Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Unknown MBR Physical Drive 0 (says Spybot)


  • This topic is locked This topic is locked
26 replies to this topic

#1 Mike2015

Mike2015

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 31 March 2013 - 01:16 AM

HI,

 

When I do a rootkit scan with spybot, it says I have an unknown MBR  Physical Drive 0. It suggested a deep scan but it doesn't generate a report after the scan. Just blank, not even a notice that the scan turned up clean.

 

Malwarebytes (anti rootkit beta) and Avast didn't find anything, but TDSS killer found this - "Safeboot locked file". The recommendation was to skip but I quarantined it anyway.

 

I followed your instructions with DDS and also took the liberty to post the TDSS log. My computer seems to run decently but compared to others- well I've seen faster PCs. Also when I did an Avast boot scan, the scan jump from (if not mistaken) 30% to 100%. Didn't pass 40%, 50% and so on.. It just jumped to 100%. This also happened with Esset online scanner. Is this normal?  Would really appreciate your help. 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by btr at 13:07:03 on 2013-03-31
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - <orphaned>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [aswredemption.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\redemption.dll"
mRunOnce: [aswAhAScr.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\asOutExt.dll"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: LastPass - c:\users\standard\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\standard\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Notification Packages =  SbHpNp scecli ASWLNPkg
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R? aswVmm;aswVmm
R? AVGIDSHX;AVGIDSHX
R? AVGIDSShim;AVGIDSShim
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GUCI_AVS;Generic USB Controller Interface (AVS)
R? MBAMService;MBAMService
R? PSI;PSI
R? RoxMediaDB10;RoxMediaDB10
R? SDUpdateService;Spybot-S&D 2 Updating Service
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? Secunia PSI Agent;Secunia PSI Agent
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? ASBroker;Logon Session Broker
S? ASChannel;Local Communication Channel
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? EaseUS Agent;EaseUS Agent Service
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EUDSKACS;EUDSKACS
S? EUFDDISK;EUFDDISK
S? FontCache;Windows Font Cache Service
S? Guard Agent;Guard Agent Service
S? HpFkCryptService;Drive Encryption Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? pdfcDispatcher;PDF Document Manager
S? PersonalSecureDrive;PersonalSecureDrive
S? PFNet;Privacyware network service
S? pwipf6;Privacyware Filter Driver
S? RsvLock;RsvLock
S? SafeBoot;SafeBoot
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SbAlg;SbAlg
S? SbFsLock;SbFsLock
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? Secunia Update Agent;Secunia Update Agent
S? Skype C2C Service;Skype C2C Service
S? SmartDefragDriver;SmartDefragDriver
S? UNS;Intel® Active Management Technology User Notification Service
.
=============== Created Last 30 ================
.
2013-03-30 12:31:42 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-30 12:31:39 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-30 12:30:48 41664 ----a-w- c:\windows\avastSS.scr
2013-03-22 12:46:30 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{646c7a0e-8243-45a5-ae06-1c9848603944}\offreg.dll
2013-03-22 10:36:09 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{646c7a0e-8243-45a5-ae06-1c9848603944}\mpengine.dll
2013-03-22 03:57:43 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-22 03:27:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-22 03:26:29 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-22 03:26:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-21 16:27:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-21 16:27:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-21 10:50:53 -------- d-----w- c:\users\btr\appdata\roaming\Anvisoft
2013-03-21 10:48:36 -------- d-----w- c:\programdata\Anvisoft
2013-03-21 06:00:52 -------- d-----w- c:\program files\iPod(134)
2013-03-21 06:00:37 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(158)
2013-03-21 06:00:37 -------- d-----w- c:\program files\iTunes(135)
2013-03-21 03:08:32 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-21 03:08:30 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-03-19 01:20:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-03-17 23:53:11 869376 ----a-w- c:\windows\is-V5090.exe
2013-03-14 23:29:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-02 15:59:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-03-19 00:56:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 00:56:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 13:54:10 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-18 13:54:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-16 17:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys
2012-09-29 15:21:56 10974280 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 13:07:48.58 ===============
 
 
 
 
 
 
 
 
 
