP\030543~1.EXE -cleanup -nolog --> C:\Windows\TEMP\030543~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-1-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-1-16 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-1-16 106112]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-16 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-16 1255736]
.
=============== Created Last 60 ================
.
2013-01-17 22:46:16 -------- d-----w- C:\Program Files (x86)\Steam
2013-01-17 22:46:16 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-01-16 23:11:57 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-01-16 21:57:55 -------- d-----w- C:\Windows\PCHEALTH
2013-01-16 21:55:59 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-01-16 21:55:59 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-01-16 21:55:44 -------- d-----w- C:\Users\user-admin\AppData\Local\Microsoft Help
2013-01-16 21:50:06 -------- d-----w- C:\Users\user-admin\AppData\Local\Google
2013-01-16 21:47:18 -------- d-----w- C:\Program Files\Paint.NET
2013-01-16 21:47:13 -------- d-----w- C:\Users\user-admin\AppData\Local\Paint.NET
2013-01-16 21:46:40 -------- d-----w- C:\Program Files (x86)\GPLGS
2013-01-16 21:44:22 87152 ----a-w- C:\Windows\System32\cpwmon64.dll
2013-01-16 21:44:22 -------- d-----w- C:\Program Files (x86)\Acro Software
2013-01-16 21:35:19 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-01-16 21:17:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-16 21:16:58 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-16 21:16:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-16 21:16:31 -------- d-----w- C:\Users\user-admin\AppData\Local\Programs
2013-01-16 20:52:41 -------- d-----w- C:\Program Files\Alienware
2013-01-16 20:51:29 -------- d-----w- C:\Users\user-admin\AppData\Local\Downloaded Installations
2013-01-16 20:45:40 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-16 20:45:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-16 20:45:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-16 20:38:09 -------- d-----w- C:\Windows\SysWow64\Wat
2013-01-16 20:38:09 -------- d-----w- C:\Windows\System32\Wat
2013-01-16 20:25:32 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-16 20:25:32 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-16 20:25:32 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-16 20:25:32 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-16 20:19:41 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-01-16 20:17:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-16 20:17:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-16 20:17:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-16 20:17:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-16 20:17:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-16 20:17:30 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-16 20:17:15 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-16 20:17:15 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-16 20:17:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-16 20:17:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-16 20:17:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-16 20:17:15 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-16 20:17:15 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-16 20:16:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-16 20:16:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-16 20:16:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-16 20:16:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-16 20:16:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-16 20:14:12 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-16 20:13:52 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-01-16 20:12:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-16 20:11:59 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-16 20:06:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-01-16 20:06:01 -------- d-----w- C:\Users\user-admin\AppData\Roaming\Intel Corporation
2013-01-16 19:59:19 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-01-16 19:59:03 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-01-16 19:59:00 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-01-16 19:59:00 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-01-16 19:58:58 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-01-16 19:58:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-01-16 19:58:58 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-01-16 19:58:58 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-01-16 19:58:57 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-01-16 19:58:56 -------- d-----w- C:\Program Files\McAfee.com
2013-01-16 19:58:56 -------- d-----w- C:\Program Files\McAfee
2013-01-16 19:58:55 -------- d-----w- C:\Program Files (x86)\McAfee
2013-01-16 19:53:42 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2013-01-16 19:49:50 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-01-16 19:49:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-01-16 19:49:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-01-16 19:47:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-16 19:47:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-16 19:47:51 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-16 19:47:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-16 19:41:58 -------- d-----w- C:\Windows\SysWow64\sda
2013-01-16 19:41:55 9888872 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2013-01-16 19:41:55 340584 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2013-01-16 19:41:55 -------- d-----w- C:\Program Files (x86)\Realtek
2013-01-16 19:41:14 22128 ----a-w- C:\Windows\System32\drivers\stdcfltn.sys
2013-01-16 19:41:06 67184 ----a-w- C:\Windows\System32\drivers\ST_ACCEL.sys
2013-01-16 19:41:06 65136 ----a-w- C:\Windows\System32\stdcfltnco02.dll
2013-01-16 19:41:06 -------- d-----w- C:\Program Files\STMicroelectronics
2013-01-16 19:41:01 -------- d-----w- C:\Program Files (x86)\ST Microelectronics
2013-01-16 19:40:13 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2013-01-16 19:39:55 -------- d-----w- C:\ProgramData\XP32
2013-01-16 19:39:55 -------- d-----w- C:\ProgramData\Win764
2013-01-16 19:39:55 -------- d-----w- C:\ProgramData\Win732
2013-01-16 19:39:55 -------- d-----w- C:\ProgramData\Vista64
2013-01-16 19:39:55 -------- d-----w- C:\ProgramData\Vista32
2013-01-16 19:39:45 -------- d-----w- C:\Program Files (x86)\Alienware On-Screen Display
2013-01-16 19:39:31 -------- d-----w- C:\Windows\Downloaded Installations
2013-01-16 19:37:47 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2013-01-16 19:37:40 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-01-16 19:37:40 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-01-16 19:37:39 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-16 19:37:19 -------- d-----w- C:\Program Files\Synaptics
2013-01-16 19:36:55 68880 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2013-01-16 19:36:55 392464 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2013-01-16 19:36:55 224528 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2013-01-16 19:36:55 113936 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2013-01-16 19:36:54 707856 ----a-w- C:\Windows\System32\SynCOM.dll
2013-01-16 19:36:54 280336 ----a-w- C:\Windows\System32\SynCtrl.dll
2013-01-16 19:36:54 229648 ----a-w- C:\Windows\System32\SynTPAPI.dll
2013-01-16 19:36:54 150800 ----a-w- C:\Windows\System32\SynTPCo9.dll
2013-01-16 19:36:54 1048576 ----a-w- C:\Windows\System32\syndata.bin
2013-01-16 19:36:53 425232 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2013-01-16 19:35:20 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-01-16 19:35:08 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-01-16 19:34:21 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-01-16 19:34:16 -------- d-----w- C:\Intel
2013-01-16 19:30:38 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2013-01-16 19:30:24 108656 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2013-01-16 19:29:38 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-01-16 19:29:31 -------- d-----w- C:\Users\user-admin\AppData\Roaming\Intel
2013-01-16 19:29:25 -------- d-----w- C:\Users\user-admin\Roaming
2013-01-16 19:29:25 -------- d-----w- C:\ProgramData\Roaming
2013-01-16 19:28:51 -------- d-----w- C:\Program Files\Common Files\Intel
2013-01-16 19:28:51 -------- d-----w- C:\Program Files (x86)\Cisco
2013-01-16 19:27:02 -------- d-sh--w- C:\Windows\Installer
2013-01-16 19:27:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-01-16 19:27:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-16 19:27:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-16 19:27:00 6087488 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-16 19:27:00 3092288 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-16 19:27:00 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-16 19:27:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-16 19:25:35 -------- d-----w- C:\Dell
2013-01-16 19:18:20 -------- d-----w- C:\Windows\Panther
2013-01-16 19:17:58 -------- d-----w- C:\Windows\System32\OEM
2013-01-16 19:17:58 -------- d-----w- C:\Hotfix
2013-01-16 19:17:58 -------- d-----w- C:\Drivers
.
==================== Find6M ====================
.
2013-01-16 19:33:39 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-01-16 19:33:39 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-01-16 19:33:39 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-01-16 19:33:39 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-09 14:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-11-09 14:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-11-09 14:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-31 23:10:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2012-10-31 23:10:00 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-10-31 23:10:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-10-31 23:10:00 158536 ----a-w- C:\Windows\System32\atl100.dll
2012-10-31 23:10:00 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:08:26 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
.
============= FINISH: 16:59:19.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 January 2013 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/482130 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 24 January 2013 - 03:00 AM

Notes: Upon doing some extensive Research I've found a few people on other boards who describe near identical symtoms to mine. There's clearly a rootkit, if not multiple. I've understood that it\s a newer more persistant version of TDL-4 / Aulrion + Mebromi Possibly... From the inital point of infection the malware appears to download and install other malware/firmwares, keyloggers. redirects.

I can also confirm the infection is platform independant. I have booted from Ubuntu, Knoppix, and Mint Linux Live CD's as well as Parted Margic, Hirems etc. and the Live OS's both Linux or Tiny XP based, while initialyl more risilent, eventually become fully comprimised. Another interesting point is that my traceroutes all alawys timeout on the first hop something that leads me to suspcect, along with the SSL issues (certs belonging to the wrong sites, certs that are years expired, or hav been revoked ) being used. ... and other fun stuff like that.

I have invalid and suspicous SSL certificates in the stores of all of my machines. there appears to be a hijacking of Windows Update that happens at some points, and not at others. If I try to download install or run certain tools ComboFox, PCI Scope, TDSS among others it's usually a battle. Sometimes the checksum is wrong by the time the download is complete. Sometimes It tells me upon completing the download that the location cannot be saved to. Other times it tells me I lack the permissons for the volder, which could be my downlloads folder, drive root, or Desktop.Even though I am the Local Admin I often cannot take ownership of the folder. The same applies fopr some reg keys. Other times I'll down lood the systinterals suite .zip from technet for example. I'll extract it to a folder on my desktop. The contents are usually initially there . I'll run a few .. and do something else and 15 minutes i'll return to the fodler and all the .exe's are gone. Blindly Running ComboFix does seem to normalize things for a while, but a few days to a couple weeks later the system is unusuable.

So this is a long long story. Basically it first appaered in a Destop w/ an ASUS board that is sitting dissembled beside me. Since then I have had 4 Desktops and at least 4 laptops in my home / small-busness Office succumb to it.

In one instance I took a long retired Tower out of storage, And took the CPU an LGA775 Intel Core2 Quad, a couple sticks of DDR2, and the PSU + Radeon 5xxx series PCIx Graphics card out of an infected machine and stuck it in the retired machnie and booted it from Retail PRessed Windows 7 DVD. the DVD-RW and the HDD were both fresh ones. As by this point I was suspecting BIOS + Peripheral Firmware infection but was only really thinking about Drive Controllers being flashed (as i've never before Flashed a GPU). Long story stoery short, at boot, I see the BIOS SCREEN flash a couple times. then a black screen with a flashing cursor. Normal;ly on an infected machine this cursor screen appears for 1-2 seconds before the compuiter then continues to load aboot device. However, on this not yet / about to be infected machine it would opersist in flashing for about 30 seconds to 2 minutes, i'd see a couple carriage returns and the computer would reboot. And then proceed as normal.
e

When the machine first comes up.. wether Ive installed 7 Home Premium or Pro, Group Policy is always on as a Service and I cannot stop it. Event Logs show updated Group Policy events from a non-existant AD Server... this should be impossible on Home Premium Machine as they Cannot by definition join Domains! ... after some further investigation. I biooted from my W7 install DVD clicked Repair instead of install and browed the Disk from command prompt and used notepad to parse any strange content.

Well I found CLG and WIM files as well as answer files w/ Product Keys for every version of Windows since 2000, everything from Media Center to Small Buisness Server to Hyper V Enterprise etc. None of these files are present on the DVD when browsed from a clean computer. Its worthwhile to note that on ther dirty machines the "Windiows is Loading Files... " progress indicator fills twice . Once very quicky 1-3 seconds.. and again in a normal 30s-1min. In my resaerch its bene indicated that this may point to warsd the Image/Malware etc being pulled out of V Rom or wherever it's hanging out (No Hard Drives USB etc are attached when I do this )... and writing it to the RAM DISK.


Whenever I reinstall, I low level format my disk doing a sector by sector 0 sweep on the disk. At first for the first day or two Things run relatively smoothly,.. though investigation w/ Process Explorer and other System Internals tools show me that I have DLLs and services running w/ very questionable strings... Services that cannot be stoped. Loading at Boot shown under DEVICE MANAGER > SHOW HIDDEN DEVICES > SHOW NON PLUG N PLAY DEVICES. Services sittng on my baseline Filtering Engine Remote Audio Endpoints etc.

Ruinning a Packet sniffer on the lan shows an incredible amount of ARP requiests coming in and out of machine.



*** MOST NOTABLY*** Under Process Explorer, when I examine a Root/Top-Level of Tree Process Like Explorer.exe Winit.exe Lsass.exe Services.exe etc. As well as my McAffee Antivirus. Their parent Processes are a non-existant Process. <Non-existent Process>(452).

I also get 2 instances of crss.exe 1 which seems to pertain to my local Sesison and which has Parent: <Non-existent Process>(488) and COMMAND LINE ARG: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

The other, called aerlier has parent <Non-existent Process>(452) again. w/ COMMAND LINE ARG NOTICE IT USeS CONSERV.DLL: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

It inevitably will spawn conhosts.exe's above even Wininit.exe in my tray.


BELOW I will paste the driver LOAD ORDER take from LOADORD.exe from sysinternals under safemode w/ networking as well for your reference.

#4 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 24 January 2013 - 03:44 AM

https://www.facebook.com/#!/pages/Unknown-GPU-Hypervisor-Malware/131545397008622?sk=info

http://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706_page1.html



Both these links outline symptoms very similar to my own.. The First is a facebook group to try and bring attention to it. So Far i've communicated w/ one person in South Florida and one In South America who appear to have the same malware. I am in Vancouver.

It's worthwhile to note that if i wasn't a process explorer and sysinternals habitual power user and formerly the West Coast Canada Team Lead for the Software AV / Firewall Support Team for Western Canada's Largest ISP i would have probably never even noticed it as it was pretty low key until I started formatting and reformatting .. and attempting to take more vigorous action againsti it.

#5 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 24 January 2013 - 03:46 AM