 
13:15:37.0916 0316  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:15:39.0928 0316  ============================================================
13:15:39.0928 0316  Current date / time: 2013/03/31 13:15:39.0928
13:15:39.0928 0316  SystemInfo:
13:15:39.0928 0316  
13:15:39.0928 0316  OS Version: 6.0.6002 ServicePack: 2.0
13:15:39.0928 0316  Product type: Workstation
13:15:39.0928 0316  ComputerName: BTR-PC
13:15:39.0928 0316  UserName: btr
13:15:39.0928 0316  Windows directory: C:\Windows
13:15:39.0928 0316  System windows directory: C:\Windows
13:15:39.0928 0316  Processor architecture: Intel x86
13:15:39.0928 0316  Number of processors: 2
13:15:39.0928 0316  Page size: 0x1000
13:15:39.0928 0316  Boot type: Normal boot
13:15:39.0928 0316  ============================================================
13:15:41.0473 0316  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:15:41.0488 0316  ============================================================
13:15:41.0488 0316  \Device\Harddisk0\DR0:
13:15:41.0504 0316  MBR partitions:
13:15:41.0504 0316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12630800
13:15:41.0504 0316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12631000, BlocksNum 0x3E8000
13:15:41.0504 0316  ============================================================
13:15:41.0551 0316  C: <-> \Device\Harddisk0\DR0\Partition1
13:15:41.0598 0316  D: <-> \Device\Harddisk0\DR0\Partition2
13:15:41.0598 0316  ============================================================
13:15:41.0598 0316  Initialize success
13:15:41.0598 0316  ============================================================
13:16:01.0207 2440  ============================================================
13:16:01.0207 2440  Scan started
13:16:01.0207 2440  Mode: Manual; 
13:16:01.0207 2440  ============================================================
13:16:02.0673 2440  ================ Scan system memory ========================
13:16:02.0673 2440  System memory - ok
13:16:02.0673 2440  ================ Scan services =============================
13:16:02.0814 2440  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:16:02.0829 2440  !SASCORE - ok
13:16:02.0954 2440  [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA           C:\Users\btr\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys
13:16:02.0954 2440  A2DDA - ok
13:16:03.0110 2440  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:16:03.0126 2440  ACPI - ok
13:16:03.0157 2440  [ B0269F270D29F0B0D602959271AB623B ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:16:03.0172 2440  ADIHdAudAddService - ok
13:16:03.0219 2440  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:16:03.0235 2440  adp94xx - ok
13:16:03.0266 2440  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:16:03.0266 2440  adpahci - ok
13:16:03.0282 2440  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:16:03.0297 2440  adpu160m - ok
13:16:03.0313 2440  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:16:03.0313 2440  adpu320 - ok
13:16:03.0360 2440  [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
13:16:03.0360 2440  AEADIFilters - ok
13:16:03.0391 2440  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:16:03.0391 2440  AeLookupSvc - ok
13:16:03.0438 2440  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:16:03.0453 2440  AFD - ok
13:16:03.0484 2440  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:16:03.0484 2440  agp440 - ok
13:16:03.0531 2440  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:16:03.0531 2440  aic78xx - ok
13:16:03.0562 2440  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:16:03.0562 2440  ALG - ok
13:16:03.0594 2440  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:16:03.0594 2440  aliide - ok
13:16:03.0609 2440  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:16:03.0625 2440  amdagp - ok
13:16:03.0640 2440  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
13:16:03.0640 2440  amdide - ok
13:16:03.0656 2440  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:16:03.0656 2440  AmdK7 - ok
13:16:03.0672 2440  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:16:03.0687 2440  AmdK8 - ok
13:16:03.0718 2440  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:16:03.0718 2440  Appinfo - ok
13:16:03.0781 2440  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:16:03.0796 2440  Apple Mobile Device - ok
13:16:03.0828 2440  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:16:03.0843 2440  AppMgmt - ok
13:16:03.0874 2440  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
13:16:03.0874 2440  arc - ok
13:16:03.0921 2440  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:16:03.0921 2440  arcsas - ok
13:16:03.0984 2440  [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker        c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
13:16:03.0999 2440  ASBroker - ok
13:16:04.0015 2440  [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel       c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
13:16:04.0015 2440  ASChannel - ok
13:16:04.0062 2440  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:16:04.0062 2440  aswFsBlk - ok
13:16:04.0093 2440  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:16:04.0093 2440  aswMonFlt - ok
13:16:04.0124 2440  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
13:16:04.0124 2440  AswRdr - ok
13:16:04.0155 2440  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:16:04.0171 2440  aswRvrt - ok
13:16:04.0218 2440  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:16:04.0249 2440  aswSnx - ok
13:16:04.0264 2440  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:16:04.0280 2440  aswSP - ok
13:16:04.0296 2440  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:16:04.0296 2440  aswTdi - ok
13:16:04.0327 2440  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:16:04.0327 2440  aswVmm - ok
13:16:04.0358 2440  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:04.0374 2440  AsyncMac - ok
13:16:04.0405 2440  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:16:04.0405 2440  atapi - ok
13:16:04.0467 2440  [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv        C:\Program Files\Intel\AMT\atchksrv.exe
13:16:04.0467 2440  atchksrv - ok
13:16:04.0514 2440  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:16:04.0530 2440  AudioEndpointBuilder - ok
13:16:04.0545 2440  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:16:04.0545 2440  Audiosrv - ok
13:16:04.0639 2440  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:16:04.0639 2440  avast! Antivirus - ok
13:16:04.0654 2440  AVGIDSHX - ok
13:16:04.0670 2440  AVGIDSShim - ok
13:16:04.0717 2440  [ 8E287EB3A52FD30C999482C576F4A61B ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:16:04.0717 2440  b57nd60x - ok
13:16:04.0764 2440  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:16:04.0764 2440  Beep - ok
13:16:04.0810 2440  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:16:04.0810 2440  BFE - ok
13:16:04.0888 2440  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
13:16:04.0920 2440  BITS - ok
13:16:04.0935 2440  blbdrive - ok
13:16:04.0998 2440  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:16:05.0013 2440  Bonjour Service - ok
13:16:05.0044 2440  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:16:05.0044 2440  bowser - ok
13:16:05.0076 2440  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:16:05.0091 2440  BrFiltLo - ok
13:16:05.0107 2440  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:16:05.0107 2440  BrFiltUp - ok
13:16:05.0138 2440  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:16:05.0138 2440  Browser - ok
13:16:05.0169 2440  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:16:05.0169 2440  Brserid - ok
13:16:05.0185 2440  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:16:05.0200 2440  BrSerWdm - ok
13:16:05.0216 2440  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:16:05.0216 2440  BrUsbMdm - ok
13:16:05.0232 2440  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:16:05.0232 2440  BrUsbSer - ok
13:16:05.0247 2440  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:16:05.0247 2440  BTHMODEM - ok
13:16:05.0294 2440  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:16:05.0294 2440  cdfs - ok
13:16:05.0341 2440  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:16:05.0341 2440  cdrom - ok
13:16:05.0388 2440  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:16:05.0388 2440  CertPropSvc - ok
13:16:05.0403 2440  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:16:05.0419 2440  circlass - ok
13:16:05.0450 2440  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:16:05.0450 2440  CLFS - ok
13:16:05.0528 2440  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:16:05.0528 2440  clr_optimization_v2.0.50727_32 - ok
13:16:05.0590 2440  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:16:05.0590 2440  clr_optimization_v4.0.30319_32 - ok
13:16:05.0637 2440  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:16:05.0637 2440  cmdide - ok
13:16:05.0653 2440  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:16:05.0653 2440  Compbatt - ok
13:16:05.0668 2440  COMSysApp - ok
13:16:05.0700 2440  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:16:05.0700 2440  crcdisk - ok
13:16:05.0731 2440  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:16:05.0731 2440  Crusoe - ok
13:16:05.0762 2440  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:16:05.0778 2440  CryptSvc - ok
13:16:05.0824 2440  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
13:16:05.0840 2440  CSC - ok
13:16:05.0887 2440  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
13:16:05.0902 2440  CscService - ok
13:16:05.0980 2440  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:16:06.0012 2440  DcomLaunch - ok
13:16:06.0043 2440  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:16:06.0043 2440  DfsC - ok
13:16:06.0168 2440  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
13:16:06.0230 2440  DFSR - ok
13:16:06.0246 2440  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:16:06.0261 2440  Dhcp - ok
13:16:06.0292 2440  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:16:06.0292 2440  disk - ok
13:16:06.0355 2440  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:16:06.0355 2440  Dnscache - ok
13:16:06.0402 2440  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:16:06.0402 2440  dot3svc - ok
13:16:06.0448 2440  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:16:06.0448 2440  DPS - ok
13:16:06.0480 2440  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:16:06.0480 2440  drmkaud - ok
13:16:06.0558 2440  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:16:06.0573 2440  DXGKrnl - ok
13:16:06.0636 2440  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
13:16:06.0636 2440  e1express - ok
13:16:06.0667 2440  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:16:06.0667 2440  E1G60 - ok
13:16:06.0714 2440  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:16:06.0714 2440  EapHost - ok
13:16:06.0948 2440  [ 1428AF5504E8D8B353F5136BDECC20CC ] EaseUS Agent    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
13:16:06.0948 2440  EaseUS Agent - ok
13:16:06.0994 2440  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:16:07.0010 2440  Ecache - ok
13:16:07.0057 2440  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:16:07.0072 2440  elxstor - ok
13:16:07.0119 2440  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:16:07.0135 2440  EMDMgmt - ok
13:16:07.0197 2440  [ 61C0226B938C35371AB0228834EF087F ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
13:16:07.0197 2440  EUBAKUP - ok
13:16:07.0213 2440  [ C0C90DF6E674FE6944F75D42E38E09FE ] EUBKMON         C:\Windows\system32\drivers\EUBKMON.sys
13:16:07.0213 2440  EUBKMON - ok
13:16:07.0228 2440  [ 070A738258ABAC3918897BA4B16E0C30 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
13:16:07.0228 2440  EUDSKACS - ok
13:16:07.0244 2440  [ CA8E59615F7D2243B567DED4F9647D5F ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
13:16:07.0244 2440  EUFDDISK - ok
13:16:07.0306 2440  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:16:07.0322 2440  EventSystem - ok
13:16:07.0353 2440  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:16:07.0353 2440  exfat - ok
13:16:07.0400 2440  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:16:07.0400 2440  fastfat - ok
13:16:07.0447 2440  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
13:16:07.0478 2440  Fax - ok
13:16:07.0509 2440  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:16:07.0509 2440  fdc - ok
13:16:07.0540 2440  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:16:07.0540 2440  fdPHost - ok
13:16:07.0572 2440  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:16:07.0572 2440  FDResPub - ok
13:16:07.0603 2440  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:16:07.0618 2440  FileInfo - ok
13:16:07.0650 2440  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:16:07.0650 2440  Filetrace - ok
13:16:07.0681 2440  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:16:07.0681 2440  flpydisk - ok
13:16:07.0728 2440  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:16:07.0728 2440  FltMgr - ok
13:16:07.0868 2440  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
13:16:07.0884 2440  FontCache - ok
13:16:07.0946 2440  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:16:07.0946 2440  FontCache3.0.0.0 - ok
13:16:07.0977 2440  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:16:07.0977 2440  Fs_Rec - ok
13:16:08.0024 2440  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:16:08.0024 2440  gagp30kx - ok
13:16:08.0055 2440  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:16:08.0055 2440  GEARAspiWDM - ok
13:16:08.0118 2440  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:16:08.0133 2440  gpsvc - ok
13:16:08.0180 2440  [ 922D79BFE60E6277DAA15DFD2A751F4D ] Guard Agent     C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
13:16:08.0180 2440  Guard Agent - ok
13:16:08.0227 2440  [ 112405138D48ED3B63F0D61F7B588784 ] GUCI_AVS        C:\Windows\system32\DRIVERS\GUCI_AVS.sys
13:16:08.0242 2440  GUCI_AVS - ok
13:16:08.0274 2440  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:16:08.0289 2440  HdAudAddService - ok
13:16:08.0336 2440  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:16:08.0352 2440  HDAudBus - ok
13:16:08.0398 2440  [ 0BF1D760B05CAAAF231123D53C4789E2 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
13:16:08.0398 2440  HECI - ok
13:16:08.0430 2440  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:16:08.0430 2440  HidBth - ok
13:16:08.0445 2440  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:16:08.0445 2440  HidIr - ok
13:16:08.0492 2440  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
13:16:08.0492 2440  hidserv - ok
13:16:08.0508 2440  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:16:08.0508 2440  HidUsb - ok
13:16:08.0539 2440  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:16:08.0539 2440  hkmsvc - ok
13:16:08.0570 2440  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:16:08.0570 2440  HpCISSs - ok
13:16:08.0601 2440  [ 58ED131AA616E4EF5F645A655BA9DA9E ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
13:16:08.0617 2440  HpFkCryptService - ok
13:16:08.0695 2440  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
13:16:08.0742 2440  hpqwmiex - ok
13:16:08.0804 2440  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:16:08.0804 2440  HTTP - ok
13:16:08.0851 2440  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:16:08.0851 2440  i2omp - ok
13:16:08.0882 2440  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:16:08.0882 2440  i8042prt - ok
13:16:08.0929 2440  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
13:16:08.0929 2440  iaStor - ok
13:16:08.0960 2440  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:16:08.0976 2440  iaStorV - ok
13:16:09.0054 2440  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:16:09.0085 2440  idsvc - ok
13:16:09.0147 2440  [ D4B018A81FF3B145FA3022380971545C ] IFXSpMgtSrv     C:\Windows\system32\ifxspmgt.exe
13:16:09.0163 2440  IFXSpMgtSrv - ok
13:16:09.0210 2440  [ B46ED1763468A380931BAA84D1E3CE96 ] IFXTCS          C:\Windows\system32\ifxtcs.exe
13:16:09.0241 2440  IFXTCS - ok
13:16:09.0397 2440  [ 62F534791AE488A475A3E508D92AF4CC ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:16:09.0459 2440  igfx - ok
13:16:09.0490 2440  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:16:09.0490 2440  iirsp - ok
13:16:09.0537 2440  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:16:09.0553 2440  IKEEXT - ok
13:16:09.0584 2440  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:16:09.0584 2440  intelide - ok
13:16:09.0615 2440  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:16:09.0615 2440  intelppm - ok
13:16:09.0662 2440  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:16:09.0662 2440  IPBusEnum - ok
13:16:09.0709 2440  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:09.0709 2440  IpFilterDriver - ok
13:16:09.0740 2440  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:16:09.0756 2440  iphlpsvc - ok
13:16:09.0756 2440  IpInIp - ok
13:16:09.0802 2440  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:16:09.0802 2440  IPMIDRV - ok
13:16:09.0849 2440  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:16:09.0849 2440  IPNAT - ok
13:16:09.0912 2440  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:16:09.0927 2440  iPod Service - ok
13:16:09.0974 2440  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:16:09.0974 2440  IRENUM - ok
13:16:09.0990 2440  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:16:09.0990 2440  isapnp - ok
13:16:10.0036 2440  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:16:10.0052 2440  iScsiPrt - ok
13:16:10.0068 2440  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:16:10.0068 2440  iteatapi - ok
13:16:10.0083 2440  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:16:10.0083 2440  iteraid - ok
13:16:10.0114 2440  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:16:10.0130 2440  kbdclass - ok
13:16:10.0161 2440  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:16:10.0161 2440  kbdhid - ok
13:16:10.0208 2440  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:16:10.0224 2440  KeyIso - ok
13:16:10.0255 2440  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:16:10.0270 2440  KSecDD - ok
13:16:10.0302 2440  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:16:10.0317 2440  KtmRm - ok
13:16:10.0364 2440  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:16:10.0380 2440  LanmanServer - ok
13:16:10.0411 2440  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:10.0426 2440  LanmanWorkstation - ok