Boot WdfLoadGroup n/a* Wdf01000 @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
Boot Boot Bus Extender 1 ACPI Microsoft ACPI Driver
Boot Boot Bus Extender 2 msisadrv
Boot Boot Bus Extender 3 pci PCI Bus Driver
Boot Boot Bus Extender 6 vdrvroot Microsoft Virtual Drive Enumerator Driver
Boot Boot Bus Extender 7 iusb3hcs Intel® USB 3.0 Host Controller Switch Driver
Boot Boot Bus Extender n/a* partmgr @%SystemRoot%\system32\drivers\partmgr.sys,-100
Boot System Bus Extender 15 Compbatt Microsoft Composite Battery Driver
Boot System Bus Extender 9 volmgr Volume Manager Driver
Boot System Bus Extender 10 volmgrx @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Boot System Bus Extender n/a* mountmgr @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Boot SCSI Miniport 25 iaStorV Intel RAID Controller Windows 7
Boot SCSI miniport n/a* amdxata
Boot FSFilter Infrastructure 1 FltMgr @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Boot FSFilter Bottom n/a* FileInfo @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Boot Filter 1 CLFS @%SystemRoot%\system32\clfs.sys,-100
Boot Base 1 KSecDD
Boot Base 2 CNG
Boot Base n/a* pcw Performance Counters for Windows Driver
Boot File System n/a* Fs_Rec
Boot NDIS Wrapper n/a* NDIS @%SystemRoot%\system32\drivers\ndis.sys,-200
Boot Cryptography 2 KSecPkg
Boot PNP_TDI 3 Tcpip @%SystemRoot%\system32\tcpipcfg.dll,-50003
Boot Extended Base n/a* storflt @%SystemRoot%\system32\vmstorfltres.dll,-1000
Boot n/a* n/a* Disk Disk Driver
Boot PnP Filter* 5* fvevol @%SystemRoot%\system32\drivers\fvevol.sys,-100
Boot n/a* n/a* hwpolicy @%systemroot%\system32\drivers\hwpolicy.sys,-101
Boot Network* n/a* Mup @%systemroot%\system32\drivers\mup.sys,-101
Boot PnP Filter* 2* rdyboost ReadyBoost
Boot n/a* n/a* spldr Security Processor Loader Driver
Boot n/a* n/a* volsnap Storage volumes
System SCSI CDROM Class 3 cdrom CD-ROM Driver
System Base 1 Null
System Base 2 Beep Beep
System Video Save 1 VgaSave
System Video Save n/a* RDPCDD @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
System Video Save n/a* RDPENCDD @%systemroot%\system32\drivers\RDPENCDD.sys,-101
System Video Save n/a* RDPREFMP @%systemroot%\system32\drivers\RdpRefMp.sys,-101
System File system n/a* Msfs
System File system n/a* Npfs
System PNP_TDI 4 tdx @%SystemRoot%\system32\tcpipcfg.dll,-50004
System PNP_TDI n/a* AFD @%systemroot%\system32\drivers\afd.sys,-1000
System PNP_TDI n/a* NetBT @%SystemRoot%\system32\drivers\netbt.sys,-2
System NDIS 16 WfpLwf WFP Lightweight Filter
System NDIS 18 Psched @%SystemRoot%\System32\drivers\pacer.sys,-101
System NDIS 23 vwififlt Virtual WiFi Filter Driver
System NetBIOSGroup 2 NetBIOS NetBIOS Interface
System n/a* n/a* blbdrive
System network* 9* CSC @%systemroot%\system32\cscsvc.dll,-202
System Network* n/a* DfsC @%systemroot%\system32\drivers\dfsc.sys,-101
System n/a* n/a* discache @%systemroot%\system32\drivers\discache.sys,-102
System n/a* n/a* mssmbios Microsoft System Management BIOS Driver
System n/a* n/a* nsiproxy @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
System Network* 4* rdbss @%systemroot%\system32\wkssvc.dll,-1000
System n/a* n/a* TermDD Terminal Device Driver
System n/a* n/a* Wanarpv6 @%systemroot%\system32\rascfg.dll,-32012
Automatic FSFilter Virtualization n/a* luafv @%systemroot%\system32\drivers\luafv.sys,-100
Automatic Video n/a* nvsvc NVIDIA Display Driver Service
Automatic Video n/a* Stereo Service NVIDIA Stereoscopic 3D Driver Service
Automatic COM Infrastructure n/a* DcomLaunch @oleres.dll,-5012
Automatic COM Infrastructure n/a* RpcEptMapper @%windir%\system32\RpcEpMap.dll,-1001
Automatic COM Infrastructure n/a* RpcSs @oleres.dll,-5010
Automatic Event Log n/a* eventlog @%SystemRoot%\system32\wevtsvc.dll,-200
Automatic AudioGroup n/a* AudioEndpointBuilder Windows Audio Endpoint Builder
Automatic AudioGroup n/a* AudioSrv @%SystemRoot%\system32\audiosrv.dll,-200
Automatic ProfSvc_Group n/a* gpsvc @gpapi.dll,-112
Automatic profsvc_group n/a* ProfSvc @%systemroot%\system32\profsvc.dll,-300
Automatic ProfSvc_Group n/a* SENS @%SystemRoot%\system32\Sens.dll,-200
Automatic ProfSvc_Group n/a* Themes @%SystemRoot%\System32\themeservice.dll,-8192
Automatic UIGroup n/a* UxSms @%SystemRoot%\system32\dwm.exe,-2000
Automatic MS_WindowsLocalValidation n/a* SamSs @%SystemRoot%\system32\samsrv.dll,-1
Automatic PlugPlay n/a* PlugPlay @%SystemRoot%\system32\umpnpmgr.dll,-100
Automatic Plugplay n/a* Power Power
Automatic NDIS 14 rspndr Link-Layer Topology Discovery Responder
Automatic NDIS 15 lltdio Link-Layer Topology Discovery Mapper I/O Driver
Automatic TDI n/a* Dhcp @%SystemRoot%\system32\dhcpcore.dll,-100
Automatic TDI n/a* Dnscache @%SystemRoot%\System32\dnsapi.dll,-101
Automatic TDI n/a* Wlansvc @%SystemRoot%\System32\wlansvc.dll,-257
Automatic SchedulerGroup n/a* Schedule @%SystemRoot%\system32\schedsvc.dll,-100
Automatic NetworkProvider n/a* BFE Base Filtering Engine
Automatic NetworkProvider n/a* LanmanWorkstation Workstation
Automatic NetworkProvider n/a* MpsSvc @%SystemRoot%\system32\FirewallAPI.dll,-23090
Automatic MS_WindowsRemoteValidation n/a* Netlogon Netlogon
Automatic n/a* n/a* AMPPALR3 Intel® Centrino® Wireless Bluetooth® + High Speed Service
Automatic n/a* n/a* BITS Background Intelligent Transfer Service
Automatic n/a* n/a* BTHSSecurityMgr Intel® Centrino® Wireless Bluetooth® + High Speed Security Service
Automatic n/a* n/a* clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86
Automatic n/a* n/a* clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64
Automatic n/a* n/a* CryptSvc @%SystemRoot%\system32\cryptsvc.dll,-1001
Automatic n/a* n/a* DPS @%systemroot%\system32\dps.dll,-500
Automatic n/a* n/a* EventSystem @comres.dll,-2450
Automatic n/a* n/a* EvtEng Intel® PROSet/Wireless Event Log
Automatic n/a* n/a* LanmanServer Server
Automatic n/a* n/a* MMCSS Multimedia Class Scheduler
Automatic n/a* n/a* NlaSvc @%SystemRoot%\System32\nlasvc.dll,-1
Automatic n/a* n/a* nsi @%SystemRoot%\system32\nsisvc.dll,-200
Automatic n/a* n/a* PEAUTH PEAUTH
Automatic n/a* n/a* ProtectedStorage Protected Storage
Automatic n/a* n/a* secdrv Security Driver
Automatic n/a* n/a* seclogon Secondary Logon
Automatic n/a* n/a* SensrSvc Adaptive Brightness
Automatic n/a* n/a* sppsvc @%SystemRoot%\system32\sppsvc.exe,-101
Automatic n/a* n/a* stisvc @%SystemRoot%\system32\wiaservc.dll,-9
Automatic n/a* n/a* tcpipreg TCP/IP Registry Compatibility
Automatic n/a* n/a* UNS Intel® Management and Security Application User Notification Service
Automatic n/a* n/a* VaultSvc Credential Manager
Automatic n/a* n/a* VSS Volume Shadow Copy
Automatic n/a* n/a* WinDefend @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Automatic n/a* n/a* Winmgmt Windows Management Instrumentation
Automatic n/a* n/a* wscsvc @%SystemRoot%\System32\wscsvc.dll,-200
Automatic n/a* n/a* WSearch @%systemroot%\system32\SearchIndexer.exe,-103
Automatic n/a* n/a* wuauserv @%systemroot%\system32\wuaueng.dll,-105
Automatic n/a* n/a* ZeroConfigService Intel® PROSet/Wireless Zero Configuration Service

#6 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 24 January 2013 - 03:51 AM

Process PID CPU Private Bytes Working Set Description Company Name User Name Session Path Command Line Version Autostart Location Image Type DEP Verified Signer Integrity ASLR Virtualized Tree CPU Usage CPU Time CPU History Private Delta Bytes Peak Private Bytes Peak Working Set Private Bytes History WS Private
System Idle Process 0 98.81 0 K 24 K NT AUTHORITY\SYSTEM 64-bit DEP (permanent) 98.81 51:33:03.922 0 K 24 K 0 K
System 4 0.01 164 K 2,148 K <access denied> 0 n/a 0.13 0:00:24.289 7,024 K 13,424 K 0 K
Interrupts n/a 0.12 0 K 0 K Hardware Interrupts and DPCs 0 64-bit n/a 0.12 0:01:23.148 0 K 0 K 0 K
smss.exe 360 728 K 1,400 K Windows Session Manager Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\smss.exe \SystemRoot\System32\smss.exe 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.046 768 K 1,412 K 664 K
csrss.exe 460 2,524 K 4,600 K Client Server Runtime Process Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\csrss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.046 2,524 K 4,608 K 1,984 K
csrss.exe 496 0.16 2,760 K 7,796 K Client Server Runtime Process Microsoft Corporation NT AUTHORITY\SYSTEM 1 C:\Windows\System32\csrss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0.16 0:03:21.194 2,828 K 13,304 K 2,144 K
wininit.exe 504 2,088 K 5,052 K Windows Start-Up Application Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\wininit.exe wininit.exe 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR < 0.01 0:00:00.031 2,472 K 5,136 K 1,764 K
services.exe 592 < 0.01 4,556 K 7,972 K Services and Controller app Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\services.exe C:\Windows\system32\services.exe 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR < 0.01 0:00:00.156 4,900 K 8,032 K 4,088 K
svchost.exe 704 5,268 K 10,120 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.280 5,516 K 10,176 K 4,412 K
WmiPrvSE.exe 1824 3,352 K 6,796 K WMI Provider Host Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 6.1.7601.17514 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.062 4,276 K 6,840 K 2,664 K
dllhost.exe 24904 2,732 K 6,096 K COM Surrogate Microsoft Corporation dixie-flatline\bish 1 C:\Windows\System32\dllhost.exe C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0:00:00.015 2,732 K 6,096 K 2,380 K
svchost.exe 780 4,412 K 8,148 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\NETWORK SERVICE 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k RPCSS 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.140 4,452 K 8,176 K 3,904 K
svchost.exe 880 < 0.01 8,232 K 11,000 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\LOCAL SERVICE 0 C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR < 0.01 0:00:00.124 9,328 K 12,096 K 6,148 K
svchost.exe 912 13,012 K 19,512 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.764 13,188 K 19,612 K 11,692 K
svchost.exe 972 3,784 K 7,828 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\LOCAL SERVICE 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.031 3,948 K 7,892 K 3,464 K
svchost.exe 1000 < 0.01 18,708 K 18,916 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\NETWORK SERVICE 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k NetworkService 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR < 0.01 0:00:01.014 19,608 K 19,352 K 10,504 K
svchost.exe 388 11,148 K 18,536 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.140 11,372 K 18,700 K 9,380 K
svchost.exe 672 6,332 K 11,484 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\LOCAL SERVICE 0 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.109 6,576 K 11,648 K 5,568 K
svchost.exe 1292 36,452 K 20,956 K Host Process for Windows Services Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k secsvcs 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:09.250 63,220 K 45,972 K 12,320 K
lsass.exe 600 6,368 K 13,600 K Local Security Authority Process Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\lsass.exe C:\Windows\system32\lsass.exe 6.1.7601.17725 HKLM\System\CurrentControlSet\Services\SamSs 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:01.076 6,444 K 13,628 K 5,628 K
lsm.exe 608 2,920 K 4,724 K Local Session Manager Service Microsoft Corporation NT AUTHORITY\SYSTEM 0 C:\Windows\System32\lsm.exe C:\Windows\system32\lsm.exe 6.1.7601.17514 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.015 3,132 K 4,748 K 1,944 K
winlogon.exe 544 3,040 K 6,572 K Windows Logon Application Microsoft Corporation NT AUTHORITY\SYSTEM 1 C:\Windows\System32\winlogon.exe winlogon.exe 6.1.7601.17514 64-bit DEP (permanent) (Verified) Microsoft Windows System ASLR 0:00:00.031 3,340 K 6,628 K 2,736 K
explorer.exe 1432 0.01 38,256 K 63,272 K Windows Explorer Microsoft Corporation dixie-flatline\bish 1 C:\Windows\explorer.exe C:\Windows\Explorer.EXE 6.1.7601.17567 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell 64-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0.90 0:01:29.232 46,816 K 66,536 K 29,564 K
ctfmon.exe 1476 2,364 K 4,052 K CTF Loader Microsoft Corporation dixie-flatline\bish 1 C:\Windows\System32\ctfmon.exe ctfmon.exe 6.1.7600.16385 64-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0:00:00.015 2,424 K 4,080 K 1,460 K
firefox.exe 1888 0.01 426,784 K 455,924 K Firefox Mozilla Corporation dixie-flatline\bish 1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" 18.0.1.4764 32-bit DEP (permanent) (Verified) Mozilla Corporation High ASLR 0.01 0:12:04.640 500,720 K 520,880 K 416,616 K
LoadOrd.exe 636 1,620 K 5,584 K dixie-flatline\bish 1 C:\Users\bish\Desktop\essss\LoadOrd.exe "C:\Users\bish\Desktop\essss\LoadOrd.exe" 32-bit DEP (Verified) Microsoft Corporation High 0:00:00.686 1,620 K 5,876 K 1,272 K
iexplore.exe 856 < 0.01 14,904 K 26,796 K Internet Explorer Microsoft Corporation dixie-flatline\bish 1 C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" 9.0.8112.16457 32-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0.07 0:00:08.502 15,944 K 27,356 K 9,472 K
iexplore.exe 1516 0.05 76,520 K 100,744 K Internet Explorer Microsoft Corporation dixie-flatline\bish 1 C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:856 CREDAT:145409 9.0.8112.16457 32-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0.05 0:03:00.914 88,428 K 113,028 K 61,816 K
iexplore.exe 8576 0.01 106,868 K 161,836 K Internet Explorer Microsoft Corporation dixie-flatline\bish 1 C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:856 CREDAT:79938 9.0.8112.16457 32-bit DEP (permanent) (Verified) Microsoft Windows High ASLR 0.01 0:01:04.272 8 K 116,032 K 170,848 K 95,896 K
iexplore.exe 12420 < 0.01 44,872 K 67,712 K Internet Explorer Microsoft Corporation dixie-flatline\bish 1 C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:856 CREDAT:79950 9.0.8112.16457 32-bit DEP (permanent) (Verified) Microsoft Windows High ASLR < 0.01 0:00:10.124 51,404 K 72,268 K 34,888 K
procexp.exe 876 2,928 K 7,140 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com dixie-flatline\bish 1 C:\Users\bish\Desktop\essss\procexp.exe "C:\Users\bish\Desktop\essss\procexp.exe" 15.23.0.0 32-bit DEP (permanent) (Verified) Microsoft Corporation High ASLR 0.81 0:00:00.031 2,936 K 7,140 K 2,008 K
procexp64.exe 676 0.81 66,148 K 72,648 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com dixie-flatline\bish 1 C:\Users\bish\Desktop\essss\procexp64.exe "C:\Users\bish\Desktop\essss\procexp.exe" 15.23.0.0 64-bit DEP (permanent) (Verified) Sysinternals High ASLR 0.81 0:01:55.128 67,448 K 72,700 K 49,164 K