13:16:10.0473 2440  [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:16:10.0473 2440  LightScribeService - ok
13:16:10.0504 2440  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:16:10.0504 2440  lltdio - ok
13:16:10.0536 2440  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:16:10.0551 2440  lltdsvc - ok
13:16:10.0582 2440  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:16:10.0582 2440  lmhosts - ok
13:16:10.0614 2440  [ C518D248041C259FCFA7175C866915C3 ] LMS             C:\Program Files\Intel\AMT\LMS.exe
13:16:10.0614 2440  LMS - ok
13:16:10.0645 2440  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:16:10.0660 2440  LSI_FC - ok
13:16:10.0660 2440  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:16:10.0676 2440  LSI_SAS - ok
13:16:10.0692 2440  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:16:10.0692 2440  LSI_SCSI - ok
13:16:10.0738 2440  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:16:10.0738 2440  luafv - ok
13:16:10.0785 2440  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:16:10.0785 2440  MBAMProtector - ok
13:16:10.0848 2440  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:16:10.0848 2440  MBAMScheduler - ok
13:16:10.0879 2440  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:16:10.0910 2440  MBAMService - ok
13:16:10.0972 2440  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:16:10.0972 2440  MDM - ok
13:16:11.0019 2440  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
13:16:11.0019 2440  megasas - ok
13:16:11.0050 2440  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:16:11.0050 2440  MMCSS - ok
13:16:11.0097 2440  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:16:11.0097 2440  Modem - ok
13:16:11.0128 2440  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:16:11.0128 2440  monitor - ok
13:16:11.0144 2440  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:16:11.0160 2440  mouclass - ok
13:16:11.0175 2440  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:16:11.0175 2440  mouhid - ok
13:16:11.0222 2440  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:16:11.0222 2440  MountMgr - ok
13:16:11.0253 2440  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:16:11.0253 2440  mpio - ok
13:16:11.0284 2440  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:16:11.0300 2440  mpsdrv - ok
13:16:11.0347 2440  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:16:11.0362 2440  MpsSvc - ok
13:16:11.0378 2440  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:16:11.0378 2440  Mraid35x - ok
13:16:11.0409 2440  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:16:11.0409 2440  MRxDAV - ok
13:16:11.0440 2440  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:11.0456 2440  mrxsmb - ok
13:16:11.0487 2440  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:11.0503 2440  mrxsmb10 - ok
13:16:11.0518 2440  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:11.0518 2440  mrxsmb20 - ok
13:16:11.0550 2440  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:16:11.0550 2440  msahci - ok
13:16:11.0581 2440  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:16:11.0596 2440  msdsm - ok
13:16:11.0628 2440  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:16:11.0643 2440  MSDTC - ok
13:16:11.0674 2440  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:16:11.0674 2440  Msfs - ok
13:16:11.0706 2440  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:16:11.0706 2440  msisadrv - ok
13:16:11.0737 2440  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:16:11.0752 2440  MSiSCSI - ok
13:16:11.0752 2440  msiserver - ok
13:16:11.0799 2440  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:16:11.0799 2440  MSKSSRV - ok
13:16:11.0815 2440  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:11.0830 2440  MSPCLOCK - ok
13:16:11.0830 2440  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:16:11.0846 2440  MSPQM - ok
13:16:11.0877 2440  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:16:11.0893 2440  MsRPC - ok
13:16:11.0924 2440  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:16:11.0924 2440  mssmbios - ok
13:16:11.0940 2440  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:16:11.0940 2440  MSTEE - ok
13:16:11.0986 2440  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:16:11.0986 2440  Mup - ok
13:16:12.0049 2440  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:16:12.0064 2440  napagent - ok
13:16:12.0111 2440  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:16:12.0111 2440  NativeWifiP - ok
13:16:12.0158 2440  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:16:12.0174 2440  NDIS - ok
13:16:12.0189 2440  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:12.0189 2440  NdisTapi - ok
13:16:12.0220 2440  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:12.0236 2440  Ndisuio - ok
13:16:12.0252 2440  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:12.0267 2440  NdisWan - ok
13:16:12.0283 2440  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:16:12.0298 2440  NDProxy - ok
13:16:12.0314 2440  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:16:12.0314 2440  NetBIOS - ok
13:16:12.0330 2440  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:16:12.0330 2440  netbt - ok
13:16:12.0345 2440  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:16:12.0345 2440  Netlogon - ok
13:16:12.0392 2440  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:16:12.0392 2440  Netman - ok
13:16:12.0423 2440  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:16:12.0439 2440  netprofm - ok
13:16:12.0486 2440  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:12.0486 2440  NetTcpPortSharing - ok
13:16:12.0517 2440  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:16:12.0517 2440  nfrd960 - ok
13:16:12.0564 2440  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:16:12.0564 2440  NlaSvc - ok
13:16:12.0626 2440  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:16:12.0626 2440  Npfs - ok
13:16:12.0673 2440  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:16:12.0673 2440  nsi - ok
13:16:12.0720 2440  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:16:12.0720 2440  nsiproxy - ok
13:16:12.0766 2440  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:16:12.0798 2440  Ntfs - ok
13:16:12.0860 2440  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:16:12.0860 2440  ntrigdigi - ok
13:16:12.0891 2440  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:16:12.0891 2440  Null - ok
13:16:12.0907 2440  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:16:12.0922 2440  nvraid - ok
13:16:12.0938 2440  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:16:12.0938 2440  nvstor - ok
13:16:12.0954 2440  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:16:12.0954 2440  nv_agp - ok
13:16:12.0969 2440  NwlnkFlt - ok
13:16:12.0985 2440  NwlnkFwd - ok
13:16:13.0000 2440  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:16:13.0000 2440  ohci1394 - ok
13:16:13.0063 2440  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:16:13.0094 2440  p2pimsvc - ok
13:16:13.0125 2440  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:16:13.0125 2440  p2psvc - ok
13:16:13.0172 2440  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:16:13.0172 2440  Parport - ok
13:16:13.0219 2440  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:16:13.0219 2440  partmgr - ok
13:16:13.0234 2440  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:16:13.0234 2440  Parvdm - ok
13:16:13.0266 2440  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:16:13.0281 2440  PcaSvc - ok
13:16:13.0312 2440  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:16:13.0328 2440  pci - ok
13:16:13.0375 2440  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
13:16:13.0375 2440  pciide - ok
13:16:13.0406 2440  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:16:13.0422 2440  pcmcia - ok
13:16:13.0453 2440  pdfcDispatcher - ok
13:16:13.0484 2440  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:16:13.0515 2440  PEAUTH - ok
13:16:13.0546 2440  [ E541A80CDFFD6077C761B4578EFC0450 ] pelmouse        C:\Windows\system32\DRIVERS\pelmouse.sys
13:16:13.0546 2440  pelmouse - ok
13:16:13.0593 2440  [ 6432858A4493E906A7D61B9B17A0672A ] pelusblf        C:\Windows\system32\DRIVERS\pelusblf.sys
13:16:13.0593 2440  pelusblf - ok
13:16:13.0656 2440  [ C7D5CF6C7DBE6D96DE252457721BD0E8 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
13:16:13.0656 2440  PersonalSecureDrive - ok
13:16:13.0671 2440  [ 7E5044241347DA7AB89137572A4E461D ] PersonalSecureDriveService C:\Windows\system32\IfxPsdSv.exe
13:16:13.0687 2440  PersonalSecureDriveService - ok
13:16:13.0734 2440  [ 7A805CE3682BE4B811B17205B640DD1F ] PFNet           C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
13:16:13.0749 2440  PFNet - ok
13:16:13.0812 2440  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:16:13.0858 2440  pla - ok
13:16:13.0936 2440  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:16:13.0952 2440  PlugPlay - ok
13:16:13.0968 2440  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:16:13.0999 2440  PNRPAutoReg - ok
13:16:14.0030 2440  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:16:14.0046 2440  PNRPsvc - ok
13:16:14.0092 2440  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:16:14.0124 2440  PolicyAgent - ok
13:16:14.0155 2440  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:16:14.0155 2440  PptpMiniport - ok
13:16:14.0186 2440  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
13:16:14.0186 2440  Processor - ok
13:16:14.0217 2440  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:16:14.0233 2440  ProfSvc - ok
13:16:14.0248 2440  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:16:14.0248 2440  ProtectedStorage - ok
13:16:14.0295 2440  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:16:14.0311 2440  PSched - ok
13:16:14.0358 2440  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
13:16:14.0358 2440  PSI - ok
13:16:14.0404 2440  [ 82F9873AF1B0E075ACE1D1F82AE4FF46 ] pwipf6          C:\Windows\system32\DRIVERS\pwipf6.sys
13:16:14.0404 2440  pwipf6 - ok
13:16:14.0436 2440  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
13:16:14.0436 2440  PxHelp20 - ok
13:16:14.0498 2440  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:16:14.0529 2440  ql2300 - ok
13:16:14.0576 2440  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:16:14.0576 2440  ql40xx - ok
13:16:14.0623 2440  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:16:14.0623 2440  QWAVE - ok
13:16:14.0654 2440  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:16:14.0654 2440  QWAVEdrv - ok
13:16:14.0685 2440  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:16:14.0701 2440  RasAcd - ok
13:16:14.0716 2440  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:16:14.0732 2440  RasAuto - ok
13:16:14.0763 2440  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:14.0763 2440  Rasl2tp - ok
13:16:14.0826 2440  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:16:14.0841 2440  RasMan - ok
13:16:14.0857 2440  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:14.0857 2440  RasPppoe - ok
13:16:14.0888 2440  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:16:14.0888 2440  RasSstp - ok
13:16:14.0919 2440  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:16:14.0935 2440  rdbss - ok
13:16:14.0966 2440  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:14.0966 2440  RDPCDD - ok
13:16:14.0997 2440  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
13:16:14.0997 2440  rdpdr - ok
13:16:15.0013 2440  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:16:15.0013 2440  RDPENCDD - ok
13:16:15.0075 2440  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:16:15.0075 2440  RDPWD - ok
13:16:15.0122 2440  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:16:15.0138 2440  RemoteAccess - ok
13:16:15.0184 2440  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:16:15.0200 2440  RemoteRegistry - ok
13:16:15.0309 2440  [ D2D4D149AB1F6EE7EB0A7AFCE47A66E0 ] RoxMediaDB10    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:16:15.0356 2440  RoxMediaDB10 - ok
13:16:15.0403 2440  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:16:15.0403 2440  RpcLocator - ok
13:16:15.0434 2440  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:16:15.0450 2440  RpcSs - ok
13:16:15.0481 2440  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:16:15.0481 2440  rspndr - ok
13:16:15.0512 2440  [ 02FF0FBD2945B7DD67DB3FB0248AE61E ] RsvLock         C:\Windows\system32\drivers\RsvLock.sys
13:16:15.0512 2440  RsvLock - ok
13:16:15.0528 2440  [ 0E448C0306BA36CFD5C2388046E4ACE0 ] SafeBoot        C:\Windows\system32\drivers\SafeBoot.sys
13:16:15.0528 2440  Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 0E448C0306BA36CFD5C2388046E4ACE0
13:16:15.0528 2440  SafeBoot ( LockedFile.Multi.Generic ) - warning
13:16:15.0528 2440  SafeBoot - detected LockedFile.Multi.Generic (1)
13:16:15.0543 2440  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:16:15.0543 2440  SamSs - ok
13:16:15.0590 2440  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:16:15.0590 2440  SASDIFSV - ok
13:16:15.0621 2440  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:16:15.0621 2440  SASKUTIL - ok
13:16:15.0637 2440  [ F6367FB350F8E5D3F6DD8040E4C0E33B ] SbAlg           C:\Windows\system32\drivers\SbAlg.sys
13:16:15.0637 2440  SbAlg - ok
13:16:15.0684 2440  [ D48F49EF1CFD73D7371B96839529BC89 ] SbFsLock        C:\Windows\system32\drivers\SbFsLock.sys
13:16:15.0684 2440  SbFsLock - ok
13:16:15.0730 2440  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:16:15.0746 2440  sbp2port - ok
13:16:15.0793 2440  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:16:15.0808 2440  SCardSvr - ok
13:16:15.0871 2440  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:16:15.0886 2440  Schedule - ok
13:16:15.0933 2440  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:16:15.0933 2440  SCPolicySvc - ok
13:16:15.0964 2440  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:16:15.0964 2440  SDRSVC - ok
13:16:16.0074 2440  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
13:16:16.0120 2440  SDScannerService - ok
13:16:16.0183 2440  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:16:16.0230 2440  SDUpdateService - ok
13:16:16.0245 2440  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:16:16.0245 2440  SDWSCService - ok
13:16:16.0276 2440  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:16:16.0276 2440  secdrv - ok
13:16:16.0308 2440  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:16:16.0308 2440  seclogon - ok
13:16:16.0417 2440  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:16:16.0464 2440  Secunia PSI Agent - ok
13:16:16.0510 2440  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:16:16.0526 2440  Secunia Update Agent - ok
13:16:16.0557 2440  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
13:16:16.0557 2440  SENS - ok
13:16:16.0573 2440  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:16:16.0588 2440  Serenum - ok
13:16:16.0604 2440  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:16:16.0604 2440  Serial - ok
13:16:16.0651 2440  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:16:16.0651 2440  sermouse - ok
13:16:16.0698 2440  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:16:16.0698 2440  SessionEnv - ok
13:16:16.0729 2440  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:16:16.0729 2440  sffdisk - ok
13:16:16.0776 2440  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:16:16.0776 2440  sffp_mmc - ok
13:16:16.0791 2440  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:16:16.0791 2440  sffp_sd - ok
13:16:16.0807 2440  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:16:16.0807 2440  sfloppy - ok
13:16:16.0838 2440  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:16:16.0854 2440  SharedAccess - ok
13:16:16.0885 2440  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:16:16.0900 2440  ShellHWDetection - ok
13:16:16.0932 2440  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:16:16.0932 2440  sisagp - ok
13:16:16.0978 2440  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:16:16.0978 2440  SiSRaid2 - ok
13:16:16.0994 2440  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:16:16.0994 2440  SiSRaid4 - ok
13:16:17.0181 2440  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:16:17.0275 2440  Skype C2C Service - ok
13:16:17.0353 2440  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:16:17.0353 2440  SkypeUpdate - ok
13:16:17.0493 2440  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:16:17.0634 2440  slsvc - ok
13:16:17.0649 2440  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:16:17.0665 2440  SLUINotify - ok
13:16:17.0727 2440  [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:16:17.0727 2440  SmartDefragDriver - ok
13:16:17.0774 2440  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:16:17.0774 2440  Smb - ok
13:16:17.0821 2440  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:16:17.0821 2440  SNMPTRAP - ok
13:16:17.0852 2440  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:16:17.0852 2440  spldr - ok
13:16:17.0883 2440  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:16:17.0899 2440  Spooler - ok
13:16:17.0930 2440  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:16:17.0930 2440  srv - ok
13:16:17.0961 2440  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:16:17.0977 2440  srv2 - ok
13:16:17.0992 2440  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:16:17.0992 2440  srvnet - ok
13:16:18.0024 2440  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:16:18.0039 2440  SSDPSRV - ok
13:16:18.0102 2440  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:16:18.0102 2440  SstpSvc - ok
13:16:18.0133 2440  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:16:18.0133 2440  StillCam - ok
13:16:18.0195 2440  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:16:18.0211 2440  stisvc - ok
13:16:18.0258 2440  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:16:18.0273 2440  stllssvr - ok
13:16:18.0289 2440  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:16:18.0289 2440  swenum - ok
13:16:18.0336 2440  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:16:18.0367 2440  swprv - ok
13:16:18.0398 2440  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:16:18.0398 2440  Symc8xx - ok
13:16:18.0429 2440  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:16:18.0429 2440  Sym_hi - ok
13:16:18.0460 2440  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:16:18.0460 2440  Sym_u3 - ok
13:16:18.0507 2440  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:16:18.0538 2440  SysMain - ok
13:16:18.0570 2440  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:18.0570 2440  TabletInputService - ok
13:16:18.0616 2440  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:16:18.0632 2440  TapiSrv - ok
13:16:18.0663 2440  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:16:18.0679 2440  TBS - ok
13:16:18.0741 2440  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:16:18.0772 2440  Tcpip - ok
13:16:18.0819 2440  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:16:18.0819 2440  Tcpip6 - ok
13:16:18.0882 2440  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:16:18.0882 2440  tcpipreg - ok
13:16:18.0913 2440  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:16:18.0928 2440  TDPIPE - ok
13:16:18.0960 2440  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:16:18.0975 2440  TDTCP - ok
13:16:19.0006 2440  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:16:19.0006 2440  tdx - ok
13:16:19.0022 2440  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:16:19.0022 2440  TermDD - ok
13:16:19.0053 2440  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:16:19.0084 2440  TermService - ok
13:16:19.0100 2440  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:16:19.0116 2440  Themes - ok
13:16:19.0131 2440  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:16:19.0147 2440  THREADORDER - ok
13:16:19.0178 2440  [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:16:19.0178 2440  TPM - ok
13:16:19.0209 2440  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:16:19.0225 2440  TrkWks - ok
13:16:19.0287 2440  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:19.0287 2440  TrustedInstaller - ok
13:16:19.0334 2440  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:19.0334 2440  tssecsrv - ok
13:16:19.0365 2440  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:16:19.0381 2440  tunmp - ok
13:16:19.0396 2440  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:16:19.0396 2440  tunnel - ok
13:16:19.0428 2440  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:16:19.0428 2440  uagp35 - ok
13:16:19.0459 2440  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:16:19.0474 2440  udfs - ok
13:16:19.0506 2440  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:16:19.0537 2440  UI0Detect - ok
13:16:19.0568 2440  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:16:19.0568 2440  uliagpkx - ok
13:16:19.0599 2440  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:16:19.0615 2440  uliahci - ok
13:16:19.0630 2440  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:16:19.0630 2440  UlSata - ok
13:16:19.0662 2440  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:16:19.0662 2440  ulsata2 - ok
13:16:19.0693 2440  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:16:19.0693 2440  umbus - ok
13:16:19.0724 2440  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:16:19.0740 2440  UmRdpService - ok
13:16:19.0833 2440  [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS             C:\Program Files\Intel\AMT\UNS.exe
13:16:19.0911 2440  UNS - ok
13:16:19.0942 2440  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:16:19.0974 2440  upnphost - ok
13:16:20.0005 2440  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:16:20.0005 2440  USBAAPL - ok
13:16:20.0036 2440  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:20.0052 2440  usbccgp - ok
13:16:20.0098 2440  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:16:20.0098 2440  usbcir - ok
13:16:20.0130 2440  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:16:20.0145 2440  usbehci - ok
13:16:20.0161 2440  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:16:20.0161 2440  usbhub - ok
13:16:20.0192 2440  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:16:20.0192 2440  usbohci - ok
13:16:20.0208 2440  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:16:20.0208 2440  usbprint - ok
13:16:20.0254 2440  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:20.0254 2440  USBSTOR - ok
13:16:20.0301 2440  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:20.0301 2440  usbuhci - ok
13:16:20.0332 2440  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:16:20.0348 2440  usbvideo - ok
13:16:20.0379 2440  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:16:20.0395 2440  UxSms - ok
13:16:20.0426 2440  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:16:20.0442 2440  vds - ok
13:16:20.0488 2440  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:20.0488 2440  vga - ok
13:16:20.0520 2440  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:16:20.0520 2440  VgaSave - ok
13:16:20.0551 2440  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:16:20.0551 2440  viaagp - ok
13:16:20.0566 2440  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:16:20.0566 2440  ViaC7 - ok
13:16:20.0598 2440  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:16:20.0598 2440  viaide - ok
13:16:20.0629 2440  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:16:20.0629 2440  volmgr - ok
13:16:20.0676 2440  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:16:20.0691 2440  volmgrx - ok
13:16:20.0738 2440  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:16:20.0738 2440  volsnap - ok
13:16:20.0769 2440  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:16:20.0785 2440  vsmraid - ok
13:16:20.0847 2440  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:16:20.0878 2440  VSS - ok
13:16:20.0925 2440  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:16:20.0941 2440  W32Time - ok
13:16:20.0972 2440  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:16:20.0972 2440  WacomPen - ok
13:16:21.0019 2440  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:16:21.0019 2440  Wanarp - ok
13:16:21.0034 2440  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:16:21.0034 2440  Wanarpv6 - ok
13:16:21.0066 2440  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
13:16:21.0112 2440  wbengine - ok
13:16:21.0128 2440  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:16:21.0159 2440  wcncsvc - ok
13:16:21.0190 2440  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:21.0190 2440  WcsPlugInService - ok
13:16:21.0237 2440  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:16:21.0237 2440  Wd - ok
13:16:21.0284 2440  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:16:21.0300 2440  Wdf01000 - ok
13:16:21.0331 2440  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:16:21.0346 2440  WdiServiceHost - ok
13:16:21.0362 2440  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:16:21.0362 2440  WdiSystemHost - ok
13:16:21.0409 2440  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:16:21.0424 2440  WebClient - ok
13:16:21.0456 2440  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:16:21.0471 2440  Wecsvc - ok
13:16:21.0502 2440  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:16:21.0518 2440  wercplsupport - ok
13:16:21.0549 2440  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:16:21.0549 2440  WerSvc - ok
13:16:21.0612 2440  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:16:21.0627 2440  WinDefend - ok
13:16:21.0643 2440  WinHttpAutoProxySvc - ok
13:16:21.0736 2440  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:16:21.0752 2440  Winmgmt - ok
13:16:21.0799 2440  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:16:21.0861 2440  WinRM - ok
13:16:21.0908 2440  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:16:21.0939 2440  Wlansvc - ok
13:16:21.0970 2440  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:16:21.0970 2440  WmiAcpi - ok
13:16:22.0017 2440  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:16:22.0017 2440  wmiApSrv - ok
13:16:22.0095 2440  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:16:22.0126 2440  WMPNetworkSvc - ok
13:16:22.0189 2440  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:16:22.0204 2440  WPDBusEnum - ok
13:16:22.0251 2440  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:16:22.0251 2440  WpdUsb - ok
13:16:22.0360 2440  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:16:22.0392 2440  WPFFontCache_v0400 - ok
13:16:22.0423 2440  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:16:22.0423 2440  ws2ifsl - ok
13:16:22.0454 2440  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
13:16:22.0470 2440  wscsvc - ok
13:16:22.0470 2440  WSearch - ok
13:16:22.0579 2440  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:16:22.0641 2440  wuauserv - ok
13:16:22.0688 2440  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:16:22.0688 2440  WudfPf - ok
13:16:22.0704 2440  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:22.0704 2440  WUDFRd - ok
13:16:22.0750 2440  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:16:22.0766 2440  wudfsvc - ok
13:16:22.0797 2440  ================ Scan global ===============================
13:16:22.0828 2440  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:16:22.0891 2440  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:16:22.0922 2440  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:16:22.0984 2440  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:16:23.0000 2440  [Global] - ok
13:16:23.0000 2440  ================ Scan MBR ==================================
13:16:23.0016 2440  [ 4975BDBEDA8A3AFB2AEADEFC06CE9E12 ] \Device\Harddisk0\DR0
13:16:23.0406 2440  \Device\Harddisk0\DR0 - ok
13:16:23.0406 2440  ================ Scan VBR ==================================
13:16:23.0406 2440  [ A464E76139FD33FE4746C7C8E960CBB0 ] \Device\Harddisk0\DR0\Partition1
13:16:23.0421 2440  \Device\Harddisk0\DR0\Partition1 - ok
13:16:23.0452 2440  [ C17F8E53AA8FC60DE48E3B716B15F8A1 ] \Device\Harddisk0\DR0\Partition2
13:16:23.0452 2440  \Device\Harddisk0\DR0\Partition2 - ok
13:16:23.0452 2440  ============================================================
13:16:23.0452 2440  Scan finished
13:16:23.0452 2440  ============================================================
13:16:23.0468 4132  Detected object count: 1
13:16:23.0468 4132  Actual detected object count: 1
13:16:51.0720 4132  C:\Windows\system32\drivers\SafeBoot.sys - copied to quarantine
13:16:51.0798 4132  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine 
13:17:11.0204 4804  ============================================================
13:17:11.0204 4804  Scan started
13:17:11.0204 4804  Mode: Manual; TDLFS; 
13:17:11.0204 4804  ============================================================
13:17:11.0391 4804  ================ Scan system memory ========================
13:17:11.0391 4804  System memory - ok
13:17:11.0407 4804  ================ Scan services =============================
13:17:11.0485 4804  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:17:11.0485 4804  !SASCORE - ok
13:17:11.0594 4804  [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA           C:\Users\btr\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys
13:17:11.0594 4804  A2DDA - ok
13:17:11.0750 4804  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:17:11.0750 4804  ACPI - ok
13:17:11.0781 4804  [ B0269F270D29F0B0D602959271AB623B ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:17:11.0797 4804  ADIHdAudAddService - ok
13:17:11.0844 4804  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:17:11.0844 4804  adp94xx - ok
13:17:11.0859 4804  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:17:11.0875 4804  adpahci - ok
13:17:11.0890 4804  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:17:11.0890 4804  adpu160m - ok
13:17:11.0906 4804  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:17:11.0906 4804  adpu320 - ok
13:17:11.0937 4804  [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
13:17:11.0937 4804  AEADIFilters - ok
13:17:11.0968 4804  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:17:11.0968 4804  AeLookupSvc - ok
13:17:12.0000 4804  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:17:12.0015 4804  AFD - ok
13:17:12.0031 4804  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:17:12.0046 4804  agp440 - ok
13:17:12.0062 4804  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:17:12.0062 4804  aic78xx - ok
13:17:12.0093 4804  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:17:12.0093 4804  ALG - ok
13:17:12.0124 4804  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:17:12.0124 4804  aliide - ok
13:17:12.0140 4804  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:17:12.0140 4804  amdagp - ok
13:17:12.0171 4804  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
13:17:12.0171 4804  amdide - ok
13:17:12.0187 4804  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:17:12.0187 4804  AmdK7 - ok
13:17:12.0202 4804  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:17:12.0202 4804  AmdK8 - ok
13:17:12.0234 4804  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:17:12.0234 4804  Appinfo - ok
13:17:12.0312 4804  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:17:12.0312 4804  Apple Mobile Device - ok
13:17:12.0358 4804  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:17:12.0358 4804  AppMgmt - ok
13:17:12.0390 4804  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
13:17:12.0390 4804  arc - ok
13:17:12.0405 4804  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:17:12.0405 4804  arcsas - ok
13:17:12.0483 4804  [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker        c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
13:17:12.0483 4804  ASBroker - ok
13:17:12.0514 4804  [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel       c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
13:17:12.0514 4804  ASChannel - ok
13:17:12.0561 4804  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:17:12.0561 4804  aswFsBlk - ok
13:17:12.0577 4804  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:17:12.0577 4804  aswMonFlt - ok
13:17:12.0608 4804  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
13:17:12.0608 4804  AswRdr - ok
13:17:12.0655 4804  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:17:12.0655 4804  aswRvrt - ok
13:17:12.0702 4804  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:17:12.0717 4804  aswSnx - ok
13:17:12.0733 4804  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:17:12.0748 4804  aswSP - ok
13:17:12.0764 4804  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:17:12.0764 4804  aswTdi - ok
13:17:12.0795 4804  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:17:12.0795 4804  aswVmm - ok
13:17:12.0842 4804  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:17:12.0842 4804  AsyncMac - ok
13:17:12.0873 4804  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:17:12.0873 4804  atapi - ok
13:17:12.0936 4804  [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv        C:\Program Files\Intel\AMT\atchksrv.exe
13:17:12.0936 4804  atchksrv - ok
13:17:12.0982 4804  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:17:12.0998 4804  AudioEndpointBuilder - ok
13:17:12.0998 4804  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:17:13.0014 4804  Audiosrv - ok
13:17:13.0107 4804  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:17:13.0107 4804  avast! Antivirus - ok
13:17:13.0107 4804  AVGIDSHX - ok
13:17:13.0123 4804  AVGIDSShim - ok
13:17:13.0170 4804  [ 8E287EB3A52FD30C999482C576F4A61B ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:17:13.0170 4804  b57nd60x - ok
13:17:13.0216 4804  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:17:13.0216 4804  Beep - ok
13:17:13.0279 4804  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:17:13.0279 4804  BFE - ok
13:17:13.0341 4804  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
13:17:13.0357 4804  BITS - ok
13:17:13.0372 4804  blbdrive - ok
13:17:13.0435 4804  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:17:13.0435 4804  Bonjour Service - ok
13:17:13.0482 4804  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:17:13.0482 4804  bowser - ok
13:17:13.0497 4804  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:17:13.0513 4804  BrFiltLo - ok
13:17:13.0528 4804  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:17:13.0528 4804  BrFiltUp - ok
13:17:13.0560 4804  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:17:13.0560 4804  Browser - ok
13:17:13.0591 4804  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:17:13.0591 4804  Brserid - ok
13:17:13.0606 4804  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:17:13.0622 4804  BrSerWdm - ok
13:17:13.0622 4804  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:17:13.0638 4804  BrUsbMdm - ok
13:17:13.0653 4804  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:17:13.0653 4804  BrUsbSer - ok
13:17:13.0669 4804  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:17:13.0669 4804  BTHMODEM - ok
13:17:13.0700 4804  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:17:13.0700 4804  cdfs - ok
13:17:13.0747 4804  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:17:13.0762 4804  cdrom - ok
13:17:13.0794 4804  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:17:13.0794 4804  CertPropSvc - ok
13:17:13.0825 4804  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:17:13.0825 4804  circlass - ok
13:17:13.0856 4804  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:17:13.0856 4804  CLFS - ok
13:17:13.0903 4804  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:13.0903 4804  clr_optimization_v2.0.50727_32 - ok
13:17:13.0965 4804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:17:13.0981 4804  clr_optimization_v4.0.30319_32 - ok
13:17:13.0996 4804  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:17:13.0996 4804  cmdide - ok
13:17:14.0028 4804  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:17:14.0028 4804  Compbatt - ok
13:17:14.0028 4804  COMSysApp - ok
13:17:14.0059 4804  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:17:14.0059 4804  crcdisk - ok
13:17:14.0074 4804  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:17:14.0074 4804  Crusoe - ok
13:17:14.0121 4804  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:17:14.0121 4804  CryptSvc - ok
13:17:14.0184 4804  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
13:17:14.0184 4804  CSC - ok
13:17:14.0246 4804  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
13:17:14.0246 4804  CscService - ok
13:17:14.0324 4804  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:17:14.0355 4804  DcomLaunch - ok
13:17:14.0386 4804  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:17:14.0386 4804  DfsC - ok
13:17:14.0480 4804  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
13:17:14.0511 4804  DFSR - ok
13:17:14.0527 4804  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:17:14.0542 4804  Dhcp - ok
13:17:14.0574 4804  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:17:14.0574 4804  disk - ok
13:17:14.0605 4804  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:17:14.0605 4804  Dnscache - ok