Process: System Pid: 4

Name Description Company Name Path Base Size Mapping Version Time WS Total WS Private Verified Signer Image Type ASLR
ACPI.sys ACPI Driver for NT Microsoft Corporation C:\Windows\system32\drivers\ACPI.sys 0xFFFFF88000FA5000 0x57000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
afd.sys Ancillary Function Driver for WinSock Microsoft Corporation C:\Windows\system32\drivers\afd.sys 0xFFFFF8800153C000 0x89000 Image 6.1.7601.17752 27/12/2011 7:59 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
AgileVpn.sys RAS Agile Vpn Miniport Call Manager Microsoft Corporation C:\Windows\system32\DRIVERS\AgileVpn.sys 0xFFFFF8800329A000 0x16000 Image 6.1.7600.16385 13/07/2009 4:10 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
amdxata.sys Storage Filter Driver Advanced Micro Devices C:\Windows\system32\drivers\amdxata.sys 0xFFFFF880011CB000 0xB000 Image 1.1.2.5 10/03/2011 10:41 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
BATTC.SYS Battery Class Driver Microsoft Corporation C:\Windows\system32\DRIVERS\BATTC.SYS 0xFFFFF88000DE3000 0xC000 Image 6.1.7600.16385 13/07/2009 5:52 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
Beep.SYS BEEP Driver Microsoft Corporation C:\Windows\System32\Drivers\Beep.SYS 0xFFFFF88002D3E000 0x7000 Image 6.1.7600.16385 13/07/2009 4:00 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
blbdrive.sys BLB Drive Driver Microsoft Corporation C:\Windows\system32\DRIVERS\blbdrive.sys 0xFFFFF8800326E000 0x11000 Image 6.1.7600.16385 13/07/2009 3:35 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
bowser.sys NT Lan Manager Datagram Receiver Driver Microsoft Corporation C:\Windows\system32\DRIVERS\bowser.sys 0xFFFFF880017DA000 0x1E000 Image 6.1.7601.17565 22/02/2011 8:55 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
cdfs.sys CD-ROM File System Driver Microsoft Corporation C:\Windows\system32\DRIVERS\cdfs.sys 0xFFFFF880035BE000 0x1D000 Image 6.1.7600.16385 13/07/2009 3:19 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
cdrom.sys SCSI CD-ROM Driver Microsoft Corporation C:\Windows\system32\DRIVERS\cdrom.sys 0xFFFFF8800383C000 0x2A000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
CI.dll Code Integrity Module Microsoft Corporation C:\Windows\system32\CI.dll 0xFFFFF88000EE5000 0xC0000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation C:\Windows\system32\drivers\CLASSPNP.SYS 0xFFFFF88001B8B000 0x30000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
CLFS.SYS Common Log File System Driver Microsoft Corporation C:\Windows\system32\CLFS.SYS 0xFFFFF88000D1E000 0x5E000 Image 6.1.7600.16385 13/07/2009 5:52 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
cng.sys Kernel Cryptography, Next Generation Microsoft Corporation C:\Windows\System32\Drivers\cng.sys 0xFFFFF880014AF000 0x72000 Image 6.1.7601.17856 01/06/2012 9:50 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
compbatt.sys Composite Battery Driver Microsoft Corporation C:\Windows\system32\DRIVERS\compbatt.sys 0xFFFFF88000DDA000 0x9000 Image 6.1.7600.16385 13/07/2009 5:52 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
CompositeBus.sys Multi-Transport Composite Bus Enumerator Microsoft Corporation C:\Windows\system32\DRIVERS\CompositeBus.sys 0xFFFFF8800327F000 0x10000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
crashdmp.sys Crash Dump Driver Microsoft Corporation C:\Windows\System32\Drivers\crashdmp.sys 0xFFFFF880035DB000 0xE000 Image 6.1.7600.16385 13/07/2009 5:47 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
csc.sys Windows Client Side Caching Driver Microsoft Corporation C:\Windows\system32\drivers\csc.sys 0xFFFFF88002EEC000 0x83000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
dfsc.sys DFS Namespace Client Driver Microsoft Corporation C:\Windows\System32\Drivers\dfsc.sys 0xFFFFF88002F6F000 0x1E000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
disk.sys PnP Disk Driver Microsoft Corporation C:\Windows\system32\drivers\disk.sys 0xFFFFF88001B75000 0x16000 Image 6.1.7600.16385 13/07/2009 5:47 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
dump_dumpfve.sys C:\Windows\System32\Drivers\dump_dumpfve.sys 0xFFFFF880035E9000 0x13000 Image 0 K 0 K (Unable to verify) (null) n/a
dump_iaStorV.sys C:\Windows\System32\Drivers\dump_iaStorV.sys 0xFFFFF88002C00000 0x11E000 Image 0 K 0 K (Unable to verify) (null) n/a
Dxapi.sys DirectX API Driver Microsoft Corporation C:\Windows\System32\drivers\Dxapi.sys 0xFFFFF88003400000 0xC000 Image 6.1.7600.16385 13/07/2009 3:38 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
dxg.sys DirectX Graphics Driver Microsoft Corporation C:\Windows\System32\drivers\dxg.sys 0xFFFFF960005B0000 0x1E000 Image 6.1.7600.16385 13/07/2009 3:38 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
fastfat.SYS Fast FAT File System Driver Microsoft Corporation C:\Windows\System32\Drivers\fastfat.SYS 0xFFFFF880043AA000 0x36000 Image 6.1.7600.16385 13/07/2009 3:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
fileinfo.sys FileInfo Filter Driver Microsoft Corporation C:\Windows\system32\drivers\fileinfo.sys 0xFFFFF8800104C000 0x14000 Image 6.1.7600.16385 13/07/2009 5:47 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
fltmgr.sys Microsoft Filesystem Filter Manager Microsoft Corporation C:\Windows\system32\drivers\fltmgr.sys 0xFFFFF88001000000 0x4C000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
framebuf.dll Framebuffer Display Driver Microsoft Corporation C:\Windows\System32\framebuf.dll 0xFFFFF96000910000 0x9000 Image 6.1.7600.16385 13/07/2009 3:38 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
Fs_Rec.sys File System Recognizer Driver Microsoft Corporation C:\Windows\System32\Drivers\Fs_Rec.sys 0xFFFFF88001532000 0xA000 Image 6.1.7601.17787 29/02/2012 10:46 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
fvevol.sys BitLocker Drive Encryption Driver Microsoft Corporation C:\Windows\System32\DRIVERS\fvevol.sys 0xFFFFF88001B3B000 0x3A000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
fwpkclnt.sys FWP/IPsec Kernel-Mode API Microsoft Corporation C:\Windows\System32\drivers\fwpkclnt.sys 0xFFFFF88001A38000 0x4A000 Image 6.1.7601.17939 22/08/2012 10:12 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
hal.dll Hardware Abstraction Layer DLL Microsoft Corporation C:\Windows\system32\hal.dll 0xFFFFF80002006000 0x49000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
HDAudBus.sys High Definition Audio Bus Driver Microsoft Corporation C:\Windows\system32\DRIVERS\HDAudBus.sys 0xFFFFF88002FB3000 0x24000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
HECIx64.sys Intel® Management Engine Interface Intel Corporation C:\Windows\system32\DRIVERS\HECIx64.sys 0xFFFFF88003377000 0x13000 Image 8.1.0.1263 17/07/2012 6:12 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
HIDCLASS.SYS Hid Class Library Microsoft Corporation C:\Windows\system32\DRIVERS\HIDCLASS.SYS 0xFFFFF88003437000 0x19000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
HIDPARSE.SYS Hid Parsing Library Microsoft Corporation C:\Windows\system32\DRIVERS\HIDPARSE.SYS 0xFFFFF88003450000 0x9000 Image 6.1.7600.16385 13/07/2009 4:06 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
hidusb.sys USB Miniport Driver for Input Devices Microsoft Corporation C:\Windows\system32\DRIVERS\hidusb.sys 0xFFFFF88003429000 0xE000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
hwpolicy.sys Hardware Policy Driver Microsoft Corporation C:\Windows\System32\drivers\hwpolicy.sys 0xFFFFF88001B32000 0x9000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
i8042prt.sys i8042 Port Driver Microsoft Corporation C:\Windows\system32\DRIVERS\i8042prt.sys 0xFFFFF88003800000 0x1E000 Image 6.1.7600.16385 13/07/2009 3:19 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
iaStorV.sys Intel Matrix Storage Manager driver - x64 Intel Corporation C:\Windows\system32\drivers\iaStorV.sys 0xFFFFF880010AD000 0x11E000 Image 8.6.2.1014 10/03/2011 10:41 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
iusb3hcs.sys Intel® USB 3.0 Host Controller Switch Driver Intel Corporation C:\Windows\system32\DRIVERS\iusb3hcs.sys 0xFFFFF88000DBC000 0x9000 Image 1.0.3.214 19/02/2012 10:10 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
iusb3hub.sys Intel® USB 3.0 Hub Driver Intel Corporation C:\Windows\system32\DRIVERS\iusb3hub.sys 0xFFFFF880034F2000 0x5D000 Image 1.0.3.214 19/02/2012 10:10 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
iusb3xhc.sys Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation C:\Windows\system32\DRIVERS\iusb3xhc.sys 0xFFFFF880032B1000 0xC4000 Image 1.0.3.214 19/02/2012 10:10 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
kbdclass.sys Keyboard Class Driver Microsoft Corporation C:\Windows\system32\DRIVERS\kbdclass.sys 0xFFFFF8800381E000 0xF000 Image 6.1.7600.16385 13/07/2009 5:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
kbdhid.sys HID Keyboard Filter Driver Microsoft Corporation C:\Windows\system32\DRIVERS\kbdhid.sys 0xFFFFF88003466000 0xE000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
kdcom.dll Serial Kernel Debugger Microsoft Corporation C:\Windows\system32\kdcom.dll 0xFFFFF80002836000 0xA000 Image 6.1.7601.17556 05/02/2011 9:10 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
ks.sys Kernel CSA Library Microsoft Corporation C:\Windows\system32\DRIVERS\ks.sys 0xFFFFF88001060000 0x43000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
ksecdd.sys Kernel Security Support Provider Interface Microsoft Corporation C:\Windows\System32\Drivers\ksecdd.sys 0xFFFFF88001494000 0x1B000 Image 6.1.7601.17856 01/06/2012 9:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
ksecpkg.sys Kernel Security Support Provider Interface Packages Microsoft Corporation C:\Windows\System32\Drivers\ksecpkg.sys 0xFFFFF88001660000 0x2A000 Image 6.1.7601.17856 01/06/2012 9:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mcupdate_GenuineIntel.dll Intel Microcode Update Library Microsoft Corporation C:\Windows\system32\mcupdate_GenuineIntel.dll 0xFFFFF88000CBB000 0x4F000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mouclass.sys Mouse Class Driver Microsoft Corporation C:\Windows\system32\DRIVERS\mouclass.sys 0xFFFFF8800382D000 0xF000 Image 6.1.7600.16385 13/07/2009 5:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mouhid.sys HID Mouse Filter Driver Microsoft Corporation C:\Windows\system32\DRIVERS\mouhid.sys 0xFFFFF88003459000 0xD000 Image 6.1.7600.16385 13/07/2009 4:00 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mountmgr.sys Mount Point Manager Microsoft Corporation C:\Windows\System32\drivers\mountmgr.sys 0xFFFFF88000C71000 0x1A000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mpsdrv.sys Microsoft Protection Service Driver Microsoft Corporation C:\Windows\System32\drivers\mpsdrv.sys 0xFFFFF880034DA000 0x18000 Image 6.1.7600.16385 13/07/2009 4:08 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation C:\Windows\system32\DRIVERS\mrxsmb.sys 0xFFFFF880015C5000 0x2D000 Image 6.1.7601.17605 26/04/2011 6:40 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mrxsmb10.sys Longhorn SMB Downlevel SubRdr Microsoft Corporation C:\Windows\system32\DRIVERS\mrxsmb10.sys 0xFFFFF880064A5000 0x4E000 Image 6.1.7601.17647 08/07/2011 6:46 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mrxsmb20.sys Longhorn SMB 2.0 Redirector Microsoft Corporation C:\Windows\system32\DRIVERS\mrxsmb20.sys 0xFFFFF880064F3000 0x24000 Image 6.1.7601.17605 26/04/2011 6:39 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
Msfs.SYS Mailslot driver Microsoft Corporation C:\Windows\System32\Drivers\Msfs.SYS 0xFFFFF88002D91000 0xB000 Image 6.1.7600.16385 13/07/2009 3:19 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
msisadrv.sys ISA Driver Microsoft Corporation C:\Windows\system32\drivers\msisadrv.sys 0xFFFFF88000EDB000 0xA000 Image 6.1.7600.16385 13/07/2009 5:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
msrpc.sys Kernel Remote Procedure Call Provider Microsoft Corporation C:\Windows\System32\Drivers\msrpc.sys 0xFFFFF88001436000 0x5E000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mssmbios.sys System Management BIOS Driver Microsoft Corporation C:\Windows\system32\DRIVERS\mssmbios.sys 0xFFFFF8800328F000 0xB000 Image 6.1.7600.16385 13/07/2009 5:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
mup.sys Multiple UNC Provider Driver Microsoft Corporation C:\Windows\System32\Drivers\mup.sys 0xFFFFF88001B20000 0x12000 Image 6.1.7600.16385 13/07/2009 5:48 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
ndis.sys NDIS 6.20 driver Microsoft Corporation C:\Windows\system32\drivers\ndis.sys 0xFFFFF880016E8000 0xF2000 Image 6.1.7601.17939 22/08/2012 10:12 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
ndistapi.sys NDIS 3.0 connection wrapper driver Microsoft Corporation C:\Windows\system32\DRIVERS\ndistapi.sys 0xFFFFF880033F1000 0xC000 Image 6.1.7600.16385 13/07/2009 4:10 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
ndisuio.sys NDIS User mode I/O driver Microsoft Corporation C:\Windows\system32\DRIVERS\ndisuio.sys 0xFFFFF880034C7000 0x13000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft Corporation C:\Windows\system32\DRIVERS\ndiswan.sys 0xFFFFF88002E00000 0x2F000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
NDProxy.SYS NDIS Proxy Microsoft Corporation C:\Windows\System32\Drivers\NDProxy.SYS 0xFFFFF880035A9000 0x15000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
netbios.sys NetBIOS interface driver Microsoft Corporation C:\Windows\system32\DRIVERS\netbios.sys 0xFFFFF88001BEF000 0xF000 Image 6.1.7600.16385 13/07/2009 4:09 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
netbt.sys MBT Transport driver Microsoft Corporation C:\Windows\System32\DRIVERS\netbt.sys 0xFFFFF8800168A000 0x45000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
NETIO.SYS Network I/O Subsystem Microsoft Corporation C:\Windows\system32\drivers\NETIO.SYS 0xFFFFF88001600000 0x60000 Image 6.1.7601.17939 22/08/2012 10:12 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
Netwsw00.sys Intel® Wireless WiFi Link Driver Intel Corporation C:\Windows\system32\DRIVERS\Netwsw00.sys 0xFFFFF88003866000 0xB44000 Image 15.1.0.18 20/02/2012 12:36 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
Npfs.SYS NPFS Driver Microsoft Corporation C:\Windows\System32\Drivers\Npfs.SYS 0xFFFFF88002D9C000 0x11000 Image 6.1.7600.16385 13/07/2009 3:19 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
nsiproxy.sys NSI Proxy Microsoft Corporation C:\Windows\system32\drivers\nsiproxy.sys 0xFFFFF88002EE0000 0xC000 Image 6.1.7600.16385 13/07/2009 3:21 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
Ntfs.sys NT File System Driver Microsoft Corporation C:\Windows\System32\Drivers\Ntfs.sys 0xFFFFF88001239000 0x1A3000 Image 6.1.7601.17945 31/08/2012 10:19 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
ntoskrnl.exe NT Kernel & System Microsoft Corporation C:\Windows\system32\ntoskrnl.exe 0xFFFFF8000204F000 0x5E8000 Image 6.1.7601.17944 30/08/2012 10:03 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
Null.SYS NULL Driver Microsoft Corporation C:\Windows\System32\Drivers\Null.SYS 0xFFFFF88002D35000 0x9000 Image 6.1.7600.16385 13/07/2009 3:19 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
nwifi.sys NativeWiFi Miniport Driver Microsoft Corporation C:\Windows\system32\DRIVERS\nwifi.sys 0xFFFFF88003474000 0x53000 Image 6.1.7600.16385 13/07/2009 4:07 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
pacer.sys QoS Packet Scheduler Microsoft Corporation C:\Windows\system32\DRIVERS\pacer.sys 0xFFFFF88001BC9000 0x26000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
partmgr.sys Partition Management Driver Microsoft Corporation C:\Windows\System32\drivers\partmgr.sys 0xFFFFF88000DC5000 0x15000 Image 6.1.7601.17796 16/03/2012 11:58 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation C:\Windows\system32\drivers\pci.sys 0xFFFFF88000D7C000 0x33000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
pcw.sys Performance Counters for Windows Driver Microsoft Corporation C:\Windows\System32\drivers\pcw.sys 0xFFFFF88001521000 0x11000 Image 6.1.7600.16385 13/07/2009 5:45 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
PSHED.dll Platform Specific Hardware Error Driver Microsoft Corporation C:\Windows\system32\PSHED.dll 0xFFFFF88000D0A000 0x14000 Image 6.1.7600.16385 13/07/2009 5:45 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rasl2tp.sys RAS L2TP mini-port/call-manager driver Microsoft Corporation C:\Windows\system32\DRIVERS\rasl2tp.sys 0xFFFFF88002FD7000 0x24000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
raspppoe.sys RAS PPPoE mini-port/call-manager driver Microsoft Corporation C:\Windows\system32\DRIVERS\raspppoe.sys 0xFFFFF88002E2F000 0x1B000 Image 6.1.7600.16385 13/07/2009 4:10 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
raspptp.sys Peer-to-Peer Tunneling Protocol Microsoft Corporation C:\Windows\system32\DRIVERS\raspptp.sys 0xFFFFF88002E4A000 0x21000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rassstp.sys RAS SSTP Miniport Call Manager Microsoft Corporation C:\Windows\system32\DRIVERS\rassstp.sys 0xFFFFF88002E6B000 0x1A000 Image 6.1.7600.16385 13/07/2009 4:10 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation C:\Windows\system32\DRIVERS\rdbss.sys 0xFFFFF88002E8F000 0x51000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rdpbus.sys Microsoft RDP Bus Device driver Microsoft Corporation C:\Windows\system32\DRIVERS\rdpbus.sys 0xFFFFF88001800000 0xB000 Image 6.1.7600.16385 13/07/2009 4:17 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rdpencdd.sys RDP Encoder Miniport Microsoft Corporation C:\Windows\system32\drivers\rdpencdd.sys 0xFFFFF88002D88000 0x9000 Image 6.1.7600.16385 13/07/2009 4:16 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
rdyboost.sys ReadyBoost Driver Microsoft Corporation C:\Windows\System32\drivers\rdyboost.sys 0xFFFFF88001AE6000 0x3A000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation C:\Windows\system32\DRIVERS\swenum.sys 0xFFFFF880043F6000 0x2000 Image 6.1.7600.16385 13/07/2009 5:45 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
SynTP.sys Synaptics Touchpad Driver Synaptics Incorporated C:\Windows\system32\DRIVERS\SynTP.sys 0xFFFFF88003200000 0x6E000 Image 16.0.2.0 01/03/2012 5:39 PM 0 K 0 K (Verified) Microsoft Windows Hardware Compatibility Publisher 64-bit
tcpip.sys TCP/IP Driver Microsoft Corporation C:\Windows\System32\drivers\tcpip.sys 0xFFFFF88001837000 0x201000 Image 6.1.7601.17964 03/10/2012 9:56 AM 0 K 0 K (Verified) Microsoft Windows 64-bit
TDI.SYS TDI Wrapper Microsoft Corporation C:\Windows\system32\DRIVERS\TDI.SYS 0xFFFFF88002DCF000 0xD000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
tdx.sys TDI Translation Driver Microsoft Corporation C:\Windows\system32\DRIVERS\tdx.sys 0xFFFFF88002DAD000 0x22000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
termdd.sys Remote Desktop Server Driver Microsoft Corporation C:\Windows\system32\DRIVERS\termdd.sys 0xFFFFF8800180B000 0x14000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
TSDDD.dll Framebuffer Display Driver Microsoft Corporation C:\Windows\System32\TSDDD.dll 0xFFFFF960006A0000 0xA000 Image 6.1.7600.16385 13/07/2009 4:16 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
tunnel.sys Microsoft Tunnel Interface Driver Microsoft Corporation C:\Windows\system32\DRIVERS\tunnel.sys 0xFFFFF88002F8D000 0x26000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
umbus.sys User-Mode Bus Enumerator Microsoft Corporation C:\Windows\system32\DRIVERS\umbus.sys 0xFFFFF8800181F000 0x12000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
usbccgp.sys USB Common Class Generic Parent Driver Microsoft Corporation C:\Windows\system32\DRIVERS\usbccgp.sys 0xFFFFF8800340C000 0x1D000 Image 6.1.7601.17586 24/03/2011 7:29 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
USBD.SYS Universal Serial Bus Driver Microsoft Corporation C:\Windows\system32\DRIVERS\USBD.SYS 0xFFFFF88003375000 0x2000 Image 6.1.7601.17586 24/03/2011 7:28 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation C:\Windows\system32\drivers\usbehci.sys 0xFFFFF8800338A000 0x11000 Image 6.1.7601.17586 24/03/2011 7:29 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
usbhub.sys Default Hub Driver for USB Microsoft Corporation C:\Windows\system32\DRIVERS\usbhub.sys 0xFFFFF8800354F000 0x5A000 Image 6.1.7601.17586 24/03/2011 7:29 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation C:\Windows\system32\drivers\USBPORT.SYS 0xFFFFF8800339B000 0x56000 Image 6.1.7601.17586 24/03/2011 7:29 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
vdrvroot.sys Virtual Drive Root Enumerator Microsoft Corporation C:\Windows\system32\drivers\vdrvroot.sys 0xFFFFF88000DAF000 0xD000 Image 6.1.7600.16385 13/07/2009 5:45 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
vga.sys VGA/Super VGA Video Driver Microsoft Corporation C:\Windows\System32\drivers\vga.sys 0xFFFFF88002D45000 0xE000 Image 6.1.7600.16385 13/07/2009 3:38 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
VIDEOPRT.SYS Video Port Driver Microsoft Corporation C:\Windows\System32\drivers\VIDEOPRT.SYS 0xFFFFF88002D53000 0x25000 Image 6.1.7600.16385 13/07/2009 3:38 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
vmstorfl.sys Virtual Storage Filter Driver Microsoft Corporation C:\Windows\system32\drivers\vmstorfl.sys 0xFFFFF88001A82000 0x10000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
volmgr.sys Volume Manager Driver Microsoft Corporation C:\Windows\system32\drivers\volmgr.sys 0xFFFFF88000C00000 0x15000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
volmgrx.sys Volume Manager Extension Driver Microsoft Corporation C:\Windows\System32\drivers\volmgrx.sys 0xFFFFF88000C15000 0x5C000 Image 6.1.7601.17514 20/11/2010 7:24 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
volsnap.sys Volume Shadow Copy Driver Microsoft Corporation C:\Windows\system32\drivers\volsnap.sys 0xFFFFF88001A92000 0x4C000 Image 6.1.7601.17514 20/11/2010 7:23 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
vwifibus.sys Virtual WiFi Bus Driver Microsoft Corporation C:\Windows\system32\DRIVERS\vwifibus.sys 0xFFFFF880043E0000 0xD000 Image 6.1.7600.16385 13/07/2009 4:07 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
vwififlt.sys Virtual WiFi Filter Driver Microsoft Corporation C:\Windows\system32\DRIVERS\vwififlt.sys 0xFFFFF88002DE5000 0x16000 Image 6.1.7600.16385 13/07/2009 4:07 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
watchdog.sys Watchdog Driver Microsoft Corporation C:\Windows\System32\drivers\watchdog.sys 0xFFFFF88002D78000 0x10000 Image 6.1.7600.16385 13/07/2009 3:37 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
Wdf01000.sys Kernel Mode Driver Framework Runtime Microsoft Corporation C:\Windows\system32\drivers\Wdf01000.sys 0xFFFFF88000E00000 0xC2000 Image 1.11.9200.16384 25/07/2012 8:55 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
WDFLDR.SYS Kernel Mode Driver Framework Loader Microsoft Corporation C:\Windows\system32\drivers\WDFLDR.SYS 0xFFFFF88000EC2000 0x10000 Image 1.11.9200.16384 25/07/2012 8:55 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
wfplwf.sys WFP NDIS 6.20 Lightweight Filter Driver Microsoft Corporation C:\Windows\system32\DRIVERS\wfplwf.sys 0xFFFFF88002DDC000 0x9000 Image 6.1.7600.16385 13/07/2009 4:09 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
win32k.sys Multi-User Win32 Driver Microsoft Corporation C:\Windows\System32\win32k.sys 0xFFFFF96000000000 0x316000 Image 6.1.7601.18010 22/11/2012 7:26 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
wmiacpi.sys Windows Management Interface for ACPI Microsoft Corporation C:\Windows\system32\DRIVERS\wmiacpi.sys 0xFFFFF880043ED000 0x9000 Image 6.1.7600.16385 13/07/2009 3:31 PM 0 K 0 K (Verified) Microsoft Windows 64-bit
WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation C:\Windows\system32\drivers\WMILIB.SYS 0xFFFFF88000ED2000 0x9000 Image 6.1.7600.16385 13/07/2009 5:45 PM 0 K 0 K (Verified) Microsoft Windows 64-bit