13:17:14.0620 4804  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:17:14.0620 4804  dot3svc - ok
13:17:14.0667 4804  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:17:14.0667 4804  DPS - ok
13:17:14.0698 4804  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:17:14.0698 4804  drmkaud - ok
13:17:14.0761 4804  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:17:14.0776 4804  DXGKrnl - ok
13:17:14.0808 4804  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
13:17:14.0808 4804  e1express - ok
13:17:14.0839 4804  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:17:14.0854 4804  E1G60 - ok
13:17:14.0886 4804  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:17:14.0886 4804  EapHost - ok
13:17:14.0964 4804  [ 1428AF5504E8D8B353F5136BDECC20CC ] EaseUS Agent    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
13:17:14.0964 4804  EaseUS Agent - ok
13:17:15.0026 4804  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:17:15.0026 4804  Ecache - ok
13:17:15.0057 4804  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:17:15.0073 4804  elxstor - ok
13:17:15.0104 4804  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:17:15.0120 4804  EMDMgmt - ok
13:17:15.0151 4804  [ 61C0226B938C35371AB0228834EF087F ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
13:17:15.0151 4804  EUBAKUP - ok
13:17:15.0166 4804  [ C0C90DF6E674FE6944F75D42E38E09FE ] EUBKMON         C:\Windows\system32\drivers\EUBKMON.sys
13:17:15.0166 4804  EUBKMON - ok
13:17:15.0182 4804  [ 070A738258ABAC3918897BA4B16E0C30 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
13:17:15.0182 4804  EUDSKACS - ok
13:17:15.0198 4804  [ CA8E59615F7D2243B567DED4F9647D5F ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
13:17:15.0198 4804  EUFDDISK - ok
13:17:15.0260 4804  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:17:15.0260 4804  EventSystem - ok
13:17:15.0291 4804  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:17:15.0291 4804  exfat - ok
13:17:15.0338 4804  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:17:15.0338 4804  fastfat - ok
13:17:15.0369 4804  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
13:17:15.0385 4804  Fax - ok
13:17:15.0416 4804  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:17:15.0416 4804  fdc - ok
13:17:15.0447 4804  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:17:15.0447 4804  fdPHost - ok
13:17:15.0478 4804  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:17:15.0478 4804  FDResPub - ok
13:17:15.0525 4804  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:17:15.0525 4804  FileInfo - ok
13:17:15.0572 4804  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:17:15.0572 4804  Filetrace - ok
13:17:15.0603 4804  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:17:15.0603 4804  flpydisk - ok
13:17:15.0650 4804  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:17:15.0650 4804  FltMgr - ok
13:17:15.0712 4804  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
13:17:15.0728 4804  FontCache - ok
13:17:15.0790 4804  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:17:15.0790 4804  FontCache3.0.0.0 - ok
13:17:15.0822 4804  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:17:15.0822 4804  Fs_Rec - ok
13:17:15.0853 4804  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:17:15.0853 4804  gagp30kx - ok
13:17:15.0884 4804  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:17:15.0884 4804  GEARAspiWDM - ok
13:17:15.0946 4804  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:17:15.0946 4804  gpsvc - ok
13:17:15.0978 4804  [ 922D79BFE60E6277DAA15DFD2A751F4D ] Guard Agent     C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
13:17:15.0978 4804  Guard Agent - ok
13:17:16.0024 4804  [ 112405138D48ED3B63F0D61F7B588784 ] GUCI_AVS        C:\Windows\system32\DRIVERS\GUCI_AVS.sys
13:17:16.0024 4804  GUCI_AVS - ok
13:17:16.0071 4804  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:17:16.0071 4804  HdAudAddService - ok
13:17:16.0134 4804  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:17:16.0149 4804  HDAudBus - ok
13:17:16.0180 4804  [ 0BF1D760B05CAAAF231123D53C4789E2 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
13:17:16.0180 4804  HECI - ok
13:17:16.0212 4804  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:17:16.0212 4804  HidBth - ok
13:17:16.0227 4804  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:17:16.0227 4804  HidIr - ok
13:17:16.0274 4804  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
13:17:16.0274 4804  hidserv - ok
13:17:16.0274 4804  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:17:16.0290 4804  HidUsb - ok
13:17:16.0321 4804  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:17:16.0321 4804  hkmsvc - ok
13:17:16.0352 4804  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:17:16.0352 4804  HpCISSs - ok
13:17:16.0399 4804  [ 58ED131AA616E4EF5F645A655BA9DA9E ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
13:17:16.0399 4804  HpFkCryptService - ok
13:17:16.0477 4804  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
13:17:16.0492 4804  hpqwmiex - ok
13:17:16.0539 4804  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:17:16.0539 4804  HTTP - ok
13:17:16.0570 4804  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:17:16.0570 4804  i2omp - ok
13:17:16.0602 4804  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:17:16.0602 4804  i8042prt - ok
13:17:16.0633 4804  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
13:17:16.0633 4804  iaStor - ok
13:17:16.0680 4804  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:17:16.0680 4804  iaStorV - ok
13:17:16.0742 4804  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:17:16.0758 4804  idsvc - ok
13:17:16.0820 4804  [ D4B018A81FF3B145FA3022380971545C ] IFXSpMgtSrv     C:\Windows\system32\ifxspmgt.exe
13:17:16.0820 4804  IFXSpMgtSrv - ok
13:17:16.0867 4804  [ B46ED1763468A380931BAA84D1E3CE96 ] IFXTCS          C:\Windows\system32\ifxtcs.exe
13:17:16.0882 4804  IFXTCS - ok
13:17:16.0976 4804  [ 62F534791AE488A475A3E508D92AF4CC ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:17:16.0992 4804  igfx - ok
13:17:17.0023 4804  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:17:17.0023 4804  iirsp - ok
13:17:17.0070 4804  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:17:17.0101 4804  IKEEXT - ok
13:17:17.0116 4804  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:17:17.0132 4804  intelide - ok
13:17:17.0163 4804  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:17:17.0163 4804  intelppm - ok
13:17:17.0194 4804  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:17:17.0194 4804  IPBusEnum - ok
13:17:17.0241 4804  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:17:17.0241 4804  IpFilterDriver - ok
13:17:17.0272 4804  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:17:17.0288 4804  iphlpsvc - ok
13:17:17.0304 4804  IpInIp - ok
13:17:17.0350 4804  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:17:17.0350 4804  IPMIDRV - ok
13:17:17.0397 4804  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:17:17.0397 4804  IPNAT - ok
13:17:17.0444 4804  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:17:17.0475 4804  iPod Service - ok
13:17:17.0506 4804  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:17:17.0506 4804  IRENUM - ok
13:17:17.0553 4804  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:17:17.0553 4804  isapnp - ok
13:17:17.0600 4804  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:17:17.0600 4804  iScsiPrt - ok
13:17:17.0616 4804  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:17:17.0631 4804  iteatapi - ok
13:17:17.0647 4804  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:17:17.0647 4804  iteraid - ok
13:17:17.0678 4804  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:17:17.0694 4804  kbdclass - ok
13:17:17.0740 4804  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:17:17.0740 4804  kbdhid - ok
13:17:17.0787 4804  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:17:17.0787 4804  KeyIso - ok
13:17:17.0818 4804  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:17:17.0834 4804  KSecDD - ok
13:17:17.0881 4804  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:17:17.0896 4804  KtmRm - ok
13:17:17.0943 4804  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:17:17.0959 4804  LanmanServer - ok
13:17:17.0990 4804  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:17:18.0006 4804  LanmanWorkstation - ok
13:17:18.0068 4804  [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:17:18.0068 4804  LightScribeService - ok
13:17:18.0099 4804  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:17:18.0099 4804  lltdio - ok
13:17:18.0130 4804  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:17:18.0146 4804  lltdsvc - ok
13:17:18.0177 4804  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:17:18.0177 4804  lmhosts - ok
13:17:18.0193 4804  [ C518D248041C259FCFA7175C866915C3 ] LMS             C:\Program Files\Intel\AMT\LMS.exe
13:17:18.0208 4804  LMS - ok
13:17:18.0240 4804  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:17:18.0240 4804  LSI_FC - ok
13:17:18.0255 4804  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:17:18.0255 4804  LSI_SAS - ok
13:17:18.0286 4804  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:17:18.0286 4804  LSI_SCSI - ok
13:17:18.0318 4804  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:17:18.0333 4804  luafv - ok
13:17:18.0349 4804  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:17:18.0349 4804  MBAMProtector - ok
13:17:18.0396 4804  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:17:18.0411 4804  MBAMScheduler - ok
13:17:18.0442 4804  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:17:18.0458 4804  MBAMService - ok
13:17:18.0520 4804  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:17:18.0536 4804  MDM - ok
13:17:18.0567 4804  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
13:17:18.0567 4804  megasas - ok
13:17:18.0598 4804  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:17:18.0614 4804  MMCSS - ok
13:17:18.0661 4804  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:17:18.0661 4804  Modem - ok
13:17:18.0692 4804  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:17:18.0692 4804  monitor - ok
13:17:18.0708 4804  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:17:18.0708 4804  mouclass - ok
13:17:18.0739 4804  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:17:18.0739 4804  mouhid - ok
13:17:18.0770 4804  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:17:18.0770 4804  MountMgr - ok
13:17:18.0801 4804  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:17:18.0801 4804  mpio - ok
13:17:18.0832 4804  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:17:18.0832 4804  mpsdrv - ok
13:17:18.0895 4804  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:17:18.0910 4804  MpsSvc - ok
13:17:18.0942 4804  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:17:18.0942 4804  Mraid35x - ok
13:17:18.0973 4804  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:17:18.0973 4804  MRxDAV - ok
13:17:19.0004 4804  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:17:19.0020 4804  mrxsmb - ok
13:17:19.0035 4804  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:17:19.0035 4804  mrxsmb10 - ok
13:17:19.0051 4804  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:17:19.0051 4804  mrxsmb20 - ok
13:17:19.0082 4804  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:17:19.0098 4804  msahci - ok
13:17:19.0113 4804  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:17:19.0129 4804  msdsm - ok
13:17:19.0160 4804  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:17:19.0176 4804  MSDTC - ok
13:17:19.0207 4804  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:17:19.0207 4804  Msfs - ok
13:17:19.0238 4804  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:17:19.0238 4804  msisadrv - ok
13:17:19.0285 4804  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:17:19.0300 4804  MSiSCSI - ok
13:17:19.0316 4804  msiserver - ok
13:17:19.0347 4804  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:17:19.0347 4804  MSKSSRV - ok
13:17:19.0363 4804  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:17:19.0363 4804  MSPCLOCK - ok
13:17:19.0378 4804  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:17:19.0378 4804  MSPQM - ok
13:17:19.0425 4804  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:17:19.0425 4804  MsRPC - ok
13:17:19.0472 4804  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:17:19.0472 4804  mssmbios - ok
13:17:19.0488 4804  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:17:19.0488 4804  MSTEE - ok
13:17:19.0534 4804  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:17:19.0534 4804  Mup - ok
13:17:19.0581 4804  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:17:19.0597 4804  napagent - ok
13:17:19.0644 4804  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:17:19.0644 4804  NativeWifiP - ok
13:17:19.0690 4804  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:17:19.0722 4804  NDIS - ok
13:17:19.0737 4804  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:17:19.0737 4804  NdisTapi - ok
13:17:19.0768 4804  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:17:19.0768 4804  Ndisuio - ok
13:17:19.0800 4804  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:17:19.0815 4804  NdisWan - ok
13:17:19.0831 4804  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:17:19.0846 4804  NDProxy - ok
13:17:19.0862 4804  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:17:19.0862 4804  NetBIOS - ok
13:17:19.0878 4804  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:17:19.0893 4804  netbt - ok
13:17:19.0909 4804  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:17:19.0909 4804  Netlogon - ok
13:17:19.0940 4804  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:17:19.0956 4804  Netman - ok
13:17:19.0987 4804  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:17:19.0987 4804  netprofm - ok
13:17:20.0034 4804  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:17:20.0034 4804  NetTcpPortSharing - ok
13:17:20.0080 4804  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:17:20.0080 4804  nfrd960 - ok
13:17:20.0112 4804  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:17:20.0127 4804  NlaSvc - ok
13:17:20.0190 4804  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:17:20.0190 4804  Npfs - ok
13:17:20.0205 4804  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:17:20.0221 4804  nsi - ok
13:17:20.0252 4804  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:17:20.0252 4804  nsiproxy - ok
13:17:20.0299 4804  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:17:20.0330 4804  Ntfs - ok
13:17:20.0377 4804  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:17:20.0377 4804  ntrigdigi - ok
13:17:20.0408 4804  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:17:20.0408 4804  Null - ok
13:17:20.0439 4804  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:17:20.0439 4804  nvraid - ok
13:17:20.0455 4804  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:17:20.0455 4804  nvstor - ok
13:17:20.0486 4804  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:17:20.0486 4804  nv_agp - ok
13:17:20.0502 4804  NwlnkFlt - ok
13:17:20.0517 4804  NwlnkFwd - ok
13:17:20.0533 4804  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:17:20.0533 4804  ohci1394 - ok
13:17:20.0611 4804  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:17:20.0626 4804  p2pimsvc - ok
13:17:20.0658 4804  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:17:20.0673 4804  p2psvc - ok
13:17:20.0704 4804  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:17:20.0704 4804  Parport - ok
13:17:20.0736 4804  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:17:20.0751 4804  partmgr - ok
13:17:20.0782 4804  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:17:20.0782 4804  Parvdm - ok
13:17:20.0814 4804  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:17:20.0829 4804  PcaSvc - ok
13:17:20.0860 4804  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:17:20.0876 4804  pci - ok
13:17:20.0923 4804  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
13:17:20.0923 4804  pciide - ok
13:17:20.0954 4804  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:17:20.0954 4804  pcmcia - ok
13:17:20.0985 4804  pdfcDispatcher - ok
13:17:21.0032 4804  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:17:21.0063 4804  PEAUTH - ok
13:17:21.0094 4804  [ E541A80CDFFD6077C761B4578EFC0450 ] pelmouse        C:\Windows\system32\DRIVERS\pelmouse.sys
13:17:21.0094 4804  pelmouse - ok
13:17:21.0126 4804  [ 6432858A4493E906A7D61B9B17A0672A ] pelusblf        C:\Windows\system32\DRIVERS\pelusblf.sys
13:17:21.0126 4804  pelusblf - ok
13:17:21.0172 4804  [ C7D5CF6C7DBE6D96DE252457721BD0E8 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
13:17:21.0188 4804  PersonalSecureDrive - ok
13:17:21.0204 4804  [ 7E5044241347DA7AB89137572A4E461D ] PersonalSecureDriveService C:\Windows\system32\IfxPsdSv.exe
13:17:21.0204 4804  PersonalSecureDriveService - ok
13:17:21.0235 4804  [ 7A805CE3682BE4B811B17205B640DD1F ] PFNet           C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
13:17:21.0250 4804  PFNet - ok
13:17:21.0313 4804  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:17:21.0375 4804  pla - ok
13:17:21.0406 4804  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:17:21.0422 4804  PlugPlay - ok
13:17:21.0469 4804  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:17:21.0484 4804  PNRPAutoReg - ok
13:17:21.0500 4804  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:17:21.0516 4804  PNRPsvc - ok
13:17:21.0578 4804  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:17:21.0578 4804  PolicyAgent - ok
13:17:21.0625 4804  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:17:21.0625 4804  PptpMiniport - ok
13:17:21.0656 4804  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
13:17:21.0672 4804  Processor - ok
13:17:21.0703 4804  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:17:21.0718 4804  ProfSvc - ok
13:17:21.0734 4804  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:17:21.0734 4804  ProtectedStorage - ok
13:17:21.0796 4804  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:17:21.0796 4804  PSched - ok
13:17:21.0828 4804  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
13:17:21.0843 4804  PSI - ok
13:17:21.0874 4804  [ 82F9873AF1B0E075ACE1D1F82AE4FF46 ] pwipf6          C:\Windows\system32\DRIVERS\pwipf6.sys
13:17:21.0874 4804  pwipf6 - ok
13:17:21.0906 4804  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
13:17:21.0906 4804  PxHelp20 - ok
13:17:21.0984 4804  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:17:22.0015 4804  ql2300 - ok
13:17:22.0046 4804  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:17:22.0046 4804  ql40xx - ok
13:17:22.0077 4804  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:17:22.0093 4804  QWAVE - ok
13:17:22.0124 4804  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:17:22.0124 4804  QWAVEdrv - ok
13:17:22.0155 4804  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:17:22.0155 4804  RasAcd - ok
13:17:22.0186 4804  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:17:22.0202 4804  RasAuto - ok
13:17:22.0233 4804  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:17:22.0233 4804  Rasl2tp - ok
13:17:22.0296 4804  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:17:22.0296 4804  RasMan - ok
13:17:22.0311 4804  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:17:22.0311 4804  RasPppoe - ok
13:17:22.0342 4804  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:17:22.0342 4804  RasSstp - ok
13:17:22.0358 4804  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:17:22.0374 4804  rdbss - ok
13:17:22.0389 4804  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:17:22.0389 4804  RDPCDD - ok
13:17:22.0420 4804  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
13:17:22.0436 4804  rdpdr - ok
13:17:22.0452 4804  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:17:22.0452 4804  RDPENCDD - ok
13:17:22.0498 4804  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:17:22.0514 4804  RDPWD - ok
13:17:22.0545 4804  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:17:22.0545 4804  RemoteAccess - ok
13:17:22.0608 4804  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:17:22.0623 4804  RemoteRegistry - ok
13:17:22.0748 4804  [ D2D4D149AB1F6EE7EB0A7AFCE47A66E0 ] RoxMediaDB10    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:17:22.0779 4804  RoxMediaDB10 - ok
13:17:22.0826 4804  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:17:22.0826 4804  RpcLocator - ok
13:17:22.0857 4804  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:17:22.0873 4804  RpcSs - ok
13:17:22.0904 4804  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:17:22.0904 4804  rspndr - ok
13:17:22.0935 4804  [ 02FF0FBD2945B7DD67DB3FB0248AE61E ] RsvLock         C:\Windows\system32\drivers\RsvLock.sys
13:17:22.0935 4804  RsvLock - ok
13:17:22.0951 4804  [ 0E448C0306BA36CFD5C2388046E4ACE0 ] SafeBoot        C:\Windows\system32\drivers\SafeBoot.sys
13:17:22.0951 4804  Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 0E448C0306BA36CFD5C2388046E4ACE0
13:17:22.0951 4804  SafeBoot ( LockedFile.Multi.Generic ) - warning
13:17:22.0951 4804  SafeBoot - detected LockedFile.Multi.Generic (1)
13:17:22.0966 4804  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:17:22.0966 4804  SamSs - ok
13:17:23.0013 4804  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:17:23.0013 4804  SASDIFSV - ok
13:17:23.0029 4804  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:17:23.0029 4804  SASKUTIL - ok
13:17:23.0060 4804  [ F6367FB350F8E5D3F6DD8040E4C0E33B ] SbAlg           C:\Windows\system32\drivers\SbAlg.sys
13:17:23.0060 4804  SbAlg - ok
13:17:23.0091 4804  [ D48F49EF1CFD73D7371B96839529BC89 ] SbFsLock        C:\Windows\system32\drivers\SbFsLock.sys
13:17:23.0091 4804  SbFsLock - ok
13:17:23.0138 4804  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:17:23.0138 4804  sbp2port - ok
13:17:23.0185 4804  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:17:23.0200 4804  SCardSvr - ok
13:17:23.0247 4804  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:17:23.0278 4804  Schedule - ok
13:17:23.0325 4804  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:17:23.0325 4804  SCPolicySvc - ok
13:17:23.0341 4804  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:17:23.0356 4804  SDRSVC - ok
13:17:23.0450 4804  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
13:17:23.0481 4804  SDScannerService - ok
13:17:23.0544 4804  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:17:23.0590 4804  SDUpdateService - ok
13:17:23.0622 4804  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:17:23.0622 4804  SDWSCService - ok
13:17:23.0653 4804  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:17:23.0653 4804  secdrv - ok
13:17:23.0668 4804  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:17:23.0684 4804  seclogon - ok
13:17:23.0762 4804  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:17:23.0809 4804  Secunia PSI Agent - ok
13:17:23.0856 4804  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:17:23.0871 4804  Secunia Update Agent - ok
13:17:23.0902 4804  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
13:17:23.0902 4804  SENS - ok
13:17:23.0918 4804  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:17:23.0918 4804  Serenum - ok
13:17:23.0949 4804  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:17:23.0949 4804  Serial - ok
13:17:23.0980 4804  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:17:23.0980 4804  sermouse - ok
13:17:24.0027 4804  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:17:24.0027 4804  SessionEnv - ok
13:17:24.0058 4804  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:17:24.0058 4804  sffdisk - ok
13:17:24.0090 4804  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:17:24.0090 4804  sffp_mmc - ok
13:17:24.0105 4804  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:17:24.0105 4804  sffp_sd - ok
13:17:24.0152 4804  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:17:24.0152 4804  sfloppy - ok
13:17:24.0183 4804  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:17:24.0199 4804  SharedAccess - ok
13:17:24.0230 4804  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:17:24.0261 4804  ShellHWDetection - ok
13:17:24.0277 4804  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:17:24.0292 4804  sisagp - ok
13:17:24.0324 4804  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:17:24.0324 4804  SiSRaid2 - ok
13:17:24.0355 4804  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:17:24.0355 4804  SiSRaid4 - ok
13:17:24.0511 4804  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:17:24.0604 4804  Skype C2C Service - ok
13:17:24.0651 4804  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:17:24.0667 4804  SkypeUpdate - ok
13:17:24.0792 4804  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:17:24.0901 4804  slsvc - ok
13:17:24.0916 4804  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:17:24.0916 4804  SLUINotify - ok
13:17:24.0963 4804  [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:17:24.0963 4804  SmartDefragDriver - ok
13:17:24.0963 4804  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:17:24.0979 4804  Smb - ok
13:17:25.0010 4804  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:17:25.0026 4804  SNMPTRAP - ok
13:17:25.0057 4804  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:17:25.0057 4804  spldr - ok
13:17:25.0088 4804  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:17:25.0104 4804  Spooler - ok
13:17:25.0135 4804  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:17:25.0166 4804  srv - ok
13:17:25.0182 4804  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:17:25.0197 4804  srv2 - ok
13:17:25.0213 4804  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:17:25.0213 4804  srvnet - ok
13:17:25.0244 4804  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:17:25.0260 4804  SSDPSRV - ok
13:17:25.0291 4804  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:17:25.0306 4804  SstpSvc - ok
13:17:25.0322 4804  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:17:25.0338 4804  StillCam - ok
13:17:25.0384 4804  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:17:25.0416 4804  stisvc - ok
13:17:25.0462 4804  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:17:25.0462 4804  stllssvr - ok
13:17:25.0478 4804  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:17:25.0478 4804  swenum - ok
13:17:25.0525 4804  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:17:25.0540 4804  swprv - ok
13:17:25.0587 4804  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:17:25.0587 4804  Symc8xx - ok
13:17:25.0618 4804  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:17:25.0618 4804  Sym_hi - ok
13:17:25.0634 4804  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:17:25.0634 4804  Sym_u3 - ok
13:17:25.0681 4804  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:17:25.0712 4804  SysMain - ok
13:17:25.0743 4804  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:17:25.0759 4804  TabletInputService - ok
13:17:25.0806 4804  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:17:25.0806 4804  TapiSrv - ok
13:17:25.0837 4804  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:17:25.0852 4804  TBS - ok
13:17:25.0930 4804  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:17:25.0962 4804  Tcpip - ok
13:17:26.0008 4804  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:17:26.0008 4804  Tcpip6 - ok
13:17:26.0071 4804  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:17:26.0071 4804  tcpipreg - ok
13:17:26.0102 4804  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:17:26.0102 4804  TDPIPE - ok
13:17:26.0149 4804  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:17:26.0164 4804  TDTCP - ok
13:17:26.0196 4804  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:17:26.0196 4804  tdx - ok
13:17:26.0227 4804  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:17:26.0227 4804  TermDD - ok
13:17:26.0274 4804  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:17:26.0289 4804  TermService - ok
13:17:26.0320 4804  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:17:26.0336 4804  Themes - ok
13:17:26.0352 4804  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:17:26.0352 4804  THREADORDER - ok
13:17:26.0398 4804  [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:17:26.0398 4804  TPM - ok
13:17:26.0430 4804  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:17:26.0445 4804  TrkWks - ok
13:17:26.0508 4804  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:17:26.0508 4804  TrustedInstaller - ok
13:17:26.0554 4804  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:26.0554 4804  tssecsrv - ok
13:17:26.0586 4804  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:17:26.0586 4804  tunmp - ok
13:17:26.0601 4804  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:17:26.0601 4804  tunnel - ok
13:17:26.0648 4804  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:17:26.0664 4804  uagp35 - ok
13:17:26.0695 4804  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:17:26.0695 4804  udfs - ok
13:17:26.0742 4804  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:17:26.0757 4804  UI0Detect - ok
13:17:26.0788 4804  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:17:26.0788 4804  uliagpkx - ok
13:17:26.0820 4804  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:17:26.0835 4804  uliahci - ok
13:17:26.0851 4804  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:17:26.0851 4804  UlSata - ok
13:17:26.0882 4804  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:17:26.0882 4804  ulsata2 - ok
13:17:26.0913 4804  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:17:26.0913 4804  umbus - ok
13:17:26.0944 4804  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:17:26.0960 4804  UmRdpService - ok
13:17:27.0054 4804  [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS             C:\Program Files\Intel\AMT\UNS.exe
13:17:27.0132 4804  UNS - ok
13:17:27.0163 4804  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:17:27.0178 4804  upnphost - ok
13:17:27.0210 4804  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:17:27.0225 4804  USBAAPL - ok
13:17:27.0256 4804  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:27.0256 4804  usbccgp - ok
13:17:27.0303 4804  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:17:27.0303 4804  usbcir - ok
13:17:27.0350 4804  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:17:27.0350 4804  usbehci - ok
13:17:27.0366 4804  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:17:27.0381 4804  usbhub - ok
13:17:27.0397 4804  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:17:27.0397 4804  usbohci - ok
13:17:27.0428 4804  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:17:27.0428 4804  usbprint - ok
13:17:27.0459 4804  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:17:27.0475 4804  USBSTOR - ok
13:17:27.0506 4804  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:17:27.0506 4804  usbuhci - ok
13:17:27.0553 4804  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:17:27.0553 4804  usbvideo - ok
13:17:27.0584 4804  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:17:27.0600 4804  UxSms - ok
13:17:27.0631 4804  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:17:27.0646 4804  vds - ok
13:17:27.0693 4804  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:27.0693 4804  vga - ok
13:17:27.0724 4804  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:17:27.0724 4804  VgaSave - ok
13:17:27.0740 4804  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:17:27.0740 4804  viaagp - ok
13:17:27.0771 4804  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:17:27.0771 4804  ViaC7 - ok
13:17:27.0787 4804  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:17:27.0787 4804  viaide - ok
13:17:27.0818 4804  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:17:27.0834 4804  volmgr - ok
13:17:27.0880 4804  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:17:27.0880 4804  volmgrx - ok
13:17:27.0927 4804  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:17:27.0927 4804  volsnap - ok
13:17:27.0958 4804  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:17:27.0974 4804  vsmraid - ok
13:17:28.0021 4804  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:17:28.0068 4804  VSS - ok
13:17:28.0114 4804  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:17:28.0130 4804  W32Time - ok
13:17:28.0161 4804  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:17:28.0161 4804  WacomPen - ok
13:17:28.0192 4804  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:17:28.0208 4804  Wanarp - ok
13:17:28.0208 4804  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:17:28.0208 4804  Wanarpv6 - ok
13:17:28.0270 4804  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
13:17:28.0317 4804  wbengine - ok
13:17:28.0348 4804  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:17:28.0364 4804  wcncsvc - ok
13:17:28.0395 4804  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:17:28.0395 4804  WcsPlugInService - ok
13:17:28.0442 4804  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:17:28.0442 4804  Wd - ok
13:17:28.0489 4804  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:17:28.0504 4804  Wdf01000 - ok
13:17:28.0551 4804  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:17:28.0567 4804  WdiServiceHost - ok
13:17:28.0567 4804  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:17:28.0582 4804  WdiSystemHost - ok
13:17:28.0629 4804  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:17:28.0645 4804  WebClient - ok
13:17:28.0692 4804  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:17:28.0707 4804  Wecsvc - ok
13:17:28.0738 4804  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:17:28.0754 4804  wercplsupport - ok
13:17:28.0770 4804  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:17:28.0785 4804  WerSvc - ok
13:17:28.0848 4804  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:17:28.0848 4804  WinDefend - ok
13:17:28.0863 4804  WinHttpAutoProxySvc - ok
13:17:28.0926 4804  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:17:28.0926 4804  Winmgmt - ok
13:17:28.0988 4804  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:17:29.0035 4804  WinRM - ok
13:17:29.0082 4804  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:17:29.0097 4804  Wlansvc - ok
13:17:29.0128 4804  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:17:29.0128 4804  WmiAcpi - ok
13:17:29.0175 4804  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:17:29.0191 4804  wmiApSrv - ok
13:17:29.0253 4804  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:17:29.0284 4804  WMPNetworkSvc - ok
13:17:29.0347 4804  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:17:29.0347 4804  WPDBusEnum - ok
13:17:29.0394 4804  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:17:29.0394 4804  WpdUsb - ok
13:17:29.0503 4804  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:17:29.0518 4804  WPFFontCache_v0400 - ok
13:17:29.0550 4804  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:17:29.0565 4804  ws2ifsl - ok
13:17:29.0596 4804  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
13:17:29.0612 4804  wscsvc - ok
13:17:29.0612 4804  WSearch - ok
13:17:29.0706 4804  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:17:29.0768 4804  wuauserv - ok
13:17:29.0815 4804  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:17:29.0815 4804  WudfPf - ok
13:17:29.0830 4804  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:29.0846 4804  WUDFRd - ok
13:17:29.0877 4804  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:17:29.0893 4804  wudfsvc - ok
13:17:29.0908 4804  ================ Scan global ===============================
13:17:29.0940 4804  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:17:29.0986 4804  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:17:30.0033 4804  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:17:30.0096 4804  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:17:30.0111 4804  [Global] - ok
13:17:30.0111 4804  ================ Scan MBR ==================================
13:17:30.0127 4804  [ 4975BDBEDA8A3AFB2AEADEFC06CE9E12 ] \Device\Harddisk0\DR0
13:17:30.0579 4804  \Device\Harddisk0\DR0 - ok
13:17:30.0579 4804  ================ Scan VBR ==================================
13:17:30.0579 4804  [ A464E76139FD33FE4746C7C8E960CBB0 ] \Device\Harddisk0\DR0\Partition1
13:17:30.0579 4804  \Device\Harddisk0\DR0\Partition1 - ok
13:17:30.0595 4804  [ C17F8E53AA8FC60DE48E3B716B15F8A1 ] \Device\Harddisk0\DR0\Partition2
13:17:30.0595 4804  \Device\Harddisk0\DR0\Partition2 - ok
13:17:30.0595 4804  ============================================================
13:17:30.0595 4804  Scan finished
13:17:30.0595 4804  ============================================================
13:17:30.0610 4820  Detected object count: 1
13:17:30.0610 4820  Actual detected object count: 1
13:17:38.0629 4820  C:\Windows\system32\drivers\SafeBoot.sys - copied to quarantine
13:17:38.0676 4820  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine 
13:18:34.0571 6012  Deinitialize success
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 31 March 2013 - 01:33 AM