#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:26 AM

Posted 30 January 2013 - 07:20 PM

Hello and welcome to BleepingComputer! :welcome:

My name is Thisisu and I will be helping you with your malware related computer problems.

I do have some basic rules while we are working together so please read and follow them:


  • Be specific!
    • If you come across a problem while performing any of the steps listed here, do not simply state "It did not work." Tell me the exact error you encountered if one was given to you. For example, this is a much better response: "When I ran the ____ tool, an error box appeared on my screen and said 'Illegal operation attempted on a registry key that has been marked for deletion.'. There is only an 'OK' button in the box."
  • Do not run any scans/fixes on your own!
    • If at any time you feel that you can handle the rest of your computer problems on your own without my help, just let me know! I will not be offended as there are others that need help with their computers. However, do not perform scans and/or fixes that I have not asked you to do on your own and then expect me to continue helping you because I will not!
  • I will close the topic if I have not heard a response from you within 72 hours.
    • If you are going to be away, just let me know and I will leave the topic open until you can return.

Let's begin:

Posted Image Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

__

Posted Image Please download and run TDSSKiller
  • Click the Change parameters link/button.
  • In the new window, add a checkmark into "Detect TDLFS file system" and then press OK.
  • Now press the "Start scan" button.
  • In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the "Continue" button.
  • After the scan / cure is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please post the contents of this file to your next message.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.

    drives
    netsvcs
    /md5start
    consrv.dll
    /md5stop
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt

Edited by thisisu, 30 January 2013 - 07:24 PM.


#8 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 January 2013 - 09:13 AM

Hi - I will be away from the machines in question for a period of approximately 5-6 business days while i finish the deployment of a small business server for an out of town client. As you mentioned Please do leave this topic open in the interim until such time that we can get to the bottom of this anamoly which appears as far as I can tell thus far, and in my communication with other similarly infected advanced IT Techs, to a hardware GPU based Hypervisor of some sort. Relying on CoreBoot and SeaBios and a variant of TDL-4. (on other desktop machines that had cross-contaminated with the one in question that I am most concerned about all were found to have some TDL-4 variant. Where succesfull cleaning w/ TDSSKiller and other utilities inevitably seemed to result in the malware reappearing in short order. From what I can further tell. The malware lives primarily in GPU Video Rom, in active physical memory, and with some kind of seeds (for persistent reinfection) in all PCI ROM, and Non Volatile writable memory, Writable peripheral firmware. etc.
This infection appaers to qualify to a Tee, as a Zero-Day Advanced Persistent Threat. And sounds most like the articles I have read about the Rakshasha proof of concept, with hints of behaviours of Mebromi (recycle.bin corruption prompting for emptying to get the files out of managed Disk Space and primed for the MBR / or a hardware flash at next post. Also worthwhile to note that machines with boot volumes using both MBR and GPT appaer to have succumbed to it. Swapping out hard drives for new ones with a fresh retail installation DVD has resulted in malware persistance. Even Linux based live CD's have been shortly rooted. but lets not get ahead of ourselves. I'm happy to start w/ zero assumptions taking it step by step. Until we can at least arrive at some coherent diagnosis - rather than this paranoid tail-chasing spectre hunting that I've been doing since roughly September (to date 5 laptops and 4 desktops that sit in my office have succumbed to some variant of this.)
I believe the variability of the symtoms are attributabile to different packages being remotely deployed from the Command & Control server that its linking up to using IPv6 and iSCSI service. Also interesting is that it's getting group policy updates (even when i install Home Premium)

Anyway.. please keep this open for approximately 1 week while I get back to those systems and I will certainly post the above logs!

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:26 AM

Posted 31 January 2013 - 05:33 PM

Noted. Thanks for the heads up.

#10 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:14 PM

OK. So, of note : The Alienware M18xR2 Laptoip that I was working with which had promptly contracted the infection within a week of my getting it in December (either via my network, or possibly if some of the DVD/USB media I (linux live discs etc.) that I ran on it was burnt or made a time when the rootkit was already active on the Desktop that made the media... That Laptop has been RMA'd for exactly the same the machine from Dell.
Within less than 4 hours of unboxing the new one. It began to show signs of the same symtoms. The first token of which is a blinknig cursor on a black screen at boot. I'm seen this before in conventional rootkits shortly after BIOS and BIOS splash screen, but right before the Windows Loading screen. However in my case, I see the cursor for a split second BEFORE I see the BIOS Splash Screen. then again after the BIOS splash and before the Windows Load Screen. The other weird behavior that I wstarted to see in the other machines right when things first start going pear shaped. Is an Error that says "The Recyclie Bin is Corrupt. Do you want to empty it? This symptom was described verbaitm in the walkthruough of Mebromi's symptoms that usually imminently processed the dropper working its was to the lower levels on your system w/ every halt and reboot thereafter towards flashing BIOS. In this case I'm not sure if it was able to do some just yet. I do have a desktop which I'm pretty sure did flash BIOS if we have anyt luck w/ this laptop i'd love to take a crack at that muchh more badly infected machine.

I also hear this weird audio Stutter like a frame-buffer oir something on the Windows Startup Chime when I get landed on to the Windows Logon (select your user) screen. This is on a fresh brand new system i7 system w/ 6GB of memory, The other symptom I get is that on some reboots the system time gets reset to 01/01/2011 .. So my SSL certs come up as invalid. When i correct the time They appear valid but if I enforce checking with the CRL for Cert Revocation status Some of them then come up invalid. A reboot or two later... they all appear fine.
- Also worth noting. It took me about 10-15 different attempts to gets TDSSKiller to run. Sometimes instead of coming up as a Published and Signed by Kapsersky it would come up as unknown. other times the SHA-1/MD5 would be way off. If it was all correct -I could get an error about not being able to access the resource or something vaguely like that. Safe Mode w/ networking = the same, but eventually i got it to run in safemode, rebooted in normal mopde and ran it agian. The same thing happened when i tried to run PCI scope on a hunch to see if I did in fact have BIOS / Bootsector data in my GPU ROM ,, then it eventually added a PCi32.dll to the top-level / process tree troot of its own in process explorer. unable to verify. no other column data. and some sketchy strings that i reconciled from those on the other machines.

Anyway. when I finally ran TDSSKiller i, i ran it both exactly as instructed, and when it came up blank to my surprise (Since my Windows Experience Index Score in System Properties is 1.0 on a new Alieware (a symptom i understand is associated w/ TDL-4 Aulerion() so I ran it again telling it to add loaded modules and ran it on reboot. Still nothing.
After thast MBAM found several things. Earlier on I also had noticed that the McAffee Internet Security that it came out of box with was randomly adding FireWall alow Rules. referncing like ~100+ different Mcaffee related EXE's which sounded like buzz words put together.exe So I replaced it w/ AVG Free and Windows FireWall with all rules set to deny except basic IPv4,traffic outbound traffic, and HTTPS that semeed to work better.

anyway... here are your log files: What's next boss?