Post deleted.

Attached Files


Edited by Mike2015, 31 March 2013 - 01:43 AM.


#3 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 31 March 2013 - 01:37 AM

Hi,

 

Sorry (not yet very proficient) I think the attachment failed. Retrying now..

Attached Files


Edited by Mike2015, 31 March 2013 - 01:40 AM.


#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 02 April 2013 - 12:38 PM

Hy there.

Do you have a pre-installed Operation System ( Recovery Partition ) ?



Please download Farbar's Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 03 April 2013 - 05:13 AM

Hi,

 

I'm not sure if this has recovery partition. But I did a system back up with Ease Us todo backup (USB boot) probably 6 months ago. I also made Sardu USB with Kaspersky boot in it. But it didn't find anything in the boot scan. Also I  added Hiren boot but I don't remember if the site where I downloaded it from is trustworthy. I'm having my doubts now.. (Just giving you all the background info...) Posting the FSS results below.. Thanks!  

 

 

 

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by Standard (ATTENTION: The logged in user is not administrator) on 03-04-2013 at 17:56:26
Running from "C:\Users\Standard\Downloads"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-15 10:15] - [2013-01-04 19:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 03 April 2013 - 09:18 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

 

 

 

 

  • Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in
  • activex
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemroot%\*. /mp /s
    %windir%\installer\*. /5
    %localappdata%\*. /5
    /md5start
    services.exe
    user32.dll
    /md5stop
    CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please post both logfiles in your next reply.

 

 

 

  • Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Show All (don't miss this one)
  •  
  •  
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Edited by Larusso, 03 April 2013 - 09:23 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 04 April 2013 - 07:41 AM

Hi Daniel,

 

Thank you for your assistance! Pasting the OTL logs below:

 

I just encountered a minor problem at first. I don't know if this is relevant. The OTL won't save in my desktop screen. Just on the desktop files on explorer window. So I clicked to open it from there. 

 

 

 

 

OTL Extras logfile created on: 4/4/2013 8:07:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standard\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
993.55 Mb Total Physical Memory | 331.30 Mb Available Physical Memory | 33.34% Memory free
2.20 Gb Paging File | 1.28 Gb Available in Paging File | 58.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 62.98 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.55 Gb Free Space | 79.18% Space Free | Partition Type: NTFS
 
Computer Name: BTR-PC | User Name: btr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038AB846-E698-4522-B35D-1EB5CB93696C}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | 
"{1B1259E2-E42B-4593-A572-491AAC7AE2D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{354D1EB8-F913-4EA3-9177-DDDF8BB5DFF8}" = protocol=6 | dir=in | app=c:\program files\vs revo group\revo uninstaller\revouninstaller.exe | 
"{3B0E8F03-A284-4783-B85D-6B54A4FE1861}" = protocol=58 | dir=out | app=system | 
"{4753370D-C017-48E9-B5A0-6CCF8CA7D07E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C6A5940-7E62-4AF4-AD0B-3A57B89E8282}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe | 
"{4D291316-9307-42BC-8602-B7F7A25CE1E4}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{4FA47B15-E635-488E-A1F4-15CA02001887}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5C7A0B58-FB2F-40AF-A5FB-4AFC704DBFC5}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe | 
"{5F429EDA-F541-4420-8AAA-548A392D232E}" = protocol=58 | dir=out | app=system | 
"{654D7436-0CB2-42A7-96D8-750E1081EF1D}" = protocol=6 | dir=in | app=c:\users\btr\appdata\local\google\chrome\application\chrome.exe | 
"{6EE271E0-6C0D-48C2-BD54-1BBD115351DD}" = protocol=17 | dir=in | app=c:\program files\common files\pap7501\amcap.exe | 
"{7DA8AA81-2B00-47D6-AFA3-A280DF75A501}" = protocol=17 | dir=in | app=c:\users\btr\appdata\local\google\chrome\application\chrome.exe | 
"{8D1495B9-9661-4C5F-8743-2201D0E55DC3}" = protocol=6 | dir=in | app=c:\program files\common files\pap7501\amcap.exe | 
"{C02BC1AE-93D3-4D0C-AE37-DAF0842433FC}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe | 
"{C89C66B0-EF69-403D-B8FB-5EC2506AB43C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C924316E-3A79-49F8-907C-30C4DFBFEBC4}" = protocol=17 | dir=in | app=c:\program files\vs revo group\revo uninstaller\revouninstaller.exe | 
"{D73C50B6-EBAC-4BA4-9A3B-C8ED1D00C432}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DDDFE0EC-B43C-4453-975F-381DFB78CD8D}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe | 
"{DEDFB2F0-64AD-4D64-98E5-79B3F3D986B2}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0BEB28E4-E5EA-40DE-8982-1F13005DC08B}" = SlimDrivers
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2AD74810-E122-4D37-9CE8-EC4BF9A065CC}" = Drive Encryption for HP ProtectTools
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.14.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = USB2.0 PC Camera(0050.2010.0326.3015)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}" = Privatefirewall 7.0
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}" = General Module
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"DMX5_is1" = DriverMax 6
"EaseUS Todo Backup Free 4.5_is1" = EaseUS Todo Backup Free 4.5
"Glary Utilities_is1" = Glary Utilities 2.54.0.1759
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HitmanPro37" = HitmanPro 3.7
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Mouse Suite
"PDF Complete" = PDF Complete
"PROSetDX" = Intel® PRO Network Connections 12.1.14.1
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Smart Defrag 2_is1" = Smart Defrag 2
"TVUPlayer" = TVUPlayer 2.5.3.1
"Twins video to iPod-Zune-PSP-3GP_is1" = Twins video to iPod-Zune-PSP-3GP 1.1
"Veetle TV" = Veetle TV
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
Error encountered while reading event logs.
 
< End of report >
 
 
 

OTL logfile created on: 4/4/2013 8:07:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standard\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
993.55 Mb Total Physical Memory | 331.30 Mb Available Physical Memory | 33.34% Memory free
2.20 Gb Paging File | 1.28 Gb Available in Paging File | 58.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 62.98 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.55 Gb Free Space | 79.18% Space Free | Partition Type: NTFS
 
Computer Name: BTR-PC | User Name: btr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/04 19:59:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2013/03/07 07:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/14 22:16:42 | 003,011,400 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/07/25 16:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/07/12 02:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 01:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/10 08:03:00 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/06/07 23:38:14 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.EXE
PRC - [2007/06/07 23:38:10 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE
PRC - [2007/06/07 23:38:00 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.EXE
PRC - [2007/04/19 10:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\System32\IfxPsdSv.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/02/06 14:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [On_Demand | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/25 16:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 16:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/12 02:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/03 17:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/05/03 17:52:10 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2010/03/19 21:46:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 01:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/10 08:03:00 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/06/07 23:38:14 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.EXE -- (UNS)
SRV - [2007/06/07 23:38:10 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE -- (atchksrv)
SRV - [2007/06/07 23:38:00 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS)
SRV - [2007/04/19 10:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 14:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/06/22 13:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/03/07 07:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 07:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 07:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 07:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 07:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/07 07:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 07:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 07:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/12/25 19:08:42 | 000,128,672 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/14 18:02:29 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\btr\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
DRV - [2012/05/03 17:52:02 | 000,187,016 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2012/05/03 17:52:00 | 000,042,120 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2012/05/03 17:51:54 | 000,017,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2012/05/03 17:51:52 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/09/01 16:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/11/06 13:13:44 | 000,543,616 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2008/01/19 15:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/15 07:22:58 | 000,013,184 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/06/14 08:53:48 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/06/14 08:53:28 | 000,101,167 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/19 10:32:14 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/04/13 21:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/10 04:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2000/01/01 08:00:00 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HECI.sys -- (HECI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{334FD666-7544-4DC3-8FBC-45E94F5ADEE6}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\btr\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\btr\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/07 01:41:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\btr\AppData\Roaming\IDM\idmmzcc5 [2012/11/04 16:04:48 | 000,000,000 | ---D | M]
 
[2012/08/23 12:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\btr\AppData\Roaming\Mozilla\Extensions
[2012/08/23 12:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\btr\AppData\Roaming\Mozilla\Firefox\Profiles\7lfb5374.default\extensions
[2012/08/23 12:42:14 | 000,324,456 | ---- | M] () (No name found) -- C:\Users\btr\AppData\Roaming\Mozilla\Firefox\Profiles\7lfb5374.default\extensions\smarterwiki@wikiatic.com.xpi
[2012/08/23 12:42:14 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\btr\AppData\Roaming\Mozilla\Firefox\Profiles\7lfb5374.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/08/23 12:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/14 08:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 08:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\btr\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\btr\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\btr\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\btr\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: LastPass = C:\Users\btr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\btr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\btr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([1980/01/04 00:01:48 | 000,000,808 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       HPSystem # LMS GENERATED LINE
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswredemption.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: LastPass - file://C:\Users\Standard\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Standard\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a04cafab-87be-11e1-b2fb-001e0b674321}\Shell\AutoRun\command - "" = Get_Started_for_Win.exe
O33 - MountPoints2\{a40350ff-89cf-11e1-91d7-001e0b674321}\Shell\AutoRun\command - "" = F:\eksplozivna/naprava.exe
O33 - MountPoints2\{a40350ff-89cf-11e1-91d7-001e0b674321}\Shell\Explore\command - "" = F:\eksplozivna/naprava.exe
O33 - MountPoints2\{a40350ff-89cf-11e1-91d7-001e0b674321}\Shell\Open\command - "" = F:\eksplozivna/naprava.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: atchk - hkey= - key= - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= -  File not found
MsConfig - StartUpReg: CognizanceTS - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DriverMax - hkey= - key= - C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
MsConfig - StartUpReg: DriverMax_RESTART - hkey= - key= - C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\btr\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GUCI_AVS - hkey= - key= - C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: IFXSPMGT - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Mouse Suite 98 Daemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PACTray - hkey= - key= - C:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PTHOSTTR - hkey= - key= - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QuickPhrase - hkey= - key= -  File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= -  File not found
MsConfig - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/30 20:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/30 20:31:50 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/30 20:31:50 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/30 20:31:46 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/03/30 20:31:45 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/30 20:31:42 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/30 20:31:39 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/30 20:31:39 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/30 20:30:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/22 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\btr\Documents\ProcAlyzer Dumps
[2013/03/22 11:57:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/22 11:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/22 11:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/03/22 11:26:29 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/03/22 11:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/03/22 00:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/22 00:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/22 00:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/21 18:50:53 | 000,000,000 | ---D | C] -- C:\Users\btr\AppData\Roaming\Anvisoft
[2013/03/21 18:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/21 14:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(134)
[2013/03/21 14:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(135)
[2013/03/21 14:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(158)
[2013/03/19 09:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/19 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/03/18 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/17 13:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/17 13:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/29 23:21:53 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 19:38:39 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/04 19:38:38 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/04/04 19:38:19 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:38:19 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:38:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 19:38:10 | 1040,539,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 05:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-605743712-3638706204-95004801-1000UA.job
[2013/04/04 05:19:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-605743712-3638706204-95004801-1003UA.job
[2013/04/01 09:27:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-605743712-3638706204-95004801-1000Core.job
[2013/04/01 07:19:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-605743712-3638706204-95004801-1003Core.job
[2013/03/31 12:00:15 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/03/30 20:31:51 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/30 20:31:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/26 11:30:38 | 000,000,863 | ---- | M] () -- C:\Users\btr\Desktop\Glary Utilities.lnk
[2013/03/24 23:23:56 | 000,000,049 | ---- | M] () -- C:\Users\btr\Desktop\AnviSoft.url
[2013/03/24 16:12:11 | 000,002,034 | ---- | M] () -- C:\Users\btr\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/24 11:06:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/24 11:06:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/24 10:35:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/24 02:11:14 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013/03/22 19:47:57 | 000,000,891 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/22 18:14:12 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/22 18:14:12 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/03/22 11:26:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/22 00:27:56 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/21 13:13:16 | 000,000,824 | ---- | M] () -- C:\Users\btr\Documents\ccleaner reg back up.reg
[2013/03/21 13:10:21 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/20 22:27:00 | 000,000,098 | ---- | M] () -- C:\index.ini
[2013/03/18 07:53:11 | 000,869,376 | ---- | M] () -- C:\Windows\is-V5090.exe
[2013/03/18 07:53:11 | 000,010,513 | ---- | M] () -- C:\Windows\is-V5090.msg
[2013/03/18 07:53:11 | 000,000,303 | ---- | M] () -- C:\Windows\is-V5090.lst
[2013/03/17 13:07:27 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/07 07:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/07 07:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/07 07:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/07 07:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/07 07:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/03/07 07:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/07 07:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/07 07:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/07 07:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/07 07:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2013/03/30 20:31:51 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/24 23:23:56 | 000,000,049 | ---- | C] () -- C:\Users\btr\Desktop\AnviSoft.url
[2013/03/24 02:10:47 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013/03/23 08:41:01 | 1040,539,648 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/22 19:45:47 | 000,000,891 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/22 11:27:15 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/03/22 11:27:14 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/22 11:27:12 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/22 11:26:41 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/03/22 11:26:41 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/22 00:27:56 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/21 13:13:13 | 000,000,824 | ---- | C] () -- C:\Users\btr\Documents\ccleaner reg back up.reg
[2013/03/21 11:08:32 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/21 11:08:30 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/20 22:27:00 | 000,000,098 | ---- | C] () -- C:\index.ini
[2013/03/18 07:53:11 | 000,869,376 | ---- | C] () -- C:\Windows\is-V5090.exe
[2013/03/18 07:53:11 | 000,010,513 | ---- | C] () -- C:\Windows\is-V5090.msg
[2013/03/18 07:53:11 | 000,000,303 | ---- | C] () -- C:\Windows\is-V5090.lst
[2013/03/17 13:07:27 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/22 15:27:08 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2012/10/01 22:16:29 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/09/16 16:34:54 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/16 16:34:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/09/16 16:32:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/09/16 11:07:27 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2012/09/16 11:07:27 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2012/09/15 18:21:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/08/13 11:41:05 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/04/25 18:32:27 | 000,000,024 | ---- | C] () -- C:\Users\btr\AppData\Roaming\MyPhrases.dta
[2012/04/05 00:09:09 | 000,002,157 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
[2011/11/03 21:25:48 | 000,000,680 | ---- | C] () -- C:\Users\btr\AppData\Local\d3d9caps.dat
[2011/10/13 07:17:38 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/23 19:14:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\CMDRedirect.dll
[2011/08/16 20:02:19 | 000,045,568 | ---- | C] () -- C:\Users\btr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/10 15:58:20 | 000,000,494 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/10 00:58:49 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2011/08/10 00:58:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 20:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/03/21 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\Anvisoft
[2012/07/08 11:26:50 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\AVG
[1980/01/04 02:08:47 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\AVG2012
[2011/11/29 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\Big Fish Games
[2012/09/18 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\CheckPoint
[2012/07/22 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\DMCache
[2012/06/01 23:33:35 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\Driver Pro
[2013/03/26 11:30:32 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\GlarySoft
[2012/11/04 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\IDM
[2011/08/09 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\Infineon
[2012/10/01 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\IObit
[2012/12/22 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\MechCAD
[2011/09/04 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\PopCapv1005eni
[2012/09/26 22:51:58 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\SystemRequirementsLab
[2011/09/23 19:14:56 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\Twins Software
[2012/09/27 08:11:03 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\TypingMaster7
[2012/09/26 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/03/31 15:43:45 | 000,000,000 | -H-D | M] -- C:\$AVG
[2013/03/22 20:31:40 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/09/16 16:54:23 | 000,000,000 | ---D | M] -- C:\b6867b10764af971f3812dee886666
[2013/03/31 12:26:03 | 000,000,000 | -HSD | M] -- C:\boot
[2012/10/07 23:26:20 | 000,000,000 | ---D | M] -- C:\cce_linux
[2012/06/02 20:29:44 | 000,000,000 | ---D | M] -- C:\Converted Video Files
[2006/11/02 21:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/23 19:06:34 | 000,000,000 | ---D | M] -- C:\extensions
[2011/08/10 01:56:26 | 000,000,000 | -H-D | M] -- C:\hp
[2012/10/01 00:07:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012/06/04 20:03:51 | 000,000,000 | ---D | M] -- C:\jelo doc
[2013/03/31 15:43:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/03/31 15:43:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/03/31 15:43:48 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/09/30 22:00:22 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/09/26 23:14:33 | 000,000,000 | ---D | M] -- C:\System backup 9-26-2012 11-13 PM
[2013/04/02 18:13:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/26 21:45:08 | 000,000,000 | -H-D | M] -- C:\system.sav
[2013/03/31 13:16:51 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2012/09/16 22:12:29 | 000,000,000 | R--D | M] -- C:\Users
[2013/03/30 20:30:48 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2013/04/01 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\btr\AppData\Local\Temp
 
< MD5 for: SERVICES.EXE  >
[2008/01/19 15:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 17:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: USER32.DLL  >
[2011/10/02 12:57:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/11 14:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\System32\user32.dll
[2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2011/10/02 12:57:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 15:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 17:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< End of report >
 
 
Will download Gmer now. Will paste results in next post.
 
 


#8 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 04 April 2013 - 08:04 AM

HI Daniel,

 

The Gmer link won't open. 

 

 

 

This webpage is not available

The connection to gmer.net was interrupted.
Here are some suggestions:
  • Reload this webpage later.
  • Check your Internet connection. Restart any router, modem, or other network devices you may be using.
  • Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
  • If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the Chrome menu >Settings > Show advanced settings... > Change proxy settings... > LAN Settings and deselect the "Use a proxy server for your LAN" checkbox.
Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.

 

 

I thought of downloading it from your other pages - Virus removal section on your dashboard but the page won't also open. It just keeps on loading.. I'll just try again tomorrow. By the way, I work in the day so I can only see your posts and reply to them at night when I get home.

 

Thank you so much for your assistance! 


Edited by Mike2015, 04 April 2013 - 09:27 AM.


#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 04 April 2013 - 09:58 AM

Didnot work for me either. Please go here http://www.gmer.net/#files and click on the "Download Exe" button.

Run Gmer as instructed above.

 

 

I work in the day so I can only see your posts and reply to them at night when I get home.

Depends on which kind of timezone you live :)

 

 

I see some suspecious entries in your OTL log. Please do not connect anykind of Flashdrives to your PC for the moment.


Edited by Larusso, 04 April 2013 - 10:00 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 06 April 2013 - 05:35 AM

HI Daniel,

 

I'm sorry I was not able to post yesterday. I forgot to tell you that I'm a 7th Day Adventist Christian so we keep Saturday (Sabbath) as Holy according to the Ten Commandments of God. It starts from Friday sundown and ends at Saturday sundown.

 

Anyways, going back to our malware mission  :) . Oh there has been some problems. First after I scanned with Gmer, my google chrome extensions crashed - Avast web rep, Ghostery and my Last Pass extension. It wouldn't function anymore. And I can't even log in to bleepingcomputer.com. I think the Google chrome itself crashed. It was yesterday, Fri morning before I went to work. So I just left it.

 

When I came home from work there was another problem. My 9 yr old niece who arrive to spend her summer vacation with us, tried to open my computer. However, she didn't plug in the other plug (the one with the adaptor, I really don't know what that is called). She just turned on the computer and it was still on when I got home. So what happened is that during boot, there was a prompt for -  a start up repair (recommended), or to start windows normally. I tried to start normally but it just keeps loading and won't reached the welcome screen. So i tried the start up repair and it turned out that it will do a system restore.

 

So the system restored to April 2 (scheduled checkpoint) and everything went back to normal. Well, except that my privatefirewall crashed after the restore. It's no longer functioning, so I'm just using the windows firewall now. I don't want to uninstall the privatefirewall and download a new one because you said not to change anything. But I'm sorry about the system restore. By the way my system restore is again setting daily restore checkpoints.      

 

We can start all over if you want. Hope you're not too busy.. 

 

Okay pasting the Gmer results below: 

 

 

 

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Show All (don't miss this one)

By the way, the Show All was not checked at all so I no longer did anything.

 

 

 

 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-05 07:22:14
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9160823AS rev.3.BHD 149.05GB
Running: lveh956s.exe; Driver: C:\Users\btr\AppData\Local\Temp\uwldqpow.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAddBootEntry [0x8CA2659C]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwAdjustPrivilegesToken [0x83B873F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwAllocateVirtualMemory [0x8D283388]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAssignProcessToJobObject [0x8CA2702E]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwConnectPort [0x83B8A770]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEvent [0x8CA327F2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEventPair [0x8CA3283E]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreateFile [0x83B899F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateIoCompletion [0x8CA329D8]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreateKey [0x83B87080]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateMutant [0x8CA32760]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreatePort [0x83B8AAC0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateSection [0x8D283720]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateSemaphore [0x8CA327A8]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreateSymbolicLinkObject [0x83B89F80]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreateThread [0x83B8ADC0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateTimer [0x8CA32992]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwDebugActiveProcess [0x83B86B50]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDeleteBootEntry [0x8CA26602]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwDeleteKey [0x83B89270]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwDeleteValueKey [0x83B893D0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDuplicateObject [0x8CA2B5C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwFreeVirtualMemory [0x8D283450]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwLoadDriver [0x8D2819B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwModifyBootEntry [0x8CA26668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeKey [0x8CA2B98C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeMultipleKeys [0x8CA28874]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEvent [0x8CA3281C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEventPair [0x8CA32860]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwOpenFile [0x83B89CF0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenIoCompletion [0x8CA329FC]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwOpenKey [0x83B86E80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenMutant [0x8CA32786]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwOpenProcess [0x83B89590]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwOpenSection [0x83B866A0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenSemaphore [0x8CA327D0]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwOpenThread [0x83B872A0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenTimer [0x8CA329B6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwProtectVirtualMemory [0x8D2835B0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueryObject [0x8CA28740]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueueApcThread [0x8CA28296]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwResumeThread [0x83B8A250]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwSecureConnectPort [0x83B8A910]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootEntryOrder [0x8CA266CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootOptions [0x8CA26734]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetContextThread [0x8CA27C5E]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwSetInformationFile [0x83B8A0A0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemInformation [0x8CA26284]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemPowerState [0x8CA2645A]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwSetValueKey [0x83B890A0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwShutdownSystem [0x8CA263E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendProcess [0x8CA27FAE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendThread [0x8CA28110]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSystemDebugControl [0x8CA264E2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwTerminateProcess [0x8D283678]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwTerminateThread [0x83B898D0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwUnloadDriver [0x8D2819E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwVdmControl [0x8CA2679A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwWriteVirtualMemory [0x8D2834FC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateThreadEx [0x8CA27748]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)                 ZwCreateUserProcess [0x83B8A300]
 
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x8D29CBA0]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                 EUBKMON.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                 EUBKMON.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                              pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
 
---- EOF - GMER 2.1 ----
 

 

It's 6:32 PM right now here in my country. Perhaps I can wait for you to be online now. I'll continue to be online. Thanks Daniel!



#11 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 06 April 2013 - 12:43 PM

Hy there and sorry, I was very busy ( As always on weekends for DJs :D )


Let check your system with another tool. First of all, I want to see if something with your MBR is wrong as Spybot says
( I doubt that spybot would be able to detect this kind of infection ;) )



Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#12 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 06 April 2013 - 06:27 PM

Hi Daniel,

 

I fell asleep at around midnight. What's a DJ? You're a part time Disk Jockey? That sounds fun.. :) 

 

Ok thanks for pushing on with our problem (or my problem). I would need to buy a new flash drive. It's suppose to be empty right? I could

probably post by tomorrow still. By the way, I'm thinking maybe I could download a new privatefirewall now (by privacyware)..

 

Ok thanks Daniel! 



#13 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 07 April 2013 - 07:55 AM

It's suppose to be empty right?

It is not really needed to be empty. As long as you dont put the file in a folder on your flashdrive, it will be ok :)

You're a part time Disk Jockey?

yes, and sometimes it can be a hard, time expensive work ;)
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#14 Mike2015

Mike2015
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 08 April 2013 - 06:21 AM

Hi Daniel,

 

Command prompt said that frst64 is not compatible with the version that I'm using. 

I checked mine and it's 32 bit. 

 

By the way I checked out your profile and visited your website - then listened quite a bit to your music mix,

and what can I say - yeah Reggae is cool - not loud  - but easy to listen to :).


Edited by Mike2015, 08 April 2013 - 06:27 AM.


#15 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:33 AM

Posted 08 April 2013 - 10:04 AM

and what can I say - yeah Reggae is cool - not loud - but easy to listen to

You have no idea whats going on on a Dancehall party :D


Sorry for my mistake. Might was a little bit tired.

Please download the 32bit version from here --> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

In the commandline type X:\frst
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users