#11 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:15 PM

TDSSKILLER Log - 1st pass. In SafeMode / with everything except Loaded Modules Selected:
15:02:10.0662 1356 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:02:10.0849 1356 ============================================================
15:02:10.0849 1356 Current date / time: 2013/02/06 15:02:10.0849
15:02:10.0849 1356 SystemInfo:
15:02:10.0849 1356
15:02:10.0849 1356 OS Version: 6.1.7601 ServicePack: 1.0
15:02:10.0849 1356 Product type: Workstation
15:02:10.0849 1356 ComputerName: BISHOP-PC
15:02:10.0849 1356 UserName: Administrator
15:02:10.0849 1356 Windows directory: C:\Windows
15:02:10.0849 1356 System windows directory: C:\Windows
15:02:10.0849 1356 Running under WOW64
15:02:10.0849 1356 Processor architecture: Intel x64
15:02:10.0849 1356 Number of processors: 8
15:02:10.0849 1356 Page size: 0x1000
15:02:10.0849 1356 Boot type: Safe boot
15:02:10.0849 1356 ============================================================
15:02:12.0877 1356 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:12.0892 1356 Drive \Device\Harddisk1\DR1 - Size: 0x75C200000 (29.44 Gb), SectorSize: 0x200, Cylinders: 0xF03, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:02:12.0892 1356 Drive \Device\Harddisk2\DR2 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:02:12.0892 1356 ============================================================
15:02:12.0892 1356 \Device\Harddisk0\DR0:
15:02:12.0892 1356 MBR partitions:
15:02:12.0892 1356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B3C000
15:02:12.0892 1356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B50000, BlocksNum 0x559F5800
15:02:12.0892 1356 \Device\Harddisk1\DR1:
15:02:12.0892 1356 MBR partitions:
15:02:12.0892 1356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x7FF54B
15:02:12.0892 1356 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xB, StartLBA 0x7FF58A, BlocksNum 0x1400000
15:02:12.0892 1356 \Device\Harddisk2\DR2:
15:02:12.0892 1356 MBR partitions:
15:02:12.0892 1356 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1D11000
15:02:12.0892 1356 ============================================================
15:02:12.0924 1356 C: <-> \Device\Harddisk0\DR0\Partition2
15:02:12.0924 1356 ============================================================
15:02:12.0924 1356 Initialize success
15:02:12.0924 1356 ============================================================
15:05:21.0575 0372 ============================================================
15:05:21.0575 0372 Scan started
15:05:21.0575 0372 Mode: Manual; SigCheck; TDLFS;
15:05:21.0575 0372 ============================================================
15:05:22.0870 0372 ================ Scan system memory ========================
15:05:22.0870 0372 System memory - ok
15:05:22.0870 0372 ================ Scan services =============================
15:05:22.0979 0372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:05:23.0213 0372 1394ohci - ok
15:05:23.0244 0372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:05:23.0244 0372 ACPI - ok
15:05:23.0275 0372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:05:23.0291 0372 AcpiPmi - ok
15:05:23.0353 0372 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:05:23.0369 0372 AdobeFlashPlayerUpdateSvc - ok
15:05:23.0384 0372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:05:23.0416 0372 adp94xx - ok
15:05:23.0416 0372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:05:23.0431 0372 adpahci - ok
15:05:23.0431 0372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:05:23.0447 0372 adpu320 - ok
15:05:23.0462 0372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:05:23.0509 0372 AeLookupSvc - ok
15:05:23.0525 0372 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
15:05:23.0572 0372 AFD - ok
15:05:23.0587 0372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:05:23.0603 0372 agp440 - ok
15:05:23.0618 0372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:05:23.0618 0372 ALG - ok
15:05:23.0634 0372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:05:23.0650 0372 aliide - ok
15:05:23.0650 0372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:05:23.0650 0372 amdide - ok
15:05:23.0665 0372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:05:23.0696 0372 AmdK8 - ok
15:05:23.0696 0372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:05:23.0712 0372 AmdPPM - ok
15:05:23.0712 0372 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:05:23.0728 0372 amdsata - ok
15:05:23.0728 0372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:05:23.0728 0372 amdsbs - ok
15:05:23.0743 0372 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:05:23.0743 0372 amdxata - ok
15:05:23.0759 0372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:05:23.0790 0372 AppID - ok
15:05:23.0821 0372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:05:23.0852 0372 AppIDSvc - ok
15:05:23.0868 0372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:05:23.0899 0372 Appinfo - ok
15:05:23.0962 0372 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:05:23.0977 0372 AppMgmt - ok
15:05:24.0008 0372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:05:24.0008 0372 arc - ok
15:05:24.0008 0372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:05:24.0024 0372 arcsas - ok
15:05:24.0040 0372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:05:24.0071 0372 AsyncMac - ok
15:05:24.0086 0372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:05:24.0086 0372 atapi - ok
15:05:24.0133 0372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:05:24.0180 0372 AudioEndpointBuilder - ok
15:05:24.0180 0372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:05:24.0211 0372 AudioSrv - ok
15:05:24.0414 0372 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:05:24.0554 0372 AVGIDSAgent - ok
15:05:24.0570 0372 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:05:24.0679 0372 AVGIDSDriver - ok
15:05:24.0679 0372 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:05:24.0695 0372 AVGIDSHA - ok
15:05:24.0710 0372 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:05:24.0710 0372 Avgldx64 - ok
15:05:24.0726 0372 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
15:05:24.0726 0372 Avgloga - ok
15:05:24.0742 0372 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:05:24.0742 0372 Avgmfx64 - ok
15:05:24.0757 0372 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:05:24.0757 0372 Avgrkx64 - ok
15:05:24.0773 0372 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:05:24.0773 0372 Avgtdia - ok
15:05:24.0788 0372 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:05:24.0788 0372 avgwd - ok
15:05:24.0835 0372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:05:24.0866 0372 AxInstSV - ok
15:05:24.0898 0372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:05:24.0913 0372 b06bdrv - ok
15:05:24.0944 0372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:05:24.0960 0372 b57nd60a - ok
15:05:24.0991 0372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:05:25.0007 0372 BDESVC - ok
15:05:25.0022 0372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:05:25.0054 0372 Beep - ok
15:05:25.0100 0372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:05:25.0147 0372 BFE - ok
15:05:25.0178 0372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:05:25.0225 0372 BITS - ok
15:05:25.0241 0372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:05:25.0241 0372 blbdrive - ok
15:05:25.0272 0372 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:05:25.0303 0372 bowser - ok
15:05:25.0319 0372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:05:25.0334 0372 BrFiltLo - ok
15:05:25.0334 0372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:05:25.0334 0372 BrFiltUp - ok
15:05:25.0350 0372 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
15:05:25.0381 0372 Browser - ok
15:05:25.0397 0372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:05:25.0412 0372 Brserid - ok
15:05:25.0412 0372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:05:25.0428 0372 BrSerWdm - ok
15:05:25.0428 0372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:05:25.0444 0372 BrUsbMdm - ok
15:05:25.0444 0372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:05:25.0459 0372 BrUsbSer - ok
15:05:25.0490 0372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:05:25.0490 0372 BTHMODEM - ok
15:05:25.0522 0372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:05:25.0553 0372 bthserv - ok
15:05:25.0584 0372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:05:25.0600 0372 cdfs - ok
15:05:25.0615 0372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:05:25.0631 0372 cdrom - ok
15:05:25.0646 0372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:05:25.0693 0372 CertPropSvc - ok
15:05:25.0724 0372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:05:25.0724 0372 circlass - ok
15:05:25.0740 0372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:05:25.0756 0372 CLFS - ok
15:05:25.0802 0372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:25.0818 0372 clr_optimization_v2.0.50727_32 - ok
15:05:25.0834 0372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:05:25.0849 0372 clr_optimization_v2.0.50727_64 - ok
15:05:25.0849 0372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:05:25.0880 0372 CmBatt - ok
15:05:25.0880 0372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:05:25.0880 0372 cmdide - ok
15:05:25.0896 0372 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
15:05:25.0927 0372 CNG - ok
15:05:25.0943 0372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:05:25.0943 0372 Compbatt - ok
15:05:25.0958 0372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:05:25.0974 0372 CompositeBus - ok
15:05:25.0990 0372 COMSysApp - ok
15:05:26.0005 0372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:05:26.0005 0372 crcdisk - ok
15:05:26.0036 0372 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:05:26.0068 0372 CryptSvc - ok
15:05:26.0099 0372 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:05:26.0130 0372 CSC - ok
15:05:26.0146 0372 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:05:26.0161 0372 CscService - ok
15:05:26.0192 0372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:05:26.0224 0372 DcomLaunch - ok
15:05:26.0255 0372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:05:26.0302 0372 defragsvc - ok
15:05:26.0317 0372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:05:26.0348 0372 DfsC - ok
15:05:26.0380 0372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:05:26.0411 0372 Dhcp - ok
15:05:26.0426 0372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:05:26.0458 0372 discache - ok
15:05:26.0473 0372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:05:26.0473 0372 Disk - ok
15:05:26.0504 0372 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:05:26.0504 0372 dmvsc - ok
15:05:26.0520 0372 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:05:26.0567 0372 Dnscache - ok
15:05:26.0582 0372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:05:26.0629 0372 dot3svc - ok
15:05:26.0645 0372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:05:26.0676 0372 DPS - ok
15:05:26.0707 0372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:05:26.0723 0372 drmkaud - ok
15:05:26.0754 0372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:05:26.0770 0372 DXGKrnl - ok
15:05:26.0785 0372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:05:26.0832 0372 EapHost - ok
15:05:26.0879 0372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:05:26.0957 0372 ebdrv - ok
15:05:26.0972 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:05:26.0988 0372 EFS - ok
15:05:27.0019 0372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:05:27.0050 0372 ehRecvr - ok
15:05:27.0066 0372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:05:27.0066 0372 ehSched - ok
15:05:27.0097 0372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:05:27.0113 0372 elxstor - ok
15:05:27.0128 0372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:05:27.0144 0372 ErrDev - ok
15:05:27.0175 0372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:05:27.0222 0372 EventSystem - ok
15:05:27.0238 0372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:05:27.0253 0372 exfat - ok
15:05:27.0269 0372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:05:27.0284 0372 fastfat - ok
15:05:27.0316 0372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:05:27.0347 0372 Fax - ok
15:05:27.0362 0372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:05:27.0378 0372 fdc - ok
15:05:27.0394 0372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:05:27.0425 0372 fdPHost - ok
15:05:27.0440 0372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:05:27.0456 0372 FDResPub - ok
15:05:27.0472 0372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:05:27.0487 0372 FileInfo - ok
15:05:27.0487 0372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:05:27.0518 0372 Filetrace - ok
15:05:27.0518 0372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:05:27.0534 0372 flpydisk - ok
15:05:27.0550 0372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:05:27.0565 0372 FltMgr - ok
15:05:27.0581 0372 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
15:05:27.0628 0372 FontCache - ok
15:05:27.0659 0372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:05:27.0659 0372 FontCache3.0.0.0 - ok
15:05:27.0674 0372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:05:27.0690 0372 FsDepends - ok
15:05:27.0690 0372 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:05:27.0690 0372 Fs_Rec - ok
15:05:27.0706 0372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:05:27.0721 0372 fvevol - ok
15:05:27.0737 0372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:05:27.0737 0372 gagp30kx - ok
15:05:27.0752 0372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:05:27.0799 0372 gpsvc - ok
15:05:27.0846 0372 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:05:27.0846 0372 gupdate - ok
15:05:27.0846 0372 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:05:27.0862 0372 gupdatem - ok
15:05:27.0877 0372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:05:27.0893 0372 gusvc - ok
15:05:27.0893 0372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:05:27.0908 0372 hcw85cir - ok
15:05:27.0940 0372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:05:27.0955 0372 HdAudAddService - ok
15:05:27.0986 0372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:05:28.0002 0372 HDAudBus - ok
15:05:28.0002 0372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:05:28.0018 0372 HidBatt - ok
15:05:28.0033 0372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:05:28.0049 0372 HidBth - ok
15:05:28.0049 0372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:05:28.0064 0372 HidIr - ok
15:05:28.0080 0372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:05:28.0111 0372 hidserv - ok
15:05:28.0142 0372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:05:28.0142 0372 HidUsb - ok
15:05:28.0158 0372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:05:28.0205 0372 hkmsvc - ok
15:05:28.0220 0372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:05:28.0236 0372 HomeGroupListener - ok
15:05:28.0252 0372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:05:28.0267 0372 HomeGroupProvider - ok
15:05:28.0283 0372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:05:28.0283 0372 HpSAMD - ok
15:05:28.0330 0372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:05:28.0361 0372 HTTP - ok
15:05:28.0361 0372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:05:28.0376 0372 hwpolicy - ok
15:05:28.0392 0372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:05:28.0408 0372 i8042prt - ok
15:05:28.0408 0372 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:05:28.0423 0372 iaStorV - ok
15:05:28.0454 0372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:05:28.0470 0372 idsvc - ok
15:05:28.0470 0372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:05:28.0486 0372 iirsp - ok
15:05:28.0501 0372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:05:28.0548 0372 IKEEXT - ok
15:05:28.0564 0372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:05:28.0564 0372 intelide - ok
15:05:28.0579 0372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:05:28.0595 0372 intelppm - ok
15:05:28.0610 0372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:05:28.0642 0372 IPBusEnum - ok
15:05:28.0642 0372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:05:28.0673 0372 IpFilterDriver - ok
15:05:28.0688 0372 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:05:28.0751 0372 iphlpsvc - ok
15:05:28.0766 0372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:05:28.0766 0372 IPMIDRV - ok
15:05:28.0782 0372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:05:28.0813 0372 IPNAT - ok
15:05:28.0829 0372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:05:28.0844 0372 IRENUM - ok
15:05:28.0844 0372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:05:28.0860 0372 isapnp - ok
15:05:28.0876 0372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:05:28.0876 0372 iScsiPrt - ok
15:05:28.0891 0372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:05:28.0891 0372 kbdclass - ok
15:05:28.0907 0372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:05:28.0922 0372 kbdhid - ok
15:05:28.0938 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:05:28.0954 0372 KeyIso - ok
15:05:28.0954 0372 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:05:28.0969 0372 KSecDD - ok
15:05:28.0985 0372 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:05:28.0985 0372 KSecPkg - ok
15:05:29.0000 0372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:05:29.0016 0372 ksthunk - ok
15:05:29.0047 0372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:05:29.0094 0372 KtmRm - ok
15:05:29.0125 0372 [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:05:29.0125 0372 L1C - ok
15:05:29.0156 0372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:05:29.0188 0372 LanmanServer - ok
15:05:29.0219 0372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:05:29.0250 0372 LanmanWorkstation - ok
15:05:29.0281 0372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:05:29.0312 0372 lltdio - ok
15:05:29.0328 0372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:05:29.0375 0372 lltdsvc - ok
15:05:29.0375 0372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:05:29.0406 0372 lmhosts - ok
15:05:29.0406 0372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:05:29.0422 0372 LSI_FC - ok
15:05:29.0437 0372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:05:29.0453 0372 LSI_SAS - ok
15:05:29.0484 0372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:05:29.0484 0372 LSI_SAS2 - ok
15:05:29.0500 0372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:05:29.0515 0372 LSI_SCSI - ok
15:05:29.0546 0372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:05:29.0609 0372 luafv - ok
15:05:29.0671 0372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:05:29.0718 0372 Mcx2Svc - ok
15:05:29.0780 0372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:05:29.0780 0372 megasas - ok
15:05:29.0796 0372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:05:29.0827 0372 MegaSR - ok
15:05:29.0858 0372 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:05:29.0858 0372 MEIx64 - ok
15:05:29.0905 0372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:05:29.0952 0372 MMCSS - ok
15:05:29.0952 0372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:05:29.0999 0372 Modem - ok
15:05:29.0999 0372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:05:30.0014 0372 monitor - ok
15:05:30.0046 0372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:05:30.0046 0372 mouclass - ok
15:05:30.0046 0372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:05:30.0061 0372 mouhid - ok
15:05:30.0077 0372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:05:30.0092 0372 mountmgr - ok
15:05:30.0124 0372 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:05:30.0139 0372 MozillaMaintenance - ok
15:05:30.0139 0372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:05:30.0155 0372 mpio - ok
15:05:30.0155 0372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:05:30.0170 0372 mpsdrv - ok
15:05:30.0217 0372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:05:30.0248 0372 MpsSvc - ok
15:05:30.0264 0372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:05:30.0295 0372 MRxDAV - ok
15:05:30.0295 0372 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:05:30.0326 0372 mrxsmb - ok
15:05:30.0326 0372 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:05:30.0358 0372 mrxsmb10 - ok
15:05:30.0373 0372 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:05:30.0404 0372 mrxsmb20 - ok
15:05:30.0404 0372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:05:30.0420 0372 msahci - ok
15:05:30.0420 0372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:05:30.0420 0372 msdsm - ok
15:05:30.0451 0372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:05:30.0467 0372 MSDTC - ok
15:05:30.0482 0372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:05:30.0498 0372 Msfs - ok
15:05:30.0514 0372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:05:30.0529 0372 mshidkmdf - ok
15:05:30.0545 0372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:05:30.0545 0372 msisadrv - ok
15:05:30.0576 0372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:05:30.0607 0372 MSiSCSI - ok
15:05:30.0607 0372 msiserver - ok
15:05:30.0638 0372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:05:30.0654 0372 MSKSSRV - ok
15:05:30.0670 0372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:05:30.0701 0372 MSPCLOCK - ok
15:05:30.0701 0372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:05:30.0732 0372 MSPQM - ok
15:05:30.0748 0372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:05:30.0748 0372 MsRPC - ok
15:05:30.0748 0372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:05:30.0763 0372 mssmbios - ok
15:05:30.0794 0372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:05:30.0826 0372 MSTEE - ok
15:05:30.0826 0372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:05:30.0826 0372 MTConfig - ok
15:05:30.0841 0372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:05:30.0841 0372 Mup - ok
15:05:30.0857 0372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:05:30.0904 0372 napagent - ok
15:05:30.0919 0372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:05:30.0935 0372 NativeWifiP - ok
15:05:30.0966 0372 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:05:30.0997 0372 NDIS - ok
15:05:31.0013 0372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:05:31.0028 0372 NdisCap - ok
15:05:31.0044 0372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:05:31.0075 0372 NdisTapi - ok
15:05:31.0091 0372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:05:31.0122 0372 Ndisuio - ok
15:05:31.0138 0372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:05:31.0169 0372 NdisWan - ok
15:05:31.0169 0372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:05:31.0184 0372 NDProxy - ok
15:05:31.0200 0372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:05:31.0231 0372 NetBIOS - ok
15:05:31.0247 0372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:05:31.0278 0372 NetBT - ok
15:05:31.0278 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:05:31.0294 0372 Netlogon - ok
15:05:31.0325 0372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:05:31.0356 0372 Netman - ok
15:05:31.0372 0372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:05:31.0418 0372 netprofm - ok
15:05:31.0418 0372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:31.0434 0372 NetTcpPortSharing - ok
15:05:31.0450 0372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:05:31.0450 0372 nfrd960 - ok
15:05:31.0481 0372 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:05:31.0512 0372 NlaSvc - ok
15:05:31.0512 0372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:05:31.0543 0372 Npfs - ok
15:05:31.0590 0372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:05:31.0621 0372 nsi - ok
15:05:31.0621 0372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:05:31.0652 0372 nsiproxy - ok
15:05:31.0684 0372 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:05:31.0715 0372 Ntfs - ok
15:05:31.0730 0372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:05:31.0762 0372 Null - ok
15:05:31.0793 0372 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
15:05:31.0793 0372 nusb3hub - ok
15:05:31.0808 0372 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
15:05:31.0824 0372 nusb3xhc - ok
15:05:31.0824 0372 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:05:31.0840 0372 nvraid - ok
15:05:31.0840 0372 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:05:31.0855 0372 nvstor - ok
15:05:31.0855 0372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:05:31.0871 0372 nv_agp - ok
15:05:31.0871 0372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:05:31.0886 0372 ohci1394 - ok
15:05:31.0902 0372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:05:31.0918 0372 p2pimsvc - ok
15:05:31.0933 0372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:05:31.0949 0372 p2psvc - ok
15:05:31.0949 0372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:05:31.0964 0372 Parport - ok
15:05:31.0964 0372 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:05:31.0964 0372 partmgr - ok
15:05:31.0980 0372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:05:32.0011 0372 PcaSvc - ok
15:05:32.0027 0372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:05:32.0027 0372 pci - ok
15:05:32.0027 0372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:05:32.0042 0372 pciide - ok
15:05:32.0042 0372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:05:32.0058 0372 pcmcia - ok
15:05:32.0058 0372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:05:32.0058 0372 pcw - ok
15:05:32.0089 0372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:05:32.0120 0372 PEAUTH - ok
15:05:32.0152 0372 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:05:32.0198 0372 PeerDistSvc - ok
15:05:32.0245 0372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:05:32.0292 0372 PerfHost - ok
15:05:32.0323 0372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:05:32.0370 0372 pla - ok
15:05:32.0417 0372 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:05:32.0448 0372 PlugPlay - ok
15:05:32.0464 0372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:05:32.0479 0372 PNRPAutoReg - ok
15:05:32.0495 0372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:05:32.0495 0372 PNRPsvc - ok
15:05:32.0526 0372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:05:32.0573 0372 PolicyAgent - ok
15:05:32.0573 0372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:05:32.0620 0372 Power - ok
15:05:32.0651 0372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:05:32.0682 0372 PptpMiniport - ok
15:05:32.0682 0372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:05:32.0698 0372 Processor - ok
15:05:32.0729 0372 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
15:05:32.0776 0372 ProfSvc - ok
15:05:32.0776 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:05:32.0791 0372 ProtectedStorage - ok
15:05:32.0807 0372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:05:32.0838 0372 Psched - ok
15:05:32.0885 0372 [ 41AD0FCF47275A9BC70FA1B56BFD3E23 ] pwdrvio C:\Windows\system32\pwdrvio.sys
15:05:32.0978 0372 pwdrvio - ok
15:05:33.0025 0372 [ 19CF17076F2524AF6746B528584AA3C9 ] pwdspio C:\Windows\system32\pwdspio.sys
15:05:33.0025 0372 pwdspio - ok
15:05:33.0072 0372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:05:33.0103 0372 ql2300 - ok
15:05:33.0103 0372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:05:33.0119 0372 ql40xx - ok
15:05:33.0134 0372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:05:33.0150 0372 QWAVE - ok
15:05:33.0166 0372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:05:33.0181 0372 QWAVEdrv - ok
15:05:33.0197 0372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:05:33.0228 0372 RasAcd - ok
15:05:33.0259 0372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:05:33.0275 0372 RasAgileVpn - ok
15:05:33.0290 0372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:05:33.0322 0372 RasAuto - ok
15:05:33.0337 0372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:05:33.0353 0372 Rasl2tp - ok
15:05:33.0368 0372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:05:33.0400 0372 RasMan - ok
15:05:33.0400 0372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:05:33.0431 0372 RasPppoe - ok
15:05:33.0446 0372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:05:33.0478 0372 RasSstp - ok
15:05:33.0493 0372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:05:33.0524 0372 rdbss - ok
15:05:33.0524 0372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:05:33.0540 0372 rdpbus - ok
15:05:33.0556 0372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:05:33.0587 0372 RDPCDD - ok
15:05:33.0602 0372 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:05:33.0618 0372 RDPDR - ok
15:05:33.0618 0372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:05:33.0649 0372 RDPENCDD - ok
15:05:33.0665 0372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:05:33.0696 0372 RDPREFMP - ok
15:05:33.0712 0372 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:05:33.0743 0372 RDPWD - ok
15:05:33.0774 0372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:05:33.0774 0372 rdyboost - ok
15:05:33.0805 0372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:05:33.0836 0372 RemoteAccess - ok
15:05:33.0852 0372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:05:33.0899 0372 RemoteRegistry - ok
15:05:33.0899 0372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:05:33.0930 0372 RpcEptMapper - ok
15:05:33.0946 0372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:05:33.0961 0372 RpcLocator - ok
15:05:33.0977 0372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:05:33.0992 0372 RpcSs - ok
15:05:34.0039 0372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:05:34.0055 0372 rspndr - ok
15:05:34.0070 0372 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:05:34.0102 0372 s3cap - ok
15:05:34.0102 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:05:34.0117 0372 SamSs - ok
15:05:34.0117 0372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:05:34.0117 0372 sbp2port - ok
15:05:34.0133 0372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:05:34.0164 0372 SCardSvr - ok
15:05:34.0164 0372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:05:34.0195 0372 scfilter - ok
15:05:34.0226 0372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:05:34.0273 0372 Schedule - ok
15:05:34.0289 0372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:05:34.0336 0372 SCPolicySvc - ok
15:05:34.0382 0372 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:05:34.0398 0372 sdbus - ok
15:05:34.0414 0372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:05:34.0429 0372 SDRSVC - ok
15:05:34.0460 0372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:05:34.0492 0372 secdrv - ok
15:05:34.0507 0372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:05:34.0523 0372 seclogon - ok
15:05:34.0523 0372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:05:34.0570 0372 SENS - ok
15:05:34.0570 0372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:05:34.0585 0372 SensrSvc - ok
15:05:34.0601 0372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:05:34.0616 0372 Serenum - ok
15:05:34.0616 0372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:05:34.0632 0372 Serial - ok
15:05:34.0632 0372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:05:34.0663 0372 sermouse - ok
15:05:34.0679 0372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:05:34.0710 0372 SessionEnv - ok
15:05:34.0710 0372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:05:34.0726 0372 sffdisk - ok
15:05:34.0726 0372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:05:34.0726 0372 sffp_mmc - ok
15:05:34.0726 0372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:05:34.0757 0372 sffp_sd - ok
15:05:34.0772 0372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:05:34.0788 0372 sfloppy - ok
15:05:34.0819 0372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:05:34.0850 0372 SharedAccess - ok
15:05:34.0866 0372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:05:34.0882 0372 ShellHWDetection - ok
15:05:34.0913 0372 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
15:05:34.0913 0372 simptcp - ok
15:05:34.0928 0372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:05:34.0928 0372 SiSRaid2 - ok
15:05:34.0928 0372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:05:34.0944 0372 SiSRaid4 - ok
15:05:34.0960 0372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:05:34.0991 0372 Smb - ok
15:05:35.0006 0372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:05:35.0022 0372 SNMPTRAP - ok
15:05:35.0038 0372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:05:35.0038 0372 spldr - ok
15:05:35.0053 0372 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:05:35.0084 0372 Spooler - ok
15:05:35.0147 0372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:05:35.0240 0372 sppsvc - ok
15:05:35.0256 0372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:05:35.0272 0372 sppuinotify - ok
15:05:35.0287 0372 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:05:35.0318 0372 srv - ok
15:05:35.0334 0372 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:05:35.0365 0372 srv2 - ok
15:05:35.0365 0372 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:05:35.0412 0372 srvnet - ok
15:05:35.0443 0372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:05:35.0474 0372 SSDPSRV - ok
15:05:35.0474 0372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:05:35.0506 0372 SstpSvc - ok
15:05:35.0521 0372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:05:35.0521 0372 stexstor - ok
15:05:35.0552 0372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:05:35.0568 0372 stisvc - ok
15:05:35.0584 0372 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:05:35.0599 0372 storflt - ok
15:05:35.0615 0372 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:05:35.0615 0372 StorSvc - ok
15:05:35.0646 0372 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:05:35.0646 0372 storvsc - ok
15:05:35.0646 0372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:05:35.0646 0372 swenum - ok
15:05:35.0677 0372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:05:35.0708 0372 swprv - ok
15:05:35.0755 0372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:05:35.0802 0372 SysMain - ok
15:05:35.0818 0372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:05:35.0833 0372 TabletInputService - ok
15:05:35.0849 0372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:05:35.0880 0372 TapiSrv - ok
15:05:35.0880 0372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:05:35.0911 0372 TBS - ok
15:05:35.0942 0372 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:05:35.0989 0372 Tcpip - ok
15:05:36.0052 0372 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:05:36.0067 0372 TCPIP6 - ok
15:05:36.0083 0372 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:05:36.0114 0372 tcpipreg - ok
15:05:36.0130 0372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:05:36.0130 0372 TDPIPE - ok
15:05:36.0145 0372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:05:36.0145 0372 TDTCP - ok
15:05:36.0161 0372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:05:36.0192 0372 tdx - ok
15:05:36.0192 0372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:05:36.0192 0372 TermDD - ok
15:05:36.0223 0372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:05:36.0270 0372 TermService - ok
15:05:36.0286 0372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:05:36.0286 0372 Themes - ok
15:05:36.0301 0372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:05:36.0317 0372 THREADORDER - ok
15:05:36.0348 0372 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
15:05:36.0364 0372 TlntSvr - ok
15:05:36.0379 0372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:05:36.0410 0372 TrkWks - ok
15:05:36.0442 0372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:05:36.0473 0372 TrustedInstaller - ok
15:05:36.0488 0372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:05:36.0520 0372 tssecsrv - ok
15:05:36.0520 0372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:05:36.0535 0372 TsUsbFlt - ok
15:05:36.0551 0372 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:05:36.0566 0372 TsUsbGD - ok
15:05:36.0598 0372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:05:36.0629 0372 tunnel - ok
15:05:36.0629 0372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:05:36.0629 0372 uagp35 - ok
15:05:36.0660 0372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:05:36.0691 0372 udfs - ok
15:05:36.0707 0372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:05:36.0722 0372 UI0Detect - ok
15:05:36.0738 0372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:05:36.0738 0372 uliagpkx - ok
15:05:36.0738 0372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:05:36.0754 0372 umbus - ok
15:05:36.0769 0372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:05:36.0785 0372 UmPass - ok
15:05:36.0800 0372 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:05:36.0816 0372 UmRdpService - ok
15:05:36.0832 0372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:05:36.0863 0372 upnphost - ok
15:05:36.0863 0372 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:05:36.0878 0372 usbccgp - ok
15:05:36.0894 0372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:05:36.0894 0372 usbcir - ok
15:05:36.0910 0372 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:05:36.0910 0372 usbehci - ok
15:05:36.0925 0372 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:05:36.0956 0372 usbhub - ok
15:05:36.0956 0372 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:05:36.0972 0372 usbohci - ok
15:05:36.0972 0372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:05:36.0988 0372 usbprint - ok
15:05:36.0988 0372 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:05:37.0003 0372 USBSTOR - ok
15:05:37.0019 0372 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:05:37.0034 0372 usbuhci - ok
15:05:37.0066 0372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:05:37.0066 0372 usbvideo - ok
15:05:37.0081 0372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:05:37.0112 0372 UxSms - ok
15:05:37.0128 0372 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:05:37.0128 0372 VaultSvc - ok
15:05:37.0144 0372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:05:37.0144 0372 vdrvroot - ok
15:05:37.0175 0372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:05:37.0206 0372 vds - ok
15:05:37.0222 0372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:37.0222 0372 vga - ok
15:05:37.0222 0372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:05:37.0268 0372 VgaSave - ok
15:05:37.0268 0372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:05:37.0268 0372 vhdmp - ok
15:05:37.0284 0372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:05:37.0284 0372 viaide - ok
15:05:37.0315 0372 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:05:37.0331 0372 vmbus - ok
15:05:37.0331 0372 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:05:37.0346 0372 VMBusHID - ok
15:05:37.0346 0372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:05:37.0346 0372 volmgr - ok
15:05:37.0362 0372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:05:37.0362 0372 volmgrx - ok
15:05:37.0378 0372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:05:37.0393 0372 volsnap - ok
15:05:37.0393 0372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:05:37.0409 0372 vsmraid - ok
15:05:37.0440 0372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:05:37.0502 0372 VSS - ok
15:05:37.0502 0372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:05:37.0534 0372 vwifibus - ok
15:05:37.0549 0372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:05:37.0580 0372 W32Time - ok
15:05:37.0580 0372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:05:37.0596 0372 WacomPen - ok
15:05:37.0612 0372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:05:37.0643 0372 WANARP - ok
15:05:37.0643 0372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:05:37.0674 0372 Wanarpv6 - ok
15:05:37.0721 0372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:05:37.0768 0372 wbengine - ok
15:05:37.0783 0372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:05:37.0799 0372 WbioSrvc - ok
15:05:37.0799 0372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:05:37.0830 0372 wcncsvc - ok
15:05:37.0846 0372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:05:37.0846 0372 WcsPlugInService - ok
15:05:37.0861 0372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:05:37.0861 0372 Wd - ok
15:05:37.0877 0372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:05:37.0892 0372 Wdf01000 - ok
15:05:37.0908 0372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:05:37.0924 0372 WdiServiceHost - ok
15:05:37.0924 0372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:05:37.0939 0372 WdiSystemHost - ok
15:05:37.0955 0372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:05:37.0970 0372 WebClient - ok
15:05:37.0986 0372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:05:38.0017 0372 Wecsvc - ok
15:05:38.0017 0372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:05:38.0048 0372 wercplsupport - ok
15:05:38.0064 0372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:05:38.0095 0372 WerSvc - ok
15:05:38.0111 0372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:38.0126 0372 WfpLwf - ok
15:05:38.0142 0372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:05:38.0158 0372 WIMMount - ok
15:05:38.0173 0372 WinDefend - ok
15:05:38.0173 0372 WinHttpAutoProxySvc - ok
15:05:38.0220 0372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:05:38.0251 0372 Winmgmt - ok
15:05:38.0298 0372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:05:38.0360 0372 WinRM - ok
15:05:38.0376 0372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:05:38.0407 0372 Wlansvc - ok
15:05:38.0407 0372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:05:38.0423 0372 WmiAcpi - ok
15:05:38.0454 0372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:05:38.0470 0372 wmiApSrv - ok
15:05:38.0485 0372 WMPNetworkSvc - ok
15:05:38.0516 0372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:05:38.0516 0372 WPCSvc - ok
15:05:38.0532 0372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:05:38.0532 0372 WPDBusEnum - ok
15:05:38.0548 0372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:05:38.0579 0372 ws2ifsl - ok
15:05:38.0594 0372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:05:38.0610 0372 wscsvc - ok
15:05:38.0610 0372 WSearch - ok
15:05:38.0657 0372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:05:38.0735 0372 wuauserv - ok
15:05:38.0735 0372 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:05:38.0766 0372 WudfPf - ok
15:05:38.0797 0372 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:38.0844 0372 WUDFRd - ok
15:05:38.0860 0372 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:05:38.0875 0372 wudfsvc - ok
15:05:38.0891 0372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:05:38.0922 0372 WwanSvc - ok
15:05:38.0922 0372 ================ Scan global ===============================
15:05:38.0938 0372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:05:38.0953 0372 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
15:05:38.0969 0372 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
15:05:38.0984 0372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:05:39.0000 0372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:05:39.0000 0372 [Global] - ok
15:05:39.0000 0372 ================ Scan MBR ==================================
15:05:39.0016 0372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:05:39.0359 0372 \Device\Harddisk0\DR0 - ok
15:05:39.0359 0372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:05:43.0633 0372 \Device\Harddisk1\DR1 - ok
15:05:43.0633 0372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:05:48.0235 0372 \Device\Harddisk2\DR2 - ok
15:05:48.0235 0372 ================ Scan VBR ==================================
15:05:48.0235 0372 [ C3A9460CE3A7B94F22DE5E3ECD7AF670 ] \Device\Harddisk0\DR0\Partition1
15:05:48.0251 0372 \Device\Harddisk0\DR0\Partition1 - ok
15:05:48.0251 0372 [ 6E024535926F90772C61DC303B934300 ] \Device\Harddisk0\DR0\Partition2
15:05:48.0251 0372 \Device\Harddisk0\DR0\Partition2 - ok
15:05:48.0266 0372 [ 086EF7D3353EE016F925F7DF3E47D9C4 ] \Device\Harddisk1\DR1\Partition1
15:05:48.0266 0372 \Device\Harddisk1\DR1\Partition1 - ok
15:05:48.0266 0372 [ 8335C1ACA779609B372946CB77655B3D ] \Device\Harddisk1\DR1\Partition2
15:05:48.0266 0372 \Device\Harddisk1\DR1\Partition2 - ok
15:05:48.0266 0372 [ BCAF28BDC155F529B58EE29DEE422874 ] \Device\Harddisk2\DR2\Partition1
15:05:48.0266 0372 \Device\Harddisk2\DR2\Partition1 - ok
15:05:48.0266 0372 ============================================================
15:05:48.0266 0372 Scan finished
15:05:48.0266 0372 ============================================================
15:05:48.0266 0408 Detected object count: 0
15:05:48.0266 0408 Actual detected object count: 0
15:07:06.0438 1352 Deinitialize success

#12 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:19 PM

MBAM - first run:
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.06.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
bishop :: BISHOP-PC [administrator]

06/02/2013 4:57:48 PM
mbar-log-2013-02-06 (16-57-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25843
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 2
c:\Users\bishop\AppData\Local\Temp\HBCD\PCWizard\pcwizard.dll (Trojan.Downloader.IM) -> 1540 -> Delete on reboot.
c:\T.exe (Trojan.Agent) -> 3816 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\bishop\AppData\Local\Temp\HBCD\PCWizard\pcwizard.dll (Trojan.Downloader.IM) -> Delete on reboot.
c:\T.exe (Trojan.Agent) -> Delete on reboot.

(end)

#13 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:20 PM

RAN MBAM again after reboot. it came up clean.
Then JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Professional x64
Ran by bishop on 06/02/2013 at 18:36:52.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-224496855-1219991750-4164038688-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\bishop\AppData\Roaming\mozilla\firefox\profiles\g78upj17.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi"
Emptied folder: C:\Users\bishop\AppData\Roaming\mozilla\firefox\profiles\g78upj17.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/02/2013 at 18:41:21.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:35 PM

OTL.TXT

OTL logfile created on: 06/02/2013 7:24:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bishop\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 72.76% Memory free
11.90 Gb Paging File | 10.36 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.98 Gb Total Space | 660.45 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
Drive D: | 2.06 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.52 Gb Total Space | 13.47 Gb Free Space | 92.81% Space Free | Partition Type: FAT32
Drive G: | 4.00 Gb Total Space | 2.67 Gb Free Space | 66.84% Space Free | Partition Type: FAT32

Computer Name: BISHOP-PC | User Name: bishop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2013/02/06 19:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bishop\Desktop\OTL.exe
PRC - [2013/02/01 10:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 13:03:36 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\bishop\Desktop\SysinternalsSuite\procexp.exe
PRC - [2010/11/20 19:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/07/13 17:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\notepad.exe


========== Modules (All) ==========

MOD - [2013/02/06 19:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bishop\Desktop\OTL.exe
MOD - [2013/02/01 10:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MOD - [2013/02/01 10:22:52 | 017,804,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll
MOD - [2013/02/01 10:22:39 | 000,155,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MOD - [2013/02/01 10:22:39 | 000,151,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MOD - [2013/02/01 10:22:39 | 000,092,056 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MOD - [2013/02/01 10:22:39 | 000,019,352 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MOD - [2013/02/01 10:22:38 | 000,641,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MOD - [2013/02/01 10:22:38 | 000,375,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MOD - [2013/02/01 10:22:38 | 000,171,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MOD - [2013/02/01 10:22:38 | 000,104,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MOD - [2013/02/01 10:22:38 | 000,091,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MOD - [2013/02/01 10:22:38 | 000,021,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MOD - [2013/02/01 10:22:38 | 000,021,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MOD - [2013/02/01 10:22:37 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/01 10:22:37 | 000,813,976 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MOD - [2013/02/01 10:22:36 | 000,142,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MOD - [2013/02/01 10:22:36 | 000,016,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MOD - [2013/02/01 10:22:35 | 002,850,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MOD - [2013/02/01 10:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2013/02/01 10:22:34 | 000,277,400 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MOD - [2013/02/01 10:22:13 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
MOD - [2013/02/01 10:22:13 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
MOD - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
MOD - [2012/12/11 03:52:20 | 002,608,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll
MOD - [2012/12/06 04:07:10 | 000,793,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgsysx.dll
MOD - [2012/11/15 23:34:32 | 001,001,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgx.dll
MOD - [2012/10/22 13:04:38 | 002,024,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avguires.dll
MOD - [2012/10/22 13:04:36 | 000,025,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgapps.dll
MOD - [2012/10/22 13:04:16 | 000,230,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgse.dll
MOD - [2012/10/22 13:04:12 | 000,862,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgntopensslx.dll
MOD - [2012/10/22 13:04:10 | 000,311,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avglogx.dll
MOD - [2012/10/22 13:04:10 | 000,177,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avglngx.dll
MOD - [2012/10/22 13:04:08 | 000,481,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcommx.dll
MOD - [2012/10/22 13:04:08 | 000,403,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgdecider.dll
MOD - [2012/10/22 13:04:04 | 000,348,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll
MOD - [2012/10/22 13:03:44 | 000,279,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgclitx.dll
MOD - [2012/10/02 13:03:36 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\bishop\Desktop\SysinternalsSuite\procexp.exe
MOD - [2012/08/23 11:31:22 | 000,030,072 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-win32.dll
MOD - [2011/02/19 23:03:12 | 004,422,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100u.dll
MOD - [2011/02/19 23:03:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll
MOD - [2011/02/19 23:03:12 | 000,055,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc100enu.dll
MOD - [2011/02/19 00:40:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll
MOD - [2010/11/20 19:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010/11/20 19:25:14 | 001,456,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll
MOD - [2010/11/20 19:25:11 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2010/11/20 19:25:09 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\syncui.dll
MOD - [2010/11/20 19:25:08 | 010,990,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
MOD - [2010/11/20 19:25:08 | 005,977,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
MOD - [2010/11/20 19:25:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
MOD - [2010/11/20 19:25:08 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
MOD - [2010/11/20 19:25:07 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2010/11/20 19:24:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010/11/20 19:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2010/11/20 19:24:33 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 19:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2010/11/20 19:24:33 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2010/11/20 19:24:32 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2010/11/20 19:24:32 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credui.dll
MOD - [2010/11/20 19:24:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\twext.dll
MOD - [2010/11/20 19:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2010/11/20 19:24:32 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\acppage.dll
MOD - [2010/11/20 19:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2010/11/20 19:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010/11/20 19:24:26 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2010/11/20 19:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010/11/20 19:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll
MOD - [2010/11/20 19:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010/11/20 19:24:20 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2010/11/20 19:24:17 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inetcomm.dll
MOD - [2010/11/20 19:24:16 | 001,229,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2010/11/20 19:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2010/11/20 19:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2010/11/20 19:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010/11/20 19:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2010/11/20 19:24:16 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2010/11/20 19:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2010/11/20 19:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2010/11/20 19:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010/11/20 19:24:16 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2010/11/20 19:24:15 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2010/11/20 19:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2010/11/20 19:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2010/11/20 19:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010/11/20 19:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2010/11/20 19:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2010/11/20 19:24:09 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
MOD - [2010/11/20 19:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010/11/20 19:24:09 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\zipfldr.dll
MOD - [2010/11/20 19:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2010/11/20 19:24:09 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2010/11/20 19:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010/11/20 19:24:08 | 000,980,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2010/11/20 19:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010/11/20 19:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2010/11/20 19:24:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2010/11/20 19:24:08 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2010/11/20 19:24:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\t2embed.dll
MOD - [2010/11/20 19:24:08 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2010/11/20 19:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2010/11/20 19:24:03 | 002,064,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2010/11/20 19:24:03 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll
MOD - [2010/11/20 19:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
MOD - [2010/11/20 19:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2010/11/20 19:24:02 | 001,076,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2010/11/20 19:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2010/11/20 19:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2010/11/20 19:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010/11/20 19:24:01 | 001,292,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2010/11/20 19:24:01 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2010/11/20 19:24:01 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2010/11/20 19:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2010/11/20 19:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll
MOD - [2010/11/20 19:24:00 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2010/11/20 19:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010/11/20 19:23:59 | 001,154,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2010/11/20 19:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/20 19:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2010/11/20 19:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2010/11/20 19:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010/11/20 19:23:54 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2010/11/20 19:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010/11/20 19:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2010/11/20 19:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010/11/20 19:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2010/11/20 19:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010/11/20 19:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010/11/20 19:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010/11/20 19:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009/07/13 17:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/13 17:16:21 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2009/07/13 17:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
MOD - [2009/07/13 17:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/13 17:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll
MOD - [2009/07/13 17:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL
MOD - [2009/07/13 17:16:19 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll
MOD - [2009/07/13 17:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll
MOD - [2009/07/13 17:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2009/07/13 17:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll
MOD - [2009/07/13 17:16:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winbrand.dll
MOD - [2009/07/13 17:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/13 17:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009/07/13 17:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/13 17:16:15 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
MOD - [2009/07/13 17:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/13 17:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/13 17:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009/07/13 17:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll
MOD - [2009/07/13 17:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2009/07/13 17:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2009/07/13 17:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceTypes.dll
MOD - [2009/07/13 17:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2009/07/13 17:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll
MOD - [2009/07/13 17:16:12 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009/07/13 17:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2009/07/13 17:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009/07/13 17:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009/07/13 17:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2009/07/13 17:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll
MOD - [2009/07/13 17:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009/07/13 17:15:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msoert2.dll
MOD - [2009/07/13 17:15:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2009/07/13 17:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll
MOD - [2009/07/13 17:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2009/07/13 17:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009/07/13 17:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2009/07/13 17:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2009/07/13 17:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/13 17:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll
MOD - [2009/07/13 17:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IconCodecService.dll
MOD - [2009/07/13 17:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll
MOD - [2009/07/13 17:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/13 17:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll
MOD - [2009/07/13 17:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009/07/13 17:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009/07/13 17:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2009/07/13 17:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2009/07/13 17:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009/07/13 17:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll
MOD - [2009/07/13 17:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009/07/13 17:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009/07/13 17:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/13 17:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\notepad.exe
MOD - [2009/07/13 17:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 17:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009/07/13 17:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009/07/13 17:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 17:06:08 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\INETRES.dll


========== Services (All) ==========

SRV:64bit: - [2012/06/02 14:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 19:25:14 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2010/11/20 19:25:14 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2010/11/20 19:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2010/11/20 19:25:07 | 000,214,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2010/11/20 19:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2010/11/20 19:25:05 | 001,525,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2010/11/20 19:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2010/11/20 19:24:51 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2010/11/20 19:24:51 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2010/11/20 19:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 19:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 19:24:41 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2010/11/20 19:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2010/11/20 19:24:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010/11/20 19:24:35 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010/11/20 19:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010/11/20 19:24:33 | 000,121,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2010/11/20 19:24:32 | 000,777,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2010/11/20 19:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 19:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 19:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2010/11/20 19:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2010/11/20 19:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 19:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2010/11/20 19:24:24 | 002,018,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2010/11/20 19:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 19:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 19:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 19:24:16 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:64bit: - [2010/11/20 19:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 19:24:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2010/11/20 19:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2010/11/20 19:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2010/11/20 19:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:64bit: - [2010/11/20 19:24:14 | 000,569,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2010/11/20 19:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2010/11/20 19:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010/11/20 19:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/11/20 19:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2010/11/20 19:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 19:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 19:24:00 | 001,389,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:64bit: - [2010/11/20 19:24:00 | 000,853,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2010/11/20 19:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2010/11/20 19:24:00 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 19:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010/11/20 19:23:56 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2010/11/20 19:23:56 | 000,444,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010/11/20 19:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 19:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 19:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2010/11/20 19:23:54 | 001,137,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2010/11/20 19:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2010/11/20 19:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 19:23:51 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:64bit: - [2010/11/20 19:23:50 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2010/11/20 19:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2010/11/20 19:23:48 | 000,476,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010/11/20 19:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/13 17:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 17:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009/07/13 17:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/13 17:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:64bit: - [2009/07/13 17:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/13 17:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 17:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2009/07/13 17:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2009/07/13 17:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009/07/13 17:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009/07/13 17:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009/07/13 17:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009/07/13 17:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 17:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 17:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009/07/13 17:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009/07/13 17:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 17:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 17:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:64bit: - [2009/07/13 17:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009/07/13 17:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/13 17:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 17:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 17:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 17:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 17:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 17:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 17:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009/07/13 17:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009/07/13 17:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/13 17:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 17:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009/07/13 17:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 17:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/13 17:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/13 17:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/13 17:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 17:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 17:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 17:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 17:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 17:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 17:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009/07/13 17:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009/07/13 17:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/13 17:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 17:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/07/13 17:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2009/07/13 17:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:64bit: - [2009/07/13 17:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009/07/13 17:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009/07/13 17:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV - [2013/02/06 10:44:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 21:18:50 | 000,116,648 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2013/02/05 21:18:50 | 000,116,648 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2013/02/01 10:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/20 19:25:10 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 19:24:53 | 000,856,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/11/20 19:24:52 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2010/11/20 19:24:49 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 19:24:49 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/11/20 19:24:42 | 000,696,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 19:24:32 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2010/11/20 19:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 19:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/11/20 19:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 19:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2010/11/20 19:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/20 19:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 19:24:03 | 000,194,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 19:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 19:23:55 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2009/07/13 17:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 17:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 17:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/13 17:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/13 17:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 17:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/13 17:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/13 17:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/13 17:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/13 17:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/13 17:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/07/13 17:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2009/07/13 17:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/13 17:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 12:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (All) ==========

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/02/16 20:58:24 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2012/02/16 20:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2011/09/19 15:54:46 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/20 19:25:07 | 000,165,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR)
DRV:64bit: - [2010/11/20 19:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2010/11/20 19:24:39 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010/11/20 19:24:36 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 19:24:33 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 19:24:33 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 19:24:33 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:24:32 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010/11/20 19:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 19:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 19:24:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 19:24:27 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 19:24:26 | 000,075,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2010/11/20 19:24:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 19:24:24 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 19:24:15 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2010/11/20 19:24:15 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 19:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2010/11/20 19:24:15 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 19:24:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2010/11/20 19:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 19:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 19:24:09 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 19:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2010/11/20 19:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2010/11/20 19:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2010/11/20 19:24:08 | 000,459,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2010/11/20 19:24:08 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 19:24:08 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 19:24:08 | 000,152,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2010/11/20 19:24:08 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 19:24:08 | 000,095,616 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2010/11/20 19:24:03 | 000,287,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2010/11/20 19:24:03 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2010/11/20 19:24:00 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 19:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2010/11/20 19:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2010/11/20 19:23:55 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 19:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 19:23:54 | 000,167,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2010/11/20 19:23:53 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 19:23:52 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010/11/20 19:23:51 | 000,413,184 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2010/11/20 19:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 19:23:51 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010/11/20 19:23:50 | 000,468,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2010/11/20 19:23:50 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010/11/20 19:23:50 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010/11/20 19:23:48 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2010/11/20 19:23:48 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2010/11/20 19:23:48 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2010/11/20 19:23:47 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2010/11/20 19:23:47 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 19:23:47 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2010/11/20 19:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 19:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 19:23:47 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 19:23:47 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 19:23:47 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2010/11/20 19:23:47 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 19:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2010/11/20 19:23:47 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 19:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/11/20 19:23:47 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 19:23:47 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 19:23:47 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2010/11/20 19:23:47 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 19:23:47 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2010/11/20 19:23:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 19:23:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 19:23:47 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/07/13 17:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 17:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 17:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 17:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 17:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 17:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 17:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 17:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 17:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 17:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 17:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 17:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 17:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 17:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009/07/13 17:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 17:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 17:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 17:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 17:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 17:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 17:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 17:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 17:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 17:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 17:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 17:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 17:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009/07/13 17:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 17:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/13 17:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 17:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009/07/13 17:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009/07/13 17:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 17:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009/07/13 17:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 17:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 17:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 17:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 17:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 17:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 17:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 17:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 17:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 17:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)
DRV:64bit: - [2009/07/13 17:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 16:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 16:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 16:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 16:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 16:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 16:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 16:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 16:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 16:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 16:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 16:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 16:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 16:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 16:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 16:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 16:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 16:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 16:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 16:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 16:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 16:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 16:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 16:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 16:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 16:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 16:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 16:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 16:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 16:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 16:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2009/07/13 16:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:64bit: - [2009/07/13 16:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 16:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2009/07/13 16:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2009/07/13 16:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 16:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 16:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 16:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 16:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 16:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 16:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 16:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 16:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 16:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 16:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 16:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 16:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 16:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 16:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 16:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 16:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 16:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 16:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 16:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 16:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 15:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 15:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 15:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 15:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 15:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 15:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 15:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 15:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 15:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 15:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 15:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 15:23:50 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2009/07/13 15:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009/07/13 15:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009/07/13 15:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 15:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 15:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009/07/13 15:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 15:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009/07/13 15:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009/07/13 15:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 15:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 15:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 15:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/06/10 12:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 12:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 12:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 12:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 12:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 12:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 9D 7B FE 28 04 CE 01 [binary data]
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 53 45 80 9F 04 CE 01 [binary data]
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_enCA522
IE - HKU\S-1-5-21-224496855-1219991750-4164038688-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 10:26:43 | 000,000,000 | ---D | M]

[2013/02/06 10:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bishop\AppData\Roaming\Mozilla\Extensions
[2013/02/06 18:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bishop\AppData\Roaming\Mozilla\Firefox\Profiles\g78upj17.default\extensions
[2013/02/06 10:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 10:26:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/01 10:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 10:22:13 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/02/01 10:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/01 10:22:13 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/02/01 10:22:13 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/01 10:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 10:22:13 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/02/01 10:22:13 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-224496855-1219991750-4164038688-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-224496855-1219991750-4164038688-500..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-224496855-1219991750-4164038688-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-224496855-1219991750-4164038688-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBBB311-A26D-4CE8-840B-5C3F4850C826}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\BISHOP\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\BISHOP\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/27 12:46:20 | 000,028,672 | R--- | M] (Dell Inc.) - D:\AUTORCD.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/01/11 15:51:40 | 000,000,049 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/05/25 02:33:22 | 000,000,128 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/05/25 02:33:22 | 000,000,128 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ef1e98a9-6ff3-11e2-8182-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1e98a9-6ff3-11e2-8182-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORCD.EXE -- [2009/05/27 12:46:20 | 000,028,672 | R--- | M] (Dell Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 19:22:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bishop\Desktop\OTL.exe
[2013/02/06 18:36:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/06 18:36:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/06 18:36:26 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\bishop\Desktop\JRT.exe
[2013/02/06 18:34:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bishop\Desktop\roldtimers.exe
[2013/02/06 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013/02/06 17:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013/02/06 17:44:29 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/02/06 17:44:28 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/02/06 17:44:28 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2013/02/06 17:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/02/06 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\AVG
[2013/02/06 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/02/06 17:43:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/02/06 17:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5Verify2 02120112
[2013/02/06 17:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5Make2 02120112
[2013/02/06 17:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MD5
[2013/02/06 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\bishop\Desktop\setupMD5x
[2013/02/06 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/06 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DBF Viewer 2000
[2013/02/06 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DBF Viewer 2000
[2013/02/06 15:35:00 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/02/06 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Deployment
[2013/02/06 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Apps
[2013/02/06 15:04:31 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\ller.exe
[2013/02/06 15:04:31 | 000,000,000 | ---D | C] -- C:\1)
[2013/02/06 15:03:58 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\SSller.exe
[2013/02/06 11:25:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/06 11:12:36 | 000,000,000 | ---D | C] -- C:\Users\bishop\Desktop\mbar
[2013/02/06 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/02/06 11:05:12 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Paint.NET
[2013/02/06 10:55:02 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\FileZilla
[2013/02/06 10:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/02/06 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/02/06 10:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/02/06 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013/02/06 10:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/06 10:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/06 10:48:15 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Macromedia
[2013/02/06 10:40:02 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Mozilla
[2013/02/06 10:40:02 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Mozilla
[2013/02/06 10:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/06 10:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/02/06 10:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 10:16:55 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\AVG2013
[2013/02/06 09:50:33 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\TuneUp Software
[2013/02/06 09:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/06 09:50:19 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/06 09:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/02/06 09:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/02/06 09:48:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/06 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\MFAData
[2013/02/06 09:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/06 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Avg2013
[2013/02/06 09:36:17 | 000,000,000 | ---D | C] -- C:\Users\bishop\Desktop\7z
[2013/02/06 09:36:06 | 000,000,000 | ---D | C] -- C:\Users\bishop\Desktop\SysinternalsSuite
[2013/02/06 09:35:29 | 000,000,000 | ---D | C] -- C:\Users\bishop\Desktop\HBCD
[2013/02/05 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Macromedia
[2013/02/05 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Adobe
[2013/02/05 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/02/05 21:19:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/02/05 21:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/02/05 21:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/05 21:18:50 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Google
[2013/02/05 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/02/05 21:18:41 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/05 21:18:41 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/05 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/02/05 21:18:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/02/05 21:17:26 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/02/05 21:17:26 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/02/05 21:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/02/05 21:14:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/02/05 21:14:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/02/05 21:14:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/02/05 21:14:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/02/05 21:14:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/02/05 21:14:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/02/05 21:13:52 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/02/05 21:13:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/02/05 20:55:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/02/05 20:55:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/02/05 20:54:55 | 000,108,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013/02/05 20:54:53 | 000,000,000 | ---D | C] -- C:\Dell
[2013/02/05 19:57:56 | 000,000,000 | R--D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/05 19:57:56 | 000,000,000 | R--D | C] -- C:\Users\bishop\Searches
[2013/02/05 19:57:56 | 000,000,000 | R--D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/05 19:57:56 | 000,000,000 | -H-D | C] -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/02/05 19:57:47 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Identities
[2013/02/05 19:57:45 | 000,000,000 | R--D | C] -- C:\Users\bishop\Contacts
[2013/02/05 19:57:43 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\VirtualStore
[2013/02/05 19:57:35 | 000,000,000 | --SD | C] -- C:\Users\bishop\AppData\Roaming\Microsoft
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Videos
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Saved Games
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Pictures
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Music
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Links
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Favorites
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Downloads
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Documents
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\Desktop
[2013/02/05 19:57:35 | 000,000,000 | R--D | C] -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\AppData\Local\Temporary Internet Files
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Templates
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Start Menu
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\SendTo
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Recent
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\PrintHood
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\NetHood
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Documents\My Videos
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Documents\My Pictures
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Documents\My Music
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\My Documents
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Local Settings
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\AppData\Local\History
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Cookies
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\Application Data
[2013/02/05 19:57:35 | 000,000,000 | -HSD | C] -- C:\Users\bishop\AppData\Local\Application Data
[2013/02/05 19:57:35 | 000,000,000 | -H-D | C] -- C:\Users\bishop\AppData
[2013/02/05 19:57:35 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Temp
[2013/02/05 19:57:35 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Local\Microsoft
[2013/02/05 19:57:35 | 000,000,000 | ---D | C] -- C:\Users\bishop\AppData\Roaming\Media Center Programs
[2013/02/05 19:57:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/02/05 19:26:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/02/05 19:25:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2013/02/05 19:25:57 | 000,000,000 | ---D | C] -- C:\Hotfix
[2013/02/05 19:25:57 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/02/05 16:30:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/02/05 16:28:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/02/05 16:27:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/02/06 19:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bishop\Desktop\OTL.exe
[2013/02/06 18:58:02 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 18:58:02 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 18:48:25 | 000,024,717 | ---- | M] () -- C:\Users\bishop\Desktop\AW-CO2.jpg
[2013/02/06 18:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/06 18:36:27 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\bishop\Desktop\JRT.exe
[2013/02/06 18:35:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bishop\Desktop\roldtimers.exe
[2013/02/06 18:28:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 18:20:02 | 000,327,905 | R--- | M] () -- C:\Users\bishop\Desktop\nvflash_windows_5.118.zip
[2013/02/06 18:05:39 | 000,158,208 | ---- | M] () -- C:\Users\bishop\Desktop\GK107.rom
[2013/02/06 18:05:24 | 000,015,168 | ---- | M] () -- C:\Windows\SysNative\drivers\nvflash.sys
[2013/02/06 17:55:57 | 000,000,963 | ---- | M] () -- C:\Users\bishop\Desktop\TechPowerUp GPU-Z.lnk
[2013/02/06 17:46:34 | 000,000,059 | ---- | M] () -- C:\Users\bishop\Desktop\ll09.md5
[2013/02/06 17:44:27 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/02/06 17:44:27 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/06 17:43:33 | 000,000,051 | ---- | M] () -- C:\Users\bishop\Desktop\!Notepad (2).md5
[2013/02/06 17:34:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/06 17:34:30 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/06 17:34:30 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/06 17:21:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/06 17:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/06 17:21:13 | 497,795,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/06 16:49:06 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\DBF Viewer 2000.lnk
[2013/02/06 15:20:39 | 000,036,988 | ---- | M] () -- C:\BISHOP-PC
[2013/02/06 15:19:22 | 000,007,612 | ---- | M] () -- C:\Users\bishop\AppData\Local\Resmon.ResmonCfg
[2013/02/06 15:18:19 | 000,036,988 | ---- | M] () -- C:\Users\bishop\Desktop\BISHOP-PC
[2013/02/06 15:09:10 | 000,002,279 | ---- | M] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/06 15:03:33 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\SSller.exe
[2013/02/06 15:02:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\ller.exe
[2013/02/06 14:57:46 | 002,195,061 | ---- | M] () -- C:\tdsskiller.zip
[2013/02/06 14:56:05 | 002,195,061 | ---- | M] () -- C:\tdsskiller (1).zip
[2013/02/06 11:06:28 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/02/06 10:55:00 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/02/06 10:54:03 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/02/06 10:54:03 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\Scan for Outdated Drivers.URL
[2013/02/06 10:44:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/06 10:44:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/06 10:26:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/06 09:50:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/06 09:39:36 | 000,000,965 | ---- | M] () -- C:\Users\bishop\Desktop\HBCDMenu.exe - Shortcut.lnk
[2013/02/06 09:39:06 | 000,000,901 | ---- | M] () -- C:\Users\bishop\Desktop\7zFM.exe - Shortcut.lnk
[2013/02/06 09:38:24 | 000,001,097 | ---- | M] () -- C:\Users\bishop\Desktop\procexp.exe - Shortcut.lnk
[2013/02/06 08:57:56 | 000,000,849 | ---- | M] () -- C:\Users\bishop\Desktop\Downloads.lnk
[2013/02/06 07:49:00 | 000,001,304 | ---- | M] () -- C:\Users\bishop\Desktop\Notepad (2).lnk
[2013/02/06 07:12:45 | 000,001,409 | ---- | M] () -- C:\Users\bishop\Desktop\Internet Explorer (64-bit).lnk
[2013/02/06 05:14:20 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2013/02/05 21:19:04 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/05 20:28:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/02/05 20:27:43 | 000,001,437 | ---- | M] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/05 16:33:07 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/05 16:31:56 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/02/05 16:31:56 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/02/06 18:48:22 | 000,024,717 | ---- | C] () -- C:\Users\bishop\Desktop\AW-CO2.jpg
[2013/02/06 18:20:04 | 000,327,905 | R--- | C] () -- C:\Users\bishop\Desktop\nvflash_windows_5.118.zip
[2013/02/06 18:05:39 | 000,158,208 | ---- | C] () -- C:\Users\bishop\Desktop\GK107.rom
[2013/02/06 17:57:06 | 000,015,168 | ---- | C] () -- C:\Windows\SysNative\drivers\nvflash.sys
[2013/02/06 17:55:57 | 000,000,963 | ---- | C] () -- C:\Users\bishop\Desktop\TechPowerUp GPU-Z.lnk
[2013/02/06 17:46:34 | 000,000,059 | ---- | C] () -- C:\Users\bishop\Desktop\ll09.md5
[2013/02/06 17:44:27 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2013/02/06 17:44:27 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/06 17:44:26 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/02/06 17:43:33 | 000,000,051 | ---- | C] () -- C:\Users\bishop\Desktop\!Notepad (2).md5
[2013/02/06 16:49:06 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\DBF Viewer 2000.lnk
[2013/02/06 15:20:39 | 000,036,988 | ---- | C] () -- C:\BISHOP-PC
[2013/02/06 15:19:22 | 000,007,612 | ---- | C] () -- C:\Users\bishop\AppData\Local\Resmon.ResmonCfg
[2013/02/06 15:18:19 | 000,036,988 | ---- | C] () -- C:\Users\bishop\Desktop\BISHOP-PC
[2013/02/06 15:04:31 | 002,195,061 | ---- | C] () -- C:\tdsskiller.zip
[2013/02/06 15:04:31 | 002,195,061 | ---- | C] () -- C:\tdsskiller (1).zip
[2013/02/06 14:49:21 | 000,801,352 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2013/02/06 14:49:21 | 000,019,936 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2013/02/06 14:49:20 | 000,013,280 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2013/02/06 11:20:00 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2013/02/06 11:06:28 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/02/06 11:06:28 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/02/06 10:55:00 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/02/06 10:54:03 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013/02/06 10:54:03 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/02/06 10:54:03 | 000,000,276 | ---- | C] () -- C:\Users\Public\Desktop\Scan for Outdated Drivers.URL
[2013/02/06 10:26:46 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/06 10:26:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/06 09:50:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/06 09:39:06 | 000,000,901 | ---- | C] () -- C:\Users\bishop\Desktop\7zFM.exe - Shortcut.lnk
[2013/02/06 09:38:56 | 000,000,965 | ---- | C] () -- C:\Users\bishop\Desktop\HBCDMenu.exe - Shortcut.lnk
[2013/02/06 09:38:24 | 000,001,097 | ---- | C] () -- C:\Users\bishop\Desktop\procexp.exe - Shortcut.lnk
[2013/02/06 08:57:56 | 000,000,849 | ---- | C] () -- C:\Users\bishop\Desktop\Downloads.lnk
[2013/02/06 07:49:00 | 000,001,304 | ---- | C] () -- C:\Users\bishop\Desktop\Notepad (2).lnk
[2013/02/06 07:12:45 | 000,001,409 | ---- | C] () -- C:\Users\bishop\Desktop\Internet Explorer (64-bit).lnk
[2013/02/05 21:19:04 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/05 21:19:04 | 000,002,279 | ---- | C] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/05 21:18:56 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 21:18:54 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/05 21:18:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 20:28:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/02/05 20:27:43 | 000,001,437 | ---- | C] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/05 19:58:00 | 000,001,409 | ---- | C] () -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/05 19:57:58 | 000,001,443 | ---- | C] () -- C:\Users\bishop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/02/05 19:57:35 | 000,000,290 | ---- | C] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/05 19:57:35 | 000,000,272 | ---- | C] () -- C:\Users\bishop\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/02/05 19:25:58 | 000,000,029 | RH-- | C] () -- C:\Windows\version
[2013/02/05 16:31:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/02/05 16:31:49 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/02/05 16:27:35 | 497,795,071 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 19:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST9750420AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: ADATA USB Flash Drive USB Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Kingston DT 100 G2 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 685.00GB
Starting Offset: 14663286784
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 4293596160
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 1048576
Hidden sectors: 0


< End of report >

Attached Files


Edited by theashesstir, 06 February 2013 - 10:40 PM.


#15 theashesstir

theashesstir
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 February 2013 - 10:37 PM

{edited]

Edited by theashesstir, 06 February 2013 - 10:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